DEV Community: AlinaJ

How to Send 2FA OTPs in the USA Without 10DLC Registration

AlinaJ — Fri, 19 Dec 2025 07:43:25 +0000

How to Send 2FA OTPs in the USA Without 10DLC Registration

==========================================================

Can you really send 2FA OTPs in the USA without 10DLC?

Yes. With VerifyNow, you can start sending 2FA OTPs in the U.S. in minutes, without waiting weeks for 10DLC brand and campaign approvals.

If you have ever tried setting up SMS 2FA OTPs in the USA, you already know the problem.10DLC registration is slow. It blocks launches. And it delays security.

This guide explains how developers can send 2FA OTPs in the USA without 10DLC, stay compliant, and deliver 2FA OTPs reliably using pre-approved shared sender IDs and automatic fallback.

Quick Takeaway

You don’t need to wait weeks for 10DLC approval to setup 2FA OTPs in the USA.

By using pre-approved shared sender IDs with VerifyNow:

You can go live instantly
Deliver OTPs in under 3 seconds
Stay compliant with TCPA and CTIA rules
Add WhatsApp fallback for near-100% delivery
Use one API globally across 190+ countries

This is ideal for startups, pilots, and teams that need speed without compliance friction.

Why OTP Delivery Speed Matters in the USA

2FA OTPs are used everywhere in the U.S.:

Login verification
Password resets
Payments and transactions
Two-factor authentication (2FA)

If the OTP is slow or fails, users drop off.

1. SMS Is Still the Most Reliable Channel

Almost every U.S. user has a mobile phone. SMS works even when data or apps don’t.

2. Speed Directly Affects Conversion

Most 2FA OTP messages are read within minutes. Even small delays increase retries, support tickets, and abandoned flows.

3. OTPs Are a Security Requirement

Industries like fintech, healthcare, and e-commerce rely on 2FA OTPs to meet security expectations and compliance standards.

4. Failed OTPs Hurt Revenue

When 2FA OTPs fail, users cannot log in or complete payments. That means lost revenue and lower trust.

This is why delivery reliability matters more than just “sending an SMS”.

What Is 10DLC and Why Does It Slow Things Down?

10DLC (10-Digit Long Code) is the U.S. framework for sending application-to-person (A2P) SMS.

It requires:

Brand registration
Campaign registration
Use-case approval
Proof of opt-in
Template review

Why Developers Struggle With 10DLC

Approval can take weeks
Campaigns can be rejected
Throughput is limited until trust scores improve
Launches get delayed

For teams that just want to ship 2FA OTP authentication, this is overkill.

Can You Send OTPs in the USA Without 10DLC?

Yes.

You can send 2FA OTPs in the USA without registering your own 10DLC campaign by using a provider that offers pre-approved shared sender IDs.

VerifyNow handles carrier approvals centrally, so you don’t have to.

This means:

No brand registration
No campaign vetting
No waiting period

You still follow consent and compliance rules, but the infrastructure is already approved.

How VerifyNow Sends 2FA OTPs Without 10DLC

VerifyNow uses:

Carrier-approved shared sender IDs
Direct operator routes
Automatic channel fallback

This allows you to send 2FA OTPs instantly while remaining compliant.

Step-by-Step: Send 2FA OTPs in the USA Without 10DLC

Step 1: Create a Free VerifyNow Account

Step 2: Get Your API Key

Your API key is available immediately in the dashboard.

Step 3: Send an OTP (SMS)

Step 4: Verify the OTP

Step 5: Add Fallback Automatically

If SMS fails, VerifyNow automatically sends the OTP via WhatsApp.

No retries. No user confusion.

Step 6: Scale Globally

The same API works across 190+ countries. No new integrations.

Why This Works Without 10DLC

Shared sender IDs are already approved by carriers
Routing is optimized for OTP traffic
Compliance requirements are handled by the provider
Fallback prevents delivery failures

You focus on product logic. The platform handles delivery.

