OTP/Mobile verification
In addition to sending SMS, Textbelt automates one-time password (OTP) and mobile verification use cases.
There is no extra charge for sending and verifying OTPs compared to sending normal SMS. For this reason, Textbelt is very cost-effective compared to other solutions.
Sending an SMS verification code
The https://textbelt.com/otp/generate
HTTP POST endpoint will create a one-time code and send it to the user's phone.
The /otp/generate
endpoint requires the following parameters:
phone: A phone number. If you're in the U.S., you can just send a normal 10-digit phone number with area code. Outside the U.S., it is best to send the phone number in E.164 format with your country code. For example, a British phone number is +447712345678.
userid: An id that is unique to your user. This can be any string.
key: Your Textbelt API key (use
example_otp_key
to test).
Optional parameters:
message: The content of your SMS. Replaces the default message "Your verification code is XXX". Use the $OTP variable to include the OTP in your message.
lifetime: Determines how many seconds the OTP is valid for. Defaults to 180, or 3 minutes.
length: The number of digits in your OTP. Defaults to 6.
Examples
Here are basic examples that use only the required parameters:
Include optional parameters to customize your OTP:
Response
The /otp/generate
endpoint returns a JSON response with the following attributes:
success: Whether the otp was successfully sent.
textId:The ID of the text message sent, so you can track its delivery. Use this to check SMS delivery status.
quotaRemaining: The amount of credit left on your key.
otp: The one-time verification code sent to the user.
Here's an example API response from the OTP generation endpoint /otp/generate
:
Here's an example response when you are out of SMS credits or used an invalid key in your request:
Verifying a user code
Once you've sent the one-time code, your user will enter a code on your website or application. You can use Textbelt to confirm that the code is valid.
This is done via HTTP GET request to the /otp/verify
endpoint. Supply the following parameters:
otp:The code entered by the user.
userid: The ID of the user. Should match the id that you used in the prior
/otp/generate
step.key: Your Textbelt API key.
Here's an example URL:
https://textbelt.com/otp/verify?otp=123456&userid=myuser@site.com&key=example_otp_key
You can request it via a simple HTTP GET request in any language of your choosing:
The response contains the following:
success: Whether the request was successfully received and processed. True or false.
isValidOtp: Whether the OTP is correct for the given userid. True or false.
Use isValidOtp to decide whether to let the user into your app!
Here's an example response for a valid OTP:
Here's an example response for an invalid OTP:
Understanding the OTP flow
Mobile verification with a OTP is a three-step process. In the example below, a web application implements mobile verification by using Textbelt to send an OTP directly to a user via SMS, and subsequently to verify an OTP submitted by a user.
To learn how to build an API request to send an OTP, see Sending an SMS verification code. To learn how to verify an OTP, see Verifying a user code.
Get an API key
OTP keys are the same as normal Textbelt keys. This means you can mix and match your quota to send OTPs and normal text messages. Create an API key to start sending and receiving SMS.
Last updated