API Reference

What is OTP?

OTP (One-Time Password) is a security mechanism that generates a unique, temporary code for user authentication and verification. Our OTP API provides a reliable and secure way to verify phone numbers through SMS or WhatsApp messages.

πŸ” Key Features

  • Multi-Channel Delivery: Send OTPs via SMS or WhatsApp
  • Customizable Templates: Use predefined templates or create custom message formats
  • Rate Limiting: Built-in protection against abuse and spam
  • Real-time Verification: Instant code verification with detailed response codes
  • Comprehensive Logging: Track all OTP activities for audit and analytics

πŸš€ How It Works

  1. Send OTP: Request an OTP to be sent to a recipient's phone number
  2. Receive Code: User receives the verification code via SMS or WhatsApp
  3. Verify Code: Submit the received code for verification
  4. Get Result: Receive confirmation of successful verification

πŸ“‹ Common Use Cases

  • Account Registration: Verify new user phone numbers during signup
  • Login Security: Two-factor authentication for secure login
  • Password Reset: Verify identity before allowing password changes
  • Transaction Confirmation: Confirm sensitive operations like payments
  • Phone Number Updates: Verify new phone numbers before updating profiles

πŸ”‘ Authentication Methods

Our OTP API supports multiple authentication methods:

  • API Keys: Use X-API-Key and X-API-Secret headers
  • Basic Auth: Standard username:password authentication
  • Bearer Token: JWT or base64 encoded credentials

🎯 Getting Started

To start using our OTP API:

  1. Get Your Credentials: Obtain your API keys from the dashboard
  2. Choose Your App ID: Configure your application settings
  3. Send Your First OTP: Use the /otp/send endpoint
  4. Verify the Code: Use the /otp/verify endpoint

πŸ“– Available Endpoints

Core Endpoints

  • POST /otp/send - Send OTP to recipient
  • POST /otp/verify - Verify OTP code
  • POST /otp/resend - Resend OTP

Management Endpoints

  • GET /otp/status - Check OTP status
  • GET /otp/list - List OTPs with filters
  • GET /otp/logs - View activity logs
  • GET /otp/rate-limits - Check rate limiting status
  • GET /otp/attempts - View verification attempts
  • GET /otp/reports - Generate usage reports

πŸ’‘ Best Practices

  • Secure Storage: Never store OTP codes in logs or databases
  • Expiration: Set appropriate expiration times (5-15 minutes recommended)
  • Rate Limiting: Implement client-side rate limiting to avoid API limits
  • Error Handling: Always handle different error scenarios gracefully
  • User Experience: Provide clear instructions and error messages to users

πŸ”§ Example Usage

Send OTP

POST /otp/send
{
  "appid": "your_app_id",
  "recipient": "+5511999888777",
  "channel": "sms",
  "from": "YourApp"
}

Verify OTP

POST /otp/verify
{
  "appid": "your_app_id",
  "recipient": "+5511999888777", // optional
  "otp_code": "123456",
  "verification_id": "otp_67890abcdef12345"
}