Benefits of Skipping 10DLC With VerifyNow

1. Instant Go-Live

No waiting weeks for approvals.

2. High Delivery Rates

Direct routes + fallback ensure OTPs arrive.

3. Sub-3 Second Latency

Optimized routing for authentication traffic.

4. Automatic WhatsApp Fallback

If SMS fails, users still get the OTP.

5. Pay-As-You-Go Pricing

Transparent, pay-as-you-go pricing for 2FA OTPs. No contracts. No minimums.

When Should You Still Consider 10DLC?

If you:

Send very high volumes
Want your own dedicated sender
Need long-term brand ownership

Then 10DLC makes sense.

But for fast launches, pilots, and global products, shared sender IDs are often the better option.

Final Thoughts

You don’t need to delay security just because 10DLC takes time.

With VerifyNow, developers can:

Send 2FA OTPs in the USA instantly
Avoid 10DLC delays
Add fallback for near-100% delivery
Use one API worldwide

If speed, reliability, and simplicity matter, this is the fastest way to ship OTP authentication in the U.S.

How to Integrate OTP SMS APIs in 15 Minutes | VerifyNow by Message Central

AlinaJ — Fri, 26 Sep 2025 04:41:22 +0000

How to integrate OTP SMS API in your app in 15 Minutes

======================================================

If you have ever tried adding SMS verification or OTP flows to your app, you probably know the pain. Some APIs take forever to set up, the docs feel like they were written in another language, and before you even send your first test SMS, you are buried under paperwork, sender ID approvals, or confusing subscription plans.

The truth is, SMS is still one of the most reliable ways to reach users. Whether it is sending OTPs during sign-up, confirming an order, or securing a payment, SMS is the channel people actually open. The challenge has always been getting your integration live fast without hitting roadblocks.

The good news? You do not need weeks or months to integrate an OTP SMS API anymore. With modern APIs, you can literally be up and running in minutes. In this guide, we will walk you through how to integrate OTP SMS APIs in just 15 minutes, while keeping things simple, clean, and reliable.

And here is the best part: with Message Central’s VerifyNow API, you do not need a sender ID to start, you get free test credits in your wallet, and you only pay as you go. That means no long contracts, no hidden costs, and no wasted time — just plug in, test, and go live.

And since VerifyNow works in 190+ countries, you don’t need to rebuild flows for each market. One API call works everywhere.

Here is a sneak peek of how simple it looks:

curl -X POST "https://api.messagecentral.com/verify/send" \

-H "Content-Type: application/json" \

-H "x-api-key: YOUR_API_KEY" \

-d '{

"phone_number": "+628123456789",

"channel": "sms"

That’s it. One call and your first OTP is on its way.

So let’s roll up our sleeves and see how you can go from zero to sending your first OTP in 15 minutes.

Step 1: Get Your API Key

First things first, you need an API key. Sign up at Message Central and log into the dashboard. You will see your API key under your VerifyNow account.

The cool part? You get free test credits as soon as you sign up. That means you can send real OTPs without paying a single rupee until you’re ready to scale.

Step 2: Make Your First API Call

Now let’s send an OTP. You only need a single API call to get started. Here’s an example using curl:

curl -X POST "https://api.messagecentral.com/verify/send" \

-H "Content-Type: application/json" \

-H "x-api-key: YOUR_API_KEY" \

-d '{

"phone_number": "+628123456789",

"channel": "sms"

If everything is set up correctly, you’ll get a JSON response confirming the OTP was sent:

{

"request_id": "f92c3d20-xxxx-xxxx-xxxx-09ba2d7d1a3f",

"status": "OTP_SENT"

}

Boom. You’ve just sent your first OTP in less than two minutes.

