OTP in Your Auth Flow

This guide walks you through adding SMS/WhatsApp OTP verification to your existing authentication flow using SendAPI's Verify API.

Overview

Two-factor authentication (2FA) via OTP is one of the most effective ways to secure user accounts. With SendAPI's Verify API, you can add OTP verification in just two API calls — no state management, code generation, or expiry tracking required.

Flow Diagram

User enters phone → Your server calls POST /v1/verify/send →
SendAPI delivers code → User enters code →
Your server calls POST /v1/verify/check → ✓ Verified

Step 1: Send the OTP

When a user submits their phone number, call the Verify API:

curl -X POST https://sendapi.co/v1/verify/send \
  -H "Authorization: Bearer sk_live_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "to": "+447700900000",
    "channel": "auto",
    "brand_name": "YourApp",
    "length": 6,
    "ttl": 300
  }'

Store the returned id — you'll need it to verify the code.

Step 2: Verify the Code

When the user submits the code they received:

curl -X POST https://sendapi.co/v1/verify/check \
  -H "Authorization: Bearer sk_live_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "id": "ver_01H9...AB",
    "code": "847291"
  }'

If valid: true is returned, the user is authenticated.

Best Practices

• Use channel: "auto" to let SendAPI pick the cheapest reliable channel.
• Set a reasonable TTL — 5 minutes (300s) is standard for most auth flows.
• Handle rate limits — SendAPI enforces 5 OTPs/hour per phone number to prevent abuse.
• Don't log OTP codes — The Verify API handles code generation and storage securely.
• Show clear error messages — Tell users to check SMS/WhatsApp if the code doesn't arrive.

Related

• Send OTP API Reference →
• Verify Code API Reference →
• Smart Channel Routing →