=== LoginWA OTP ===
Contributors: loginwa
Tags: otp, whatsapp, login, passwordless, sms
Requires at least: 5.8
Tested up to: 6.9
Stable tag: 0.1.6
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

OTP login/verification via LoginWA. Provides Gutenberg blocks and shortcodes to build a WhatsApp-based OTP login page.

== Description ==
LoginWA OTP lets you add passwordless OTP login using your LoginWA account. Includes customizable UI, country dropdown with flags, and drag-and-drop builder.

* OTP via LoginWA API (Bearer secret)
* Shortcodes: [loginwa_otp_login], [loginwa_otp_form]
* Gutenberg blocks: LoginWA OTP Login, LoginWA OTP Builder (Hero + Form child blocks)
* Appearance controls: layout split/stacked, backgrounds, accent, logo, badge, hints, gap/padding, theme light/dark/auto
* Country dropdown with flags and preferred countries
* Uses the LoginWA cloud API (`https://api.loginwa.com/api/v1/auth/start` and `/verify`) to send and validate OTP. Phone number, country code, OTP length, and your API secret are sent to that service. Using this plugin means you accept LoginWA’s terms and privacy policy at https://loginwa.com/terms and https://loginwa.com/privacy.

== External services ==

This plugin connects to the LoginWA API to send and verify OTP over WhatsApp.

* **Service**: LoginWA API (`https://api.loginwa.com/api/v1/auth/start` and `/verify`)
* **What is sent**: phone number, optional country code, OTP length, optional OTP message template, and OTP session_id/OTP code on verify. Requests are authenticated with your LoginWA API secret.
* **Why**: to deliver and validate OTP messages via WhatsApp.
* **Terms/Privacy**: https://loginwa.com/terms and https://loginwa.com/privacy.

== Installation ==
1. Upload the plugin folder to `/wp-content/plugins/` or upload the ZIP via Plugins → Add New.
2. Activate the plugin.
3. Go to Settings → LoginWA OTP, enter your API Key and Secret from loginwa.com, set defaults.
4. Add a page and insert the “LoginWA OTP Login” block or “LoginWA OTP Builder”, or use `[loginwa_otp_login]` shortcode.

== Frequently Asked Questions ==
= What credentials are needed? =
API Key and Secret from your LoginWA dashboard (Apps & API Keys).

= What data is sent to LoginWA? =
When sending or verifying an OTP, the plugin posts the phone number, country code, OTP length, and (optionally) your custom OTP message template to `https://api.loginwa.com/api/v1/auth/start`, and the OTP code plus session ID to `/verify`, authenticated with your LoginWA API secret. No other site data is sent.

= Does it enforce login site-wide? =
You can enable “Force login for site visitors” in settings.

== Changelog ==
= 0.1.6 =
* Enqueue admin CSS/JS via WordPress hooks (no inline tags in settings page).
* Clarify external service usage with terms & privacy links in readme.
* Bump version.

= 0.1.5 =
* Version bump for deployment.

= 0.1.4 =
* Add explicit GPL-2.0-or-later header and remove deprecated load_plugin_textdomain call (WP.org auto-loads translations).
* Update Tested up to: 6.9; bump asset versions.

= 0.1.3 =
* Localize user-facing strings (PHP/JS) and load translations; set script translations for blocks.
* Nonce action dedicated (`loginwa-otp`) and REST permission callback retained.
* Bump asset versions for cache bust.

= 0.1.2 =
* Add REST nonce validation for OTP send/verify endpoints.
* Align text domain to `loginwa-otp` and declare license headers.
* Document external API usage and data sent.

= 0.1.1 =
* Initial release with OTP login blocks, country dropdown, builder, and appearance controls.

== Upgrade Notice ==
= 0.1.4 =
Set license header, remove deprecated textdomain loader, update Tested up to 6.9.