Step 3: Verify the OTP

Once your user receives the OTP, they’ll type it into your app. To verify it, call the verify endpoint like this:

curl -X POST "https://api.messagecentral.com/verify/check" \

-H "Content-Type: application/json" \

-H "x-api-key: YOUR_API_KEY" \

-d '{

"request_id": "f92c3d20-xxxx-xxxx-xxxx-09ba2d7d1a3f",

"otp": "123456"

If the OTP is correct, you’ll get:

{

"status": "VERIFIED"

}

If it’s wrong, you’ll get:

{

"status": "FAILED"

}

That’s all you need for a simple OTP flow: one call to send, one call to verify.

Step 4: Integrate Into Your App

Here’s what this looks like in Node.js:

const axios = require("axios");

const apiKey = "YOUR_API_KEY";

// Send OTP

async function sendOTP(phone) {

const res = await axios.post(

"https://api.messagecentral.com/verify/send",

{ phone_number: phone, channel: "sms" },

{ headers: { "x-api-key": apiKey } }

);

console.log(res.data);

}

// Verify OTP

async function verifyOTP(requestId, otp) {

const res = await axios.post(

"https://api.messagecentral.com/verify/check",

{ request_id: requestId, otp },

{ headers: { "x-api-key": apiKey } }

);

console.log(res.data);

}

You can do the same in Python, PHP, Java, or any language that supports HTTP requests. The API is language-agnostic, so you can plug it into any backend stack.

Why VerifyNow is Different from Other OTP SMS APIs

If you’ve worked with other OTP SMS APIs before, you’ve probably run into the usual headaches: complicated onboarding, waiting weeks for sender ID approvals, or finding out that “delivery rates” are not what was promised.

VerifyNow was built to cut through all that clutter. Here’s why it feels different when you use it:

No sender ID approvals required to start

In most countries, you can’t even send a test SMS without registering a sender ID. That process can take weeks or months. With VerifyNow, you can skip the wait and start sending OTPs instantly using shared sender IDs that are already pre-approved.

Global coverage in 190+ countries

Whether your users are in Jakarta, New Delhi, São Paulo, or New York, you can verify them with the same API call. No juggling multiple providers, no operator-specific headaches.

Highest delivery rates

Many SMS APIs cut corners by using grey routes. That’s why OTPs sometimes take minutes to arrive — or never do. VerifyNow connects directly with mobile operators, which means your OTPs actually get delivered, fast.

Pay-as-you-go pricing

Forget monthly subscription fees or minimum commitments. With VerifyNow, you only pay for what you send. If you’re just testing or scaling gradually, you don’t burn money upfront.

Built for developers

The docs are clean, the APIs are RESTful, and integration is as easy as a single POST request. No bloated SDKs, no vendor lock-in. Just simple, predictable APIs that get the job done.

Where You Can Use VerifyNow

Once you’ve got OTP SMS verification integrated, the possibilities go way beyond just login screens. Here are some common use cases where VerifyNow makes a big difference:

E-commerce: Send OTPs during checkout to cut fraud, confirm orders instantly, or remind customers about abandoned carts. Reliable delivery can directly boost conversion rates.
Fintech: Secure every transaction with an OTP, verify new account sign-ups, and reduce fraud risk. With banking and payments, seconds matter, and VerifyNow ensures OTPs actually arrive on time.
SaaS platforms: Add frictionless sign-up verification, password resets, or 2FA to protect accounts without making users jump through hoops.
Healthcare: Send appointment reminders, patient alerts, or secure report access codes where reliability and compliance are critical.

The best part? You can start with OTPs today, then expand into transactional and engagement use cases whenever you’re ready — without changing your integration.

Conclusion

Integrating OTP SMS API into your product does not need to be slow or complicated. With just a few API calls, you can send and verify OTPs in minutes and start securing user journeys right away.

Message Central’s VerifyNow API makes it even easier: no sender ID delays, global coverage across 190+ countries, and a pay-as-you-go model that means you only pay for what you send. It is fast, reliable, and built for developers who value simplicity.

