7 non-obvious gotchas building a production WhatsApp + AI workflow in n8n
Spent the last few months running a WhatsApp AI auto-reply on self-hosted n8n + WAHA + OpenAI for a small business. Sharing the non-obvious stuff that ate the most time.
- WhatsApp's LID addressing silently breaks replies.
Inbound messages now arrive with from: "<lid>@lid" where the LID is not the customer's phone number. Reply to it and the message goes into the void. The real phone sits in payload._data.key.remoteJidAlt. Parse node has to check for the u/lid suffix and fall back to remoteJidAlt before stripping. Cost me a weekend of "why is the bot ignoring half the customers."
- WAHA redelivers webhooks on flaky networks.
I started getting duplicate replies. Fixed with a small processed_msgs table and INSERT ... ON CONFLICT DO NOTHING against the message ID. Auto-cleanup after 1 hour.
- Don't let the LLM invent prices.
The model will confidently quote "$249" for something you charge $129 for. I keep a knowledge table (question/answer) with pg_trgm fuzzy match on the customer's message, and inject matched rows into the system prompt as "USE THESE EXACTLY." The prompt also computes with-tax totals so it can say "$129 plus tax, about $139 out the door."
- Business-hours math is harder than it sounds.
"Can I come at 6:55?" when you close at 7 means "yes but it won't be ready today." I encoded close-time + service-duration logic into the system prompt rather than hardcoding replies — keeps the language natural.
- Conversation memory has to be cheap.
Pulling the last 10 messages into a single Postgres json_agg query keeps round-trip under 30ms. Don't loop n8n nodes for this — one query, hand the result to the prompt builder.
- Have a fallback reply.
When OpenAI returns 429 or 500, send a configurable fallback message instead of going silent, and flag the owner notification so a human follows up. continueOnFail: true on the LLM node is doing a lot of work.
- HMAC-verify your webhook.
WAHA signs every outbound webhook with HMAC-SHA512 if you set WHATSAPP_HOOK_HMAC_KEY. 10 minutes to add a Code node with constant-time comparison and throw on mismatch. Cheap insurance.
Total cost: ~$0.30 per 1,000 messages on gpt-4o-mini. Everything else free if self-hosted.
Happy to answer questions in the comments — half of n8n is figuring out which abstractions are worth building.