Verify (OTP check)

API for creating and verifying one-time passwords (OTP) via SMS, Email and other channels.

POST requests must include the header Content-Type: application/json. Code verification (verify) also supports the GET method.

---

Create code — synchronous

Creates a verification code and sends it via SMS or Email. The gateway processes the request immediately and returns verify_id.

URI: /api/verify.php

HTTP method: POST

Request parameters

authstringrequired API key from your personal cabinet

commandstringrequired Must be verify/create

phonestringrequired* Phone number in any format (required if email is not specified)

emailstringrequired* Email address (required if phone is not specified)

typestringrequired Verification type: sms, hlr, rcs, email, viber

sender_namestring SMS signature / brand name

langstring Message language: uk, ru, en (default en)

code_lengthnumber Code length (default 8, range 1–10)

code_typestring Code type: numeric, alphabetic, alphanumeric, extended (default numeric)

service_idnumber Verification service ID

custom_idstring Custom identifier for linking with your system

hookstring Webhook URL for verification status notifications

Request example

{
  "auth": "API_KEY",
  "command": "verify/create",
  "phone": "441501234567",
  "type": "sms",
  "sender_name": "MyBrand",
  "lang": "en",
  "code_length": 6,
  "code_type": "numeric",
  "service_id": 1,
  "custom_id": "abcdef1234567",
  "hook": "https://example.com/webhook"
}

Response

successboolean Result of request acceptance

verify_idstring Verification ID (UUID)

Example response:

{
  "success": true,
  "verify_id": "14fb5f3d-20be-41ef-b31a-b9f5e499bc7a"
}

HTTP errors: 400 (invalid format/JSON), 401 (invalid auth), 413 (request body too large).

---

Verify code

URI: /api/verify.php

This request checks the code entered by the user and returns the verification status (only the sync API).

Request parameters

authstringrequired API key, which can be obtained in your personal cabinet

commandstringrequired Must be verify

phonestringrequired* Phone number (required if email is not specified)

emailstringrequired* Email address (required if phone is not specified)

codestringrequired Code to be checked

verify_idstring Verification ID (UUID)

service_idnumber Verification service ID (if verify_id is not specified)

custom_idstring Custom identifier (if neither service_id nor verify_id is specified)

Request example (GET)

/api/verify.php?auth=API_KEY&command=verify&phone=380501234567&code=123456&verify_id=14fb5f3d-20be-41ef-b31a-b9f5e499bc7a

Request example (POST, JSON)

{
  "auth": "API_KEY",
  "command": "verify",
  "phone": "380501234567",
  "code": "123456",
  "verify_id": "14fb5f3d-20be-41ef-b31a-b9f5e499bc7a"
}

Response

successboolean Result of the request

verify_idstring Verification ID

phonestring Phone number

typestring Channel type: sms, email, hlr, rcs, viber

statusstring Verification status (see below)

service_idnumber Verification service ID

Example of a successful response:

{
  "success": true,
  "verify_id": "14fb5f3d-20be-41ef-b31a-b9f5e499bc7a",
  "phone": "441501234567",
  "type": "sms",
  "status": "approved",
  "service_id": 1
}

Possible values of status:

status	Description
approved	Code is correct, verification successful
pending	Code is incorrect, but attempts are still available
expired	Code has expired
blocked	Attempt limit exceeded

HTTP error codes:

• 400 — invalid request format or JSON
• 401 — missing or invalid auth
• 413 — request body too large

---

Limits

• Code lifetime: by default 300 seconds (5 minutes), range 60–3600 seconds.
• Maximum attempts: by default 5.