If you are ready to test it out, grab your free credits, copy the sample code, and go live in 15 minutes. The API docs are here: VerifyNow API Documentation

How to Stop Smishing Before It Reaches Your Customers

AlinaJ — Mon, 25 Aug 2025 15:53:34 +0000

If your business relies on SMS to engage customers, you already know how powerful it can be for everything from logins to promotions. But with that power comes risk. Smishing attacks — fake SMS messages that trick users into sharing sensitive information — are on the rise, and they don’t just damage customer trust, they also make it harder for legitimate traffic to get delivered. That’s why businesses are turning to trusted partners like Message Central for reliable messaging APIs, which combine secure delivery, compliance-first routing, and fraud detection to keep campaigns safe and effective.

Why Anti-Smishing Matters More Than Ever

If you use SMS to reach customers, you already know its power. Your SMS OTPs arrive in seconds. A delivery update finds people wherever they are. A flash sale alert can turn into sales within minutes.

But alongside all this convenience sits a growing threat: smishing. It’s phishing’s SMS-based cousin — fake messages that look like they’re from banks, delivery companies, or even your brand. The goal? To trick people into giving away sensitive information.

Smishing doesn’t just hurt consumers. It puts your business at risk too. When carriers detect suspicious activity, even legitimate messages can be blocked or delayed, dragging down your delivery rates and damaging customer trust.

And here’s the tough part: even if your own campaigns are clean, scams elsewhere in the ecosystem can still impact your deliverability. That’s why carriers and regulators are tightening filters and demanding more proof of compliance.

In short, it’s no longer enough to simply “send” a message. Your SMS traffic has to be secure, trusted, and compliant — or it may never land.

This guide will break down what smishing is, how it impacts your delivery rates, and the best practices businesses can follow to keep messages safe, compliant, and reliably delivered.

What is Smishing? A Business- and Developer-Friendly Breakdown

At its core, smishing = SMS + phishing. It’s when scammers send text messages that look legitimate but are designed to trick someone into clicking a malicious link, downloading malware, or handing over sensitive details like passwords or card numbers.

Common examples include:

A fake delivery link: “Your package is waiting. Click here to reschedule.”
A false banking alert: “Suspicious transaction detected. Log in now to verify.”
A bogus OTP: “Your verification code is 482913.” (from a service you never requested).

Why has smishing exploded in recent years? Because SMS feels personal and urgent. People check texts faster than email, which makes them more vulnerable — and makes SMS a high-reward channel for fraudsters.

For real businesses, this creates two major problems:

Erosion of trust – Once customers are burned by a fake SMS, they become hesitant to engage with legitimate ones.
Delivery challenges – Carriers now use stricter filters to catch scams, but those filters can also flag real campaigns, especially if your templates resemble common fraud patterns.

So if you’re a product manager, developer, or growth marketer relying on SMS, smishing isn’t just a security concern — it’s a trust, delivery, and business continuity challenge.

How Smishing Hurts SMS Delivery and Your Business

Smishing isn’t just a nuisance for customers. It has a direct impact on how well your legitimate SMS campaigns perform.

Here’s why: carriers are under constant pressure to block fraudulent traffic before it reaches end users. To do this, they rely on filters that scan for risky patterns — things like suspicious links, keywords, or message formats often abused by scammers.

The catch? These filters aren’t perfect. If your genuine OTPs, shipping alerts, or promo offers resemble scam-like patterns even slightly, they can get flagged and blocked. The result: messages never reach your customer.

And when delivery fails, the damage goes far beyond a lost SMS fee. Think:

Failed logins because OTPs never arrive
Missed sales from promotions that don’t land
Frustrated users losing trust in your brand

Over time, this doesn’t just hurt delivery rates — it chips away at customer loyalty and reduces ROI on every messaging dollar you spend.

In short: smishing makes it harder for good traffic to get through, putting both your delivery and your bottom line at risk.

Best Practices to Protect Your SMS Campaigns from Smishing

The good news: you don’t have to be a security expert to safeguard your campaigns. With a few smart steps, you can protect your customers, improve trust, and keep your SMS messages delivering on time.

