GetOTP Documentation
SMS OTP
The SMS OTP allows you to perform OTP via SMS.
Request for SMS OTP API
To request for SMS OTP, make a POST request to our OTP endpoint. Take note that our OTP endpoint ends with a trailing slash:
https://otp.dev/api/verify/With the following Basic HTTP verification method:
| Description | Required | Data Type | Example |
|---|---|---|---|
| Your API Key | Yes | String | mtbi2w4hlendfpxa1igthcu5p6mzxf7k |
Note
- Grab your API key from this page
With the following parameters:
| Name | Description | Required | Data Type | Example |
|---|---|---|---|---|
| channel | Channel for delivering OTP | Yes | String | sms |
| sender | Name or number that appears as the sender of an SMS message | Yes | String | GetOTP |
| phone | The user mobile phone number (with country code) | Yes | String | 60123456789 |
| template | The template ID for the OTP SMS message | Yes | UUID | 6d16aa9d-bf19-4141-8169-48b46d972fc6 |
| code_length | The length of the code, which falls within the range of 4 to 8 characters. At least one of the following is required: 'code_length' or 'code'. | No | Number | 4 |
| code | The 'code' field accepts only digits and must be between 4 to 8 characters in length. At least one of the following is required: 'code_length' or 'code'. | No | String | 1234 |
| payload | Additional info that will be sent back to the client through the Webhook URL. | No | String For JSON object, convert into JSON string. |
{\"order_id\":\"xfdu48sfdjsdf\", \"agent_id\":2258}
|
Note
Notes on the phone parameter:
Examples
Below is an example request using cURL:
curl --request POST \
--url https://otp.dev/api/verify/ \
--header 'X-OTP-Key: {YOUR_API_KEY}' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"data": {
"channel": "sms",
"sender": "GetOTP",
"phone": "60123456789",
"template": "6d16aa9d-bf19-4141-8169-48b46d972fc6",
"code_length": 4
}
}
'
The response would be a JSON structure, returned with HTTP 200 Code
status code:
{
"account_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"message_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"phone": "60123456789",
"create_date": "2025-08-18T06:28:58.962Z",
"expire_date": "2025-08-18T06:28:58.962Z"
}Response data details:
| Name | Description | Data Type | Example |
|---|---|---|---|
| account_id | The unique identifier of the account | String | 3fa85f64-5717-4562-b3fc-2c963f66afa6 |
| message_id | The unique identifier of the message | String | 3fa85f64-5717-4562-b3fc-2c963f66afa6 |
| phone | Recipient's phone number | String | 60123456789 |
| create_date | Creation date of the verification in UTC, formatted as yyyy-mm-dd hh:mm:ss | String | 2025-08-18 00:00:00 |
| expire_date | Expiration date of the verification in UTC, formatted as yyyy-mm-dd hh:mm:ss | String | 2025-08-18 02:00:00 |
If there is an error with the API call, you will receive a JSON response with 400+ status code, error code and message.
{
"errors": [
{
"timestamp": "2025-08-18 00:00:00",
"path": "/api/verify/",
"method": "POST",
"status": 401,
"message": "User Not Authorized",
"code": "1136"
}
]Please refer to this table for details:
| Error Code | Description | HTTP Code |
|---|---|---|
| 1136 | User Not Authorized | 401 |
| 1512 | Invalid template id | 400 |
| 1513 | Template is not found | 400 |
| 1515 | Invalid channel specified | 400 |
| 1523 | Invalid recipient number(s) | 400 |
| 1620 | 'sender' is missing | 400 |
| 1621 | 'phone' is missing | 400 |
| 1622 | 'template' is missing | 400 |
| 1623 | Invalid code length | 400 |
| 1624 | Template does not contain keyword {code} | 400 |
| 1629 | Provide either 'data.code' or 'data.code_length' but not both | 400 |
| 1631 | When 'data.channel' is not VOICE 'data.code' must be valid and 4 to 8 characters long | 400 |
| 1632 | 'data.code' should be numeric if provided | 400 |
| 1705 | Invalid payload | 400 |