Verify a Code
POST /v1/verify/check
Submit the code that the user entered. Returns whether the code is valid.
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
id | string | Yes | The verification ID returned by POST /v1/verify/send. |
code | string | Yes | The code the user submitted. |
bash
curl -X POST https://sendapi.co/v1/verify/check \
-H "Authorization: Bearer sk_live_123456789" \
-H "Content-Type: application/json" \
-d '{
"id": "ver_01H9...AB",
"code": "847291"
}'javascript
const result = await client.verify.check({
id: verificationId,
code: userEnteredCode
});
if (result.valid) {
// Log the user in
} else {
console.log(`${result.attempts_remaining} attempts left`);
}python
result = client.verify.check(
id=verification_id,
code=user_entered_code
)
if result.valid:
# log the user in
passSuccess Response
json
{
"id": "ver_01H9...AB",
"valid": true,
"verified_at": "2026-03-09T14:31:00Z"
}Failed Response (Wrong Code)
json
{
"id": "ver_01H9...AB",
"valid": false,
"attempts_remaining": 2
}Error Responses
| HTTP Code | Error Code | Reason |
|---|---|---|
404 | verification_not_found | The id does not exist |
410 | verification_expired | The OTP TTL has passed |
429 | max_attempts_exceeded | 5 failed attempts — verification locked |
Security
After 5 failed attempts, the verification session is permanently invalidated. The user must request a new OTP to try again. This prevents brute-force attacks.