Partner with a reliable SMS API provider

Not all providers are equal. The right partner will have direct carrier routes, real-time fraud detection, and built-in compliance tools that reduce the risk of your messages being filtered.

Use consistent, recognizable sender IDs

If customers instantly know it’s you, they’re less likely to mistake your message for a scam. Stick to clear sender IDs and avoid random number changes that look suspicious.

Keep your content clean and trustworthy

Scammy-looking content gets flagged fast. Steer clear of shady links, spammy wording, or aggressive CTAs. If you use links, make them branded or use a reputable short link service to build confidence.

Stay compliant with local regulations

Rules like 10DLC in the US or DLT in India aren’t just red tape — they signal to carriers that your traffic is legitimate. Compliance helps your messages bypass unnecessary filters.

Watch delivery reports like a hawk

A sudden dip in delivery is often an early warning sign. Regularly monitor reports and be ready to adjust your templates, routing, or provider if you see red flags.

When you build these best practices into your workflow, you protect your users from smishing, keep delivery rates high, and ensure your SMS campaigns actually drive results.

Practical Steps to Keep Your Campaigns Smishing-Free

There’s no single switch that eliminates smishing. Protecting your SMS campaigns comes down to consistent practices and smart safeguards that reduce risks while keeping trust high. Here are some actionable steps you can put in place right away:

Verify every sender ID

Always use registered and approved sender IDs in the regions where you operate. This prevents spoofing attempts and reassures customers that messages truly come from your brand.

Maintain a clean customer database

Regularly update your contact lists and remove inactive or incorrect numbers. Clean databases reduce exposure to fraud and improve your overall delivery performance.

Write clear, trustworthy content

Smishing attempts often look complicated or suspicious. Keep your messages simple, professional, and direct. Avoid unnecessary links or vague requests for personal information.

Work with a reliable API partner

Choose an API provider with strong fraud detection, intelligent routing, and delivery monitoring built in. The right partner will spot anomalies early and keep your campaigns safe.

Educate your customers

Remind users not to click on links from unknown senders and to verify sensitive requests through your official channels. A well-informed audience is a stronger line of defense.

By combining smart processes, trusted technology, and ongoing customer education, you can safeguard your SMS traffic, improve delivery rates, and protect your brand reputation.

Conclusion

Smishing isn’t just a security risk — it’s a delivery and trust problem that can directly impact your bottom line. As carriers tighten their defences, the margin for error gets smaller. Businesses that want to keep their SMS campaigns effective need more than just good content. They need clean practices, verified sender IDs, customer education, and the right technology partner.

That’s where Message Central comes in. Our messaging APIs are built to deliver with speed, security, and compliance at scale — so your OTPs, alerts, and promotional campaigns actually reach the people they’re meant for. With built-in fraud detection and carrier-grade routing, we help businesses cut through the noise, protect their customers, and keep trust intact.

At the end of the day, SMS works best when it’s both fast and safe. With the right safeguards and the right partner, you can make sure every message counts.

SMS Verification APIs with Node.js

AlinaJ — Mon, 18 Mar 2024 05:56:43 +0000

What Is SMS Verification?

SMS verification is a method of authentication system that enables users to receive a shortcode on their mobile phones, which is used to verify their identity when logging into an application.
SMS is among the most widespread types of multi-factor authentication (MFA), requiring no apps or digital keys, making it independent of a specific ecosystem and helping to streamline various user workflows in applications.

It provides enhanced security because a hacker would need to have the user's username, password, and physical access to their phone, which likely has its own authentication, to log into an application. Although, now a days, OTP SMS is still being hacked and hence it is very necessary to keep in mind the OTP SMS fraud prevention methods.

Benefits of SMS Verification

Despite alternatives like FIDO2 and mobile authenticator applications gaining popularity, SMS verification remains widely used due to its benefits:

a. Secure: Increases security significantly as it makes it hard for malicious actors to access user accounts.

b. Ease of use: Almost everyone has access to a mobile phone today, making SMS verification a popular choice with no additional costs on software or hardware devices.

c. Convenience: Reduces the burden of remembering passwords by sending a unique code to the user's mobile for verification.

