NoAuth

Decision objective

Use a strategy that matches your runtime constraints:

1. low friction local development,
2. stable single host production,
3. distributed runtime with shared session persistence.

The three strategies

NoAuth

No persistent session. Every restart requires a new login.

Best for:

1. quick experiments,
2. temporary testing,
3. disposable local runs.

LocalAuth

Persists session data in local filesystem, by default under .wwebjs_auth.

Best for:

1. local development,
2. single machine servers with persistent storage,
3. simple production topology.

RemoteAuth

Persists session data through a store adapter in remote storage.

Best for:

1. containers and ephemeral hosts,
2. multi instance deployments,
3. central session management.

Decision logic

1. If filesystem is not durable, use RemoteAuth.
2. If you run one persistent machine, use LocalAuth.
3. If you only test quickly, use NoAuth.

Minimal examples

NoAuth

const { Client, NoAuth } = require('whatsapp-web.js')

const client = new Client({
  authStrategy: new NoAuth(),
})

client.initialize()

LocalAuth

const { Client, LocalAuth } = require('whatsapp-web.js')

const client = new Client({
  authStrategy: new LocalAuth({
    clientId: 'main',
  }),
})

client.initialize()

RemoteAuth

const { Client, RemoteAuth } = require('whatsapp-web.js')
const { MongoStore } = require('wwebjs-mongo')
const mongoose = require('mongoose')

async function main() {
  await mongoose.connect(process.env.MONGODB_URI)

  const client = new Client({
    authStrategy: new RemoteAuth({
      store: new MongoStore({ mongoose }),
      clientId: 'main',
      backupSyncIntervalMs: 300000,
    }),
  })

  client.initialize()
}

main()

Events you should always track

1. qr
2. authenticated
3. auth_failure
4. ready
5. disconnected
6. for remote auth, also remote_session_saved

Without these signals, incident analysis becomes difficult.