GetOTP Documentation
SMS OTP
The SMS OTP allows you to perform OTP via SMS.
Request for SMS OTP API
To request for SMS OTP, make a POST request to our OTP endpoint. Take note that our OTP endpoint ends with a trailing slash:
https://otp.dev/api/verify/
With the following Basic HTTP verification method:
Description | Required | Data Type | Example |
---|---|---|---|
Your API Key | Yes | String | mtbi2w4hlendfpxa1igthcu5p6mzxf7k |
Your API Token | Yes | String | mpktanoshzf4c81e3bydjl76ixr9wugv |
Note
- Grab your API key and API token from this page
- You can create maximum 3 counts of API keys
- Your API call counts will be limited depending on your active subscription
With the following parameters:
Name | Description | Required | Data Type | Option | Example |
---|---|---|---|---|---|
channel | Channel for delivering OTP | Yes | String | sms | |
phone_sms | The user mobile phone number (with country code) | No | String | +60123456789 | |
success_redirect_url | Where to redirect a user after OTP success | Yes | URL | https://mysite.test/payments/qHgZiJQ8YF/otp-complete/ | |
fail_redirect_url | Where to redirect a user after OTP failed | Yes | URL | https://mysite.test/payments/qHgZiJQ8YF/otp-fail/ | |
callback_url | Your site callback URL when OTP success | No | URL | https://mysite.test/payments/otp-callback/ | |
metadata | Additional info that you want to pass. | No | String For JSON object, convert into JSON string. |
{\"order_id\":\"xfdu48sfdjsdf\", \"agent_id\":2258}
|
|
captcha | Recaptcha feature at OTP form. Enabled by default. | No | String | true / false | false |
hide | Obfuscate phone_sms value. Disabled by default. | No | String | true / false | true |
lang | Change the OTP UI language (Pro Plan only feature). | No | String | en / ja / ko / es / fr | ja |
Note
Notes on the phone_sms parameter:
- Since the parameter is optional, if omitted the OTP form will have a blank phone field by default
- If the parameter is present, the OTP form will automatically prefill the phone field with the provided value
- You must provide a phone number with country code, and start with plus (+) symbol as per example
Notes on the captcha parameter:
- ReCaptcha is enabled by default. Please read our Privacy Policy for more information on reCaptcha.
Examples
Below is an example request using cURL:
curl -L -X POST 'https://otp.dev/api/verify/' \
-u 'mtbi2w4hlendfpxa1igthcu5p6mzxf7k:mpktanoshzf4c81e3bydjl76ixr9wugv' \
-F 'channel="sms"' \
-F 'phone_sms="+60123456789"' \
-F 'callback_url="https://mysite.test/payments/otp-callback/"' \
-F 'success_redirect_url="https://mysite.test/payments/qHgZiJQ8YF/otp-complete/"' \
-F 'fail_redirect_url="https://mysite.test/payments/qHgZiJQ8YF/otp-fail/"' \
-F 'metadata="{\"order_id\":\"xfdu48sfdjsdf\", \"agent_id\":2258}"' \
-F 'captcha="true"' \
-F 'hide="true"' \
-F 'lang="ja"'
The response would be a JSON structure, returned with HTTP 200 Code
status code:
{
"otp_id": "vbiwkf149jixuzhao85z",
"link": "https://otp.dev/api/ui/verify/vbiwkf149jixuzhao85z/sms/",
"otp_secret": "230q4j20kk9rw5b1zrh4"
}
Response data details:
Name | Description | Data Type | Example |
---|---|---|---|
otp_id | The unique OTP ID for this request | String | l4lckl9qkx2h54k58hnj |
link | URL to redirect your user to fill OTP code | String | https://otp.dev/api/ui/verify/vbiwkf149jixuzhao85z/sms/ |
otp_secret | The unique OTP secret for this request | String | 4gdpu9li6i9654dk6mui |
If there is an error with the API call, please refer to this table for details:
Error Code | Description | HTTP Code | Response |
---|---|---|---|
N/A | Invalid API Key / API Token | 403 |
|
INV-01 | Invalid channel specified | 400 |
|
INV-02 | Invalid channel | 400 |
|
INV-03 | Email specified but appropriate channel not chosen | 400 |
|
INV-04 | Phone number specified but appropriate channel not chosen | 400 |
|
INV-05 | Invalid language | 400 |
|
INV-06 | Invalid embed mode | 400 |
|
INV-07 | Callback URL doesn't match API user domain | 400 |
|
INV-08 | Success URL doesn't match API user domain | 400 |
|
INV-09 | Fail URL doesn't match API user domain | 400 |
|
SUB-01 | API request quota depleted | 400 |
|
SUB-02 | Channel quota exceeded for current plan | 400 |
|
SUB-03 | Subscription expired | 400 |
|
SUB-04 | Channel not supported | 400 |
|
SUB-05 | Invalid lang for plan subscribed | 400 |
|
Displaying SMS OTP
You needs to redirect a user to the link
included in the response.
https://otp.dev/api/ui/verify/vbiwkf149jixuzhao85z/sms/
The user will receive an OTP code via SMS and need to fill in their OTP code via the provided form.
OTP Callback
Once the user fills in the OTP form and submits it, a POST request to the callback_url
will be made.
https://mysite.test/payments/otp-callback/
Your callback_url
will receive a POST request with the following payload in a JSON structure:
{
"otp_id": "8zphnqslxc0n96utnjau",
"auth_status": "verified",
"channel": "sms",
"otp_secret": "otloxfhrg55zkebcpqks",
"phone_sms": "+60123456789",
"ip_address": "10.9.8.7",
"metadata": "{\"order_id\":\"xfdu48sfdjsdf\", \"agent_id\":2258}",
"risk_score": 0.0023
}
Name | Description | Data Type | Example |
---|---|---|---|
otp_id | The unique OTP ID from the initial OTP request | String | a3rmm7nbe6thgxiaancj |
auth_status | The OTP status | String |
verified
not_verified |
channel | The OTP channel | String | sms |
otp_secret | The unique OTP secret from the initial OTP request | String | cu3089cibcvhfu851428 |
phone_sms | The value from the initial OTP request | String | +60123456789 |
ip_address | The IP address of the user going through the verification | String | 10.9.8.7 |
metadata | Additional info from initial request | String |
{\"order_id\":\"xfdu48sfdjsdf\", \"agent_id\":2258}
|
risk_score | Anti-fraud scoring (Pro Plan only feature), where 0 is least risk and 1 is highest risk. Returns null for when no scoring data is available and for non-Pro plans. | Float |
0.0023
|
Note
Notes on the auth_status parameter:
- The value depends on whether the user inputs the correct OTP or not
-
Correct OTP will return
verified
value -
Invalid OTP will return
not_verified
value
Success Redirect
Upon successful OTP, our server will redirect your user to the URL that was defined in success_redirect_url
. This is useful to show success confirmation to the user.
https://mysite.test/payments/qHgZiJQ8YF/otp-complete/?otp_id=m1zBsh2L0c
Note that we include the otp_id
in the redirect URL for your convenience. You can use the value to update your application data, but we suggest performing it during the OTP callback.
Failed Redirect
Upon failed OTP, our server will redirect your user to the URL that was defined in fail_redirect_url
. This is useful to show fail confirmation to the user.
https://mysite.test/payments/qHgZiJQ8YF/otp-fail/?otp_id=m1zBsh2L0c
Note that we include the otp_id
in the redirect URL for your convenience. You can use the value to update your application data, but we suggest performing it during the OTP callback.
OTP Flow Summary
To summarize the explanation above here is the OTP flow diagram