Setup for SMS Verification with Message Central

Message Central is a CPaaS solution with a suite of products including OTP SMS APIs, SMS APIs and WhatsApp marketing platform.

a. Create a MessageCentral Account: Sign up for a Message Central account to get started. You will receive a customer ID, which you will use in your application.

b. Install Required Packages: Ensure you have Node.js installed on your machine. Create a new directory for your project and initialize a new Node.js project. Install the required packages using npm:

npm install express request

Integration Steps

This process involves the following three significant steps:

a. Message Central Details

b. Adding Message Central Details in Code

c. Send a Test Otp for verification

Message Central Details

After creating an account on Message Central, you need the following details:
Customer Id - You can get the customer ID from Message Central Home Console
Login Credentials: You’d require an email and would need to create a password.

Adding MessageCentral Details in Code

To add MessageCentral details on the code find out the variable definition with name “customerId”, “email” and “password”:

const customerId = '[Your Customer ID]';
const email = '[Your Email]';
const password = '[Your Password]';

To add your credentials in javascript code, you need to create a javascript file i.e mc_verication_service.js: And add provided code into this file.

const request = require('request');
const express = require('express');
const app = express();
const port = 3000;
const baseURL = 'https://cpaas.messagecentral.com';
const customerId = '[Your Customer ID]';
const email = '[Your Email]';
const password = '[Your Password]';
let verificationId;
const generateAuthToken = async () => {
const base64String = Buffer.from(password).toString('base64');
const url = `${baseURL}/auth/v1/authentication/token?country=IN&customerId=${customerId}&email=${email}&key=${base64String}&scope=NEW`;
const options = {
    url: url,
    headers: {
        'accept': '*/*'
    }
};
return new Promise((resolve, reject) => {
    request(options, (error, response, body) => {
        if (error) {
            console.error('Error generating auth token:', error);
            reject(error);
            return;
        }
        console.log('Auth Token:', body);
        authToken = JSON.parse(body).token;
        resolve(authToken);
    });
});
};
const sendOtp = async (countryCode, mobileNumber) => {
const url = ${baseURL}/verification/v2/verification/send?countryCode=${countryCode}&customerId=${customerId}&flowType=SMS&mobileNumber=${mobileNumber};
const options = {
url: url,
method: 'POST',
json: true,
headers: {
'accept': '/',
'authToken': authToken
}
};
return new Promise((resolve, reject) => {
request(options, (error, response, body) => {
if (error) {
console.error('Error generating auth token:', error);
reject(error);
return;
}
console.log('Request :', options)
console.log('Body :', body);
verificationId = body.data.verificationId;
resolve(body);
});
});
};
const velidateOtp = async (otpCode, countryCode, mobileNumber) => {
const url = ${baseURL}/verification/v2/verification/validateOtp?countryCode=${countryCode}&mobileNumber=${mobileNumber}&verificationId=${verificationId}&customerId=${customerId}&code=${otpCode};
const options = {
url: url,
method: 'GET',
json: true,
headers: {
'accept': '/',
'authToken': authToken
}
};
return new Promise((resolve, reject) => {
request(options, (error, response, body) => {
if (error) {
console.error('Error generating auth token:', error);
reject(error)
return;
}
console.log('Request :', options)
console.log('Body :', body);
resolve(body);
});
});
};
app.post('/sendotp/:countryCode/:mobileNumber', async (req, res) => {
const { countryCode, mobileNumber } = req.params;
const authToken = await generateAuthToken();
try {
body = await sendOtp(countryCode, mobileNumber)
if (body.data.responseCode == 200 && body.data.errorMessage == null) {
res.status(200).send('Otp sent! Successfully');
} else {
res.status(400).send('Bad Request ${body.data.errorMessage}');
}
} catch (error) {
console.error('Error sending OTP:', error);
const s = error
res.status(500).send(s);
}
});
app.get('/validateOtp/:countryCode/:mobileNumber/:otpCode', async (req, res) => {
const { countryCode, mobileNumber, otpCode } = req.params;
const authToken = await generateAuthToken();
try {
body = await velidateOtp(otpCode, countryCode, mobileNumber);
if (body.data.verificationStatus == 'VERIFICATION_COMPLETED' && body.data.errorMessage == null) {
res.status(200).send('Otp verification Done! ');
} else {
res.status(400).send('Bad Request : ${body.data.errorMessage}');
}
} catch (error) {
console.error('Error verifying OTP:', error);
const s = error
res.status(500).send(s);
}
});
app.listen(port, () => {
console.log(Server running at http://localhost:${port});
});

