OTP (One-Time Password) is a security mechanism that generates a unique, temporary code for user authentication and verification. Our OTP API provides a reliable and secure way to verify phone numbers through SMS or WhatsApp messages.
π Key Features
- Multi-Channel Delivery: Send OTPs via SMS or WhatsApp
- Customizable Templates: Use predefined templates or create custom message formats
- Rate Limiting: Built-in protection against abuse and spam
- Real-time Verification: Instant code verification with detailed response codes
- Comprehensive Logging: Track all OTP activities for audit and analytics
π How It Works
- Send OTP: Request an OTP to be sent to a recipient's phone number
- Receive Code: User receives the verification code via SMS or WhatsApp
- Verify Code: Submit the received code for verification
- Get Result: Receive confirmation of successful verification
π Common Use Cases
- Account Registration: Verify new user phone numbers during signup
- Login Security: Two-factor authentication for secure login
- Password Reset: Verify identity before allowing password changes
- Transaction Confirmation: Confirm sensitive operations like payments
- Phone Number Updates: Verify new phone numbers before updating profiles
π Authentication Methods
Our OTP API supports multiple authentication methods:
- API Keys: Use
X-API-Key
andX-API-Secret
headers - Basic Auth: Standard username:password authentication
- Bearer Token: JWT or base64 encoded credentials
π― Getting Started
To start using our OTP API:
- Get Your Credentials: Obtain your API keys from the dashboard
- Choose Your App ID: Configure your application settings
- Send Your First OTP: Use the
/otp/send
endpoint - Verify the Code: Use the
/otp/verify
endpoint
π Available Endpoints
Core Endpoints
POST /otp/send
- Send OTP to recipientPOST /otp/verify
- Verify OTP codePOST /otp/resend
- Resend OTP
Management Endpoints
GET /otp/status
- Check OTP statusGET /otp/list
- List OTPs with filtersGET /otp/logs
- View activity logsGET /otp/rate-limits
- Check rate limiting statusGET /otp/attempts
- View verification attemptsGET /otp/reports
- Generate usage reports
π‘ Best Practices
- Secure Storage: Never store OTP codes in logs or databases
- Expiration: Set appropriate expiration times (5-15 minutes recommended)
- Rate Limiting: Implement client-side rate limiting to avoid API limits
- Error Handling: Always handle different error scenarios gracefully
- User Experience: Provide clear instructions and error messages to users
π§ Example Usage
Send OTP
POST /otp/send
{
"appid": "your_app_id",
"recipient": "+5511999888777",
"channel": "sms",
"from": "YourApp"
}
Verify OTP
POST /otp/verify
{
"appid": "your_app_id",
"recipient": "+5511999888777", // optional
"otp_code": "123456",
"verification_id": "otp_67890abcdef12345"
}