GetOTP Documentation

SMS OTP

The SMS OTP allows you to perform OTP via SMS.

Request for SMS OTP API

To request for SMS OTP, make a POST request to our OTP endpoint. Take note that our OTP endpoint ends with a trailing slash:

https://otp.dev/api/verify/

With the following Basic HTTP verification method:

Description Required Data Type Example
Your API Key Yes String mtbi2w4hlendfpxa1igthcu5p6mzxf7k

Note

With the following parameters:

Name Description Required Data Type Example
channel Channel for delivering OTP Yes String sms
sender Name or number that appears as the sender of an SMS message Yes String GetOTP
phone The user mobile phone number (with country code) Yes String 60123456789
template The template ID for the OTP SMS message Yes UUID 6d16aa9d-bf19-4141-8169-48b46d972fc6
code_length The length of the code, which falls within the range of 4 to 8 characters. At least one of the following is required: 'code_length' or 'code'. No Number 4
code The 'code' field accepts only digits and must be between 4 to 8 characters in length. At least one of the following is required: 'code_length' or 'code'. No String 1234
payload Additional info that will be sent back to the client through the Webhook URL. No String
For JSON object, convert into JSON string.
{\"order_id\":\"xfdu48sfdjsdf\", \"agent_id\":2258}

Note

Notes on the phone parameter:

  • You must provide a phone number as digits without spaces or special characters, beginning with the country dialing code.
  • Examples

    Below is an example request using cURL:

    curl --request POST \
         --url https://otp.dev/api/verify/ \
         --header 'X-OTP-Key: {YOUR_API_KEY}' \
         --header 'accept: application/json' \
         --header 'content-type: application/json' \
         --data '
    {
      "data": {
        "channel": "sms",
        "sender": "GetOTP",
        "phone": "60123456789",
        "template": "6d16aa9d-bf19-4141-8169-48b46d972fc6",
        "code_length": 4
      }
    }
    '

    The response would be a JSON structure, returned with HTTP 200 Code status code:

    {
      "account_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "message_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "phone": "60123456789",
      "create_date": "2025-08-18T06:28:58.962Z",
      "expire_date": "2025-08-18T06:28:58.962Z"
    }

    Response data details:

    Name Description Data Type Example
    account_id The unique identifier of the account String 3fa85f64-5717-4562-b3fc-2c963f66afa6
    message_id The unique identifier of the message String 3fa85f64-5717-4562-b3fc-2c963f66afa6
    phone Recipient's phone number String 60123456789
    create_date Creation date of the verification in UTC, formatted as yyyy-mm-dd hh:mm:ss String 2025-08-18 00:00:00
    expire_date Expiration date of the verification in UTC, formatted as yyyy-mm-dd hh:mm:ss String 2025-08-18 02:00:00

    If there is an error with the API call, you will receive a JSON response with 400+ status code, error code and message.

    {
    "errors": [
      {
        "timestamp": "2025-08-18 00:00:00",
        "path": "/api/verify/",
        "method": "POST",
        "status": 401,
        "message": "User Not Authorized",
        "code": "1136"
      }
    ]

    Please refer to this table for details:

    Error Code Description HTTP Code
    1136 User Not Authorized 401
    1512 Invalid template id 400
    1513 Template is not found 400
    1515 Invalid channel specified 400
    1523 Invalid recipient number(s) 400
    1620 'sender' is missing 400
    1621 'phone' is missing 400
    1622 'template' is missing 400
    1623 Invalid code length 400
    1624 Template does not contain keyword {code} 400
    1629 Provide either 'data.code' or 'data.code_length' but not both 400
    1631 When 'data.channel' is not VOICE 'data.code' must be valid and 4 to 8 characters long 400
    1632 'data.code' should be numeric if provided 400
    1705 Invalid payload 400