Send a Test Otp Sms for Verification

If you need to test the service without code, you can go to the free SMS verification page on the Message Central’s website.

To ensure that the integration is successful, send a test OTP SMS as follows:

1 Run the javascript file using command

node mc_verification_service.js

2.Open the Postman and set Request Method as POST and
URL
as http://localhost:3000/sendotp//

Here’s the port 3000, it is default and defined in code, can be changed.
Example, For Indian Phone Number URL : http://localhost:3000/sendotp/91/123****123

3.Now You have an otp on your sms inbox. Try your own validation Otp API to validate OTP

Open the Postman and set Request Method as GET and
URL as http://localhost:3000/validateOtp///
Here’s the port 3000, it is default and defined in code, can be changed.
Example, For Indian Phone NumberURL : http://localhost:3000/validateOtp/91/123****123/****

API Guide to Setup OTP SMS Verification

AlinaJ — Mon, 15 Jan 2024 15:52:37 +0000

Requirements

If you want to send OTP SMS or enable SMS verification, you need to Register and create an account with Verify Now console.messagecentral.com/signUp Have a valid balance in your account to send OTPs.
You can use the test credits during integration to verify our services or test our SMS verification services for free.
REST API Base URL’s:
All Platform API endpoints below should be prefixed with the following URL:
https://cpaas.messagecentral.com

** These are the following steps to successfully send an otp to a mobile number:**

Generate a token
Make a post request to our ‘send otp’ API and pass the token in header
Make a get request to our ‘validate otp’ API and pass the token in header

How to generate a token?

Make a get request to auth/v1/authentication/token
Add the ‘customerId’ field. This is a unique id for every customer.
Add ‘country’ field. This is the country ISO code of the registered user.
Add ‘email’ field. This is the email address of the registered user. (It’s optional)
Add ‘key’ field. This is the Base 64 encrypted password of the registered user.
Add ‘scope’ field. This is a request to generate a ‘NEW’ token for the registered user.

** Sample response:**

How to send OTP to a mobile number?

Make a post request to /verification/v2/verification/send
Add ‘customerId’ field. This is a unique Id for every customer.
Add ‘countryCode’ field. This is the country code of the mobile number who will receive the otp
Add ‘otpLength’ field. This is the OTP length. It’s an optional field and by default the value is 4, you can configure it up to 8 digits.
Add ‘mobileNumber’ field. This is the number that receives the otp.
Add ‘flowType’ field. Set this type to ‘SMS’
Add ‘authToken’ generated using the token API and pass that as a header in send otp.

** Sample response:**

The response will have a verificationId that will be passed a parameter in the validate OTP API to validate the request.

How to validate an OTP?

Make a get request to /verification/v2/verification/validateOtp.
Add ‘customerId’ field. This is a unique Id for every customer.
Add ‘code’ field. This is the OTP code sent to the end user.
Add ‘verificationId’ field. This is the verification id generated in the send OTP API.
Add ‘authToken’ generated using the token API and pass that as a header in send otp.

** Sample response:**

You can see our detailed SMS verification API documentation page for more details.