I'm trying to implement WhatsApp for Business Embedded Signup for our clients to be able to automate sending messages to their customers via their WhatsApp for Business Account (WABA).

My intended role is "Tech Provider".

I'm working on my local environment, and when trying to connect to WhatsApp via the Embedded Signup - I get the error that means:

Meta does not allow requests from HTTP, only HTTPS.

I want to know what is the best practice to solve this issue.

from what I saw I have some options, such as:

1. create a secure tunnel using VS Code Dev Tunnels and making meta to know about this new secure URL.

2. using ngrok with a free domain

3. making my whole localhost to be HTTPS and not HTTP by adding an SSL certificate

the 2 first solutions are good, but not perfect. because it means that if we want to test the WhatsApp from localhost - we must run a separate command, and the flow isn't natural

solution 3 might work, but also can break the app and the development flow - because now we need to manage certificate to our app. also - it will fail with the Insecure App error in the browser when:
we run it at first time, if we change the port, if we clean the browser cache

so all those solutions might work - but are not good enough. especially if we want this code to be shared by the whole team and we don't want to break the current working flow.

so I'm asking what are the best practices to solve this issue. one of those or something else?