How to connect WhatsApp to Kommo in 2026: official or a "gray" number — and how not to get banned

In 2026 WhatsApp connects to Kommo two ways: officially (through the Cloud API) or through a "gray" personal number. The choice between them comes down to one question — will you message customers first (broadcasts) or only reply to people who reached out themselves? That decides both the method and the risk of a block.

Connecting a personal number via QR (WhatsApp Lite, which was a Kommo feature) the way people did for years is now retired in the native integration. Below: how the official path differs from "gray," in plain language; the mechanics of a ban (why one business gets blocked in a day while another runs fine on a "gray" number for years); and how to choose for your case.

What changed in 2026: WhatsApp Lite is gone

WhatsApp used to connect in two clicks: you scanned the QR of regular WhatsApp and the chat dropped into the CRM. Free, no verifications. In Kommo this was called WhatsApp Lite.

That has been retired, and everyone is being moved to the official Meta Cloud API. "Connect WhatsApp for free via QR" is no longer possible in the native integration — a personal number via QR is connected today only through a third-party provider. But "via a provider" does not equal "guaranteed ban": a ban depends not on the method, but on what you do with the number.

Ban mechanics: why Meta blocks a number

WhatsApp blocks numbers based on people's complaints, not for the fact of connecting to a CRM. The mechanics are simple:

1. A business sent a message to someone who was not expecting it.
2. The person hit "Block and report."
3. 2-3 such complaints pile up in a short window — and the number is blocked instantly.

The takeaway that changes everything: you can only report an outbound message the person did not expect. When a customer messages you first and you reply in the thread, there is nothing to report. No complaints, no ban. That is why a "gray" number runs for years on inbound traffic without trouble, and the risk appears the moment a business starts messaging strangers first.

The official path — Cloud API (with phone or without)

Cloud API is the official connection from Meta. Only here are legal broadcasts to a base possible. The one thing everyone gets confused by: this connection has two variants, and the difference is exactly one — will WhatsApp stay on your phone.

The "with phone" variant (coexistence — a Kommo mode). The number keeps living in the WhatsApp app on the phone, as it does now. You chat from the phone the way you are used to, and the CRM connects on top and simply sees every conversation: it stores history, lets several managers reply, and turns on automation. What you answer yourself from the phone is free; you pay only for what automation sends. For a small business where the owner is in the chat personally, this is the gentlest option: nothing changes in the habit.

The "without phone" variant (the classic Cloud API). The number moves entirely "into the system" (Meta's cloud plus the CRM). You can no longer open that WhatsApp on the phone — all chat goes only through the CRM. This is for a team that replies from computers and where nobody picks up a handset on that number.

Both variants are official and safe. What you need to connect:

• A Meta Business account (ideally verified).
• A business name for display — Meta reviews it.
• For the "without phone" variant, a number free of WhatsApp on the phone (for "with phone," the phone stays, on the contrary).

The flow in Kommo: connect WhatsApp Business → link the Meta Business account → choose the variant (with phone / without) → enter the number and name → pass moderation → the number is in the pipeline. The rest, step by step, is in a separate guide (link at the end).

A "gray" number via a provider — for inbound chat

If a customer has a personal number, is not ready to part with the app, and does not need broadcasts, connecting through a third-party provider (Wazzup, Radist, Whatcrm and others in the "WhatsApp providers" section) is often more sensible than the official API. Technically it is scanning the QR of regular WhatsApp.

The honest advantage over Cloud API:

• No 24-hour window and no templates. You message the customer whenever you want and whatever you want, like in regular WhatsApp. For live chat it is handier and there is no fee for every conversation you start.
• Cheaper and faster to connect — no Meta Business verification and no template moderation.

Where the risk is, no sugar-coating: a "gray" connection is against Meta's rules, and on broadcasts to strangers it gets banned fast (by the mechanics above). The rule is simple:

• A business only replies to inbound (support, requests from the site and ads, people who messaged first) → a "gray" number runs with minimal risk, for years.
• A business needs broadcasts to a cold base → Cloud API only, otherwise a ban is a matter of days.

An integrator has to spell this out: not "gray is bad," but "gray is for inbound, broadcasts go on Cloud API." Putting a customer on broadcasts from a "gray" number without a word sets up both them and yourself.

In the same category is AnyLinga: a connector that links WhatsApp (currently via QR, that is, the same "for inbound" scenario) and on top of it translates conversations in real time — the manager writes in their own language, the customer reads in theirs, and vice versa. For inbound multilingual chat this closes both the channel and the language barrier at once, with no 24-hour window. Official connection via Cloud API is on AnyLinga's roadmap and will arrive later. Translation here is not auto-replies and not a bot, but the actual translation of the conversation.

The 24-hour window is about Cloud API, not "gray"

On Cloud API there are Meta rules the customer does not know about in advance (they apply to what the CRM and automation send):

• The 24-hour window. You can message a customer in free-form text only within 24 hours of their last message. Outside the window — not allowed.
• Start only with a template. To message first or outside the window, you need a pre-approved paid template.
• Opt-in. The customer must agree to receive messages; broadcasting without consent leads to complaints.

In the "with phone" variant, what you type by hand from the phone is not limited by this window — it is regular WhatsApp. The limit applies to automated and outbound messages through the CRM. On a "gray" number there is no window and no templates at all — that is its convenience, and that is exactly why broadcasts do not belong there.

Instagram and Facebook — into the same pipeline

At the same step, Instagram Direct and Facebook Messenger hook into Kommo — the chat drops into the same pipeline and the same deals. For a business that also sells on social, this closes the channels in one window.

Where this ends and the bot begins

Connecting WhatsApp is the channel. After that comes automation: auto-replies, scripts, an AI bot. Since January 15, 2026, Meta has had restrictions on general-purpose AI bots in the WhatsApp Business API — a separate topic with its own rules. We do not touch it here: how to set up a bot that does not break Meta's rules is in a separate guide.

Common mistakes when connecting

• Promising a customer "free WhatsApp via QR" — that no longer exists in the native integration.
• Running broadcasts on a "gray" number — an almost guaranteed ban.
• Assuming a "gray" connection gets banned on its own, and overpaying for Cloud API where the flow is inbound only.
• Connecting the classic Cloud API on a number already logged into WhatsApp on a phone (you need either a free number or the "with phone" variant).
• Not spelling out the 24-hour window and templates on Cloud API to the customer.

WhatsApp is connected — customers are messaging. The next question: how fast do managers reply to the first message, and do requests slip through? First-touch speed strongly affects conversion, so it gets its own control (SLA), and inbound gets distributed to whoever is actually on the line.