SMS OTP and Mobile Verification API

A simple API for one-time password mobile verification via text message

We take the SMS headache out of mobile verification and one-time passwords (OTPs).

Use this API to verify user identity (mobile verification) or possession of a device (OTP/two-factor authentication):

  1. Send an SMS verification code - generate a secret code and send it to the user's phone.
  2. Verify the code - check the user's input against the code you just sent.

Since its creation, Textbelt has sent over 3 million texts and OTPs from the command line and other software clients!

Generate a verification code and send it via SMS

OTP generation does not require client libraries or an account. The verification code is automatically sent to the user's phone:

Curl Python Ruby Node.js PHP C# Java 
$ curl -X POST https://textbelt.com/otp/generate \
       --data-urlencode phone='5557727420' \
       --data-urlencode userid='myuser@site.com' \
       -d key=example_otp_key
Using the popular requests library: 
import requests
requests.post('https://textbelt.com/otp/generate', {
  'phone': '5557727420',
  'userid': 'myuser@site.com',
  'key': 'example_otp_key',
})
require 'net/http'
require 'uri'

uri = URI.parse("https://textbelt.com/otp/generate")
Net::HTTP.post_form(uri, {
  :phone => '5557727420',
  :userid => 'myuser@site.com',
  :key => 'example_otp_key',
})
Using the popular request library: 
var request = require('request');
request('https://textbelt.com/otp/generate', {
  body: {
    phone: '5557727420',
    userid: 'myuser@site.com',
    key: 'example_otp_key',
  },
})
using System;
using System.Collections.Specialized;
using System.Net;

using (WebClient client = new WebClient())
{
  byte[] response = client.UploadValues("http://textbelt.com/text", new NameValueCollection() {
    { "phone", "5557727420" },
    { "userid", "myuser@site.com" },
    { "key", "example_otp_key" },
  });

  string result = System.Text.Encoding.UTF8.GetString(response);
}
$ch = curl_init('https://textbelt.com/otp/generate');
$data = array(
  'phone' => '5557727420',
  'userid' => 'myuser@site.com',
  'key' => 'example_otp_key',
);

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
curl_close($ch);
Using the popular Apache HttpComponents library: 
final NameValuePair[] data = {
    new BasicNameValuePair("phone", "5557727420"),
    new BasicNameValuePair("userid", "myuser@site.com"),
    new BasicNameValuePair("key", "example_otp_key")
};
HttpClient httpClient = HttpClients.createMinimal();
HttpPost httpPost = new HttpPost("https://textbelt.com/otp/generate");
httpPost.setEntity(new UrlEncodedFormEntity(Arrays.asList(data)));
HttpResponse httpResponse = httpClient.execute(httpPost);

String responseString = EntityUtils.toString(httpResponse.getEntity());
JSONObject response = new JSONObject(responseString);

Try it now! userid can be anything that uniquely identifies users. Use key "example_otp_key" to send an example one-time password. You'll need your own key to send an actual OTP.

To text internationally, use the E.164 format when setting phone (+ country code with numbers, no spaces). For example, a Brazilian phone number is +5511912345678 and a UK phone number is +447712345678.

Verify an OTP from a user

After the user receives the text message, they'll input the verification code in your app. Textbelt will tell you if that code is valid.

Supply the otp to verify, a userid, and your Textbelt key via GET request:

https://textbelt.com/otp/verify?otp=123456&userid=myuser@site.com&key=example_otp_key

Send and verify OTPs by creating an API key:

Response Details

OTP generation (/otp/generate)

Example success API response from /otp/generate: 
{"success": true, "textId": "1234", "quotaRemaining": 70, "otp": "672383"}

Check success to determine whether the OTP was sent to the user. This means the user was sent a text containing an OTP. By default the message format is: "Your verification code is 672 383".

There are a few parameters you can add to your request: 

$ curl -X POST https://textbelt.com/otp/generate \
       --data-urlencode phone='5557727420' \
       --data-urlencode name='myuser@site.com' \
       --data-urlencode message='Nuclear launch code: $OTP! Use it to login.' \
       -d lifetime=120 \
       -d key=example_otp_key

Example out-of-quota or invalid key response from /otp/generate: 

{"success": false, "quotaRemaining": 0, "otp": ""}

OTP verification (/otp/verify)

Here's an example valid OTP response from /otp/verify. Check isValidOtp to decide whether the OTP has been approved: 

{"success": true, "isValidOtp": true}

Example response for an invalid OTP. Note that "success" indicates a successful response, not a successful OTP: 

{"success": true, "isValidOtp": false}

Get started

OTP keys are the same as normal Textbelt keys. This means you can mix and match your quota to send OTPs and normal text messages.

You're ready to go! Fill out the form below to generate a key.

Generate a key to send texts

If you already have one, add funds to an existing key.

Get Key

Get in touch

Any questions? Email support@textbelt.com, text +1 (650) 332-4607, or read the FAQ.

© 2017 Alioth LLC

Generate a key to send texts

If you already have one, add funds to an existing key.

Get Key
×

Fill your key

If you don't have one yet, generate a new key. Interested in a subscription? Contact us.

Textbelt has sent over 3 million text messages since 2012. If you're not happy with the service within 30 days of purchase, email us and we'll refund your unused text messages (subject to terms).

Add Funds via Credit Card
or

Credit cards processed by Stripe. Your card is charged once and not stored by Textbelt.

All set! Your key is ready to go:

You should record this key somewhere safe.

Done