SMS OTP and Mobile Verification API

A simple API for one-time password mobile verification via text message

We take the SMS headache out of mobile verification and one-time passwords (OTPs).

Use this API to verify user identity (mobile verification) or possession of a device (OTP/two-factor authentication):

  1. Send an SMS verification code - generate a secret code and send it to the user's phone.
  2. Verify the code - check the user's input against the code you just sent.

Since its creation, Textbelt has sent over 3 million texts and OTPs from the command line and other software clients!

Generate a verification code and send it via SMS

OTP generation does not require client libraries or an account. The verification code is automatically sent to the user's phone:

$ curl -X POST https://textbelt.com/otp/generate \
       --data-urlencode phone='5557727420' \
       --data-urlencode userid='[email protected]' \
       -d key=example_otp_key
Using the popular requests library:
import requests
requests.post('https://textbelt.com/otp/generate', {
  'phone': '5557727420',
  'userid': '[email protected]',
  'key': 'example_otp_key',
})
require 'net/http'
require 'uri'

uri = URI.parse("https://textbelt.com/otp/generate")
Net::HTTP.post_form(uri, {
  :phone => '5557727420',
  :userid => '[email protected]',
  :key => 'example_otp_key',
})
Using the popular request library:
var request = require('request');
request('https://textbelt.com/otp/generate', {
  body: {
    phone: '5557727420',
    userid: '[email protected]',
    key: 'example_otp_key',
  },
})
using System;
using System.Collections.Specialized;
using System.Net;

using (WebClient client = new WebClient())
{
  byte[] response = client.UploadValues("http://textbelt.com/text", new NameValueCollection() {
    { "phone", "5557727420" },
    { "userid", "[email protected]" },
    { "key", "example_otp_key" },
  });

  string result = System.Text.Encoding.UTF8.GetString(response);
}
$ch = curl_init('https://textbelt.com/otp/generate');
$data = array(
  'phone' => '5557727420',
  'userid' => '[email protected]',
  'key' => 'example_otp_key',
);

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
curl_close($ch);
Using the popular Apache HttpComponents library:
final NameValuePair[] data = {
    new BasicNameValuePair("phone", "5557727420"),
    new BasicNameValuePair("userid", "[email protected]"),
    new BasicNameValuePair("key", "example_otp_key")
};
HttpClient httpClient = HttpClients.createMinimal();
HttpPost httpPost = new HttpPost("https://textbelt.com/otp/generate");
httpPost.setEntity(new UrlEncodedFormEntity(Arrays.asList(data)));
HttpResponse httpResponse = httpClient.execute(httpPost);

String responseString = EntityUtils.toString(httpResponse.getEntity());
JSONObject response = new JSONObject(responseString);

Try it now! userid can be anything that uniquely identifies users. Use key "example_otp_key" to send an example one-time password. You'll need your own key to send an actual OTP.

To text internationally, use the E.164 format when setting phone (+ country code with numbers, no spaces). For example, a Brazilian phone number is +5511912345678 and a UK phone number is +447712345678.

Verify an OTP from a user

After the user receives the text message, they'll input the verification code in your app. Textbelt will tell you if that code is valid.

Supply the otp to verify, a userid, and your Textbelt key via GET request:

https://textbelt.com/otp/verify?otp=123456&userid[email protected]&key=example_otp_key

Send and verify OTPs by creating an API key:

Response Details

OTP generation (/otp/generate)

Example success API response from /otp/generate:
{"success": true, "textId": "1234", "quotaRemaining": 70, "otp": "672383"}

Check success to determine whether the OTP was sent to the user. This means the user was sent a text containing an OTP. By default the message format is: "Your verification code is 672 383".

There are a few parameters you can add to your request:

$ curl -X POST https://textbelt.com/otp/generate \
       --data-urlencode phone='5557727420' \
       --data-urlencode name='[email protected]' \
       --data-urlencode message='Nuclear launch code: $OTP! Use it to login.' \
       -d lifetime=120 \
       -d key=example_otp_key

Example out-of-quota or invalid key response from /otp/generate:

{"success": false, "quotaRemaining": 0, "otp": ""}

OTP verification (/otp/verify)

Here's an example valid OTP response from /otp/verify. Check isValidOtp to decide whether the OTP has been approved:

{"success": true, "isValidOtp": true}

Example response for an invalid OTP. Note that "success" indicates a successful response, not a successful OTP:

{"success": true, "isValidOtp": false}

Get started

OTP keys are the same as normal Textbelt keys. This means you can mix and match your quota to send OTPs and normal text messages.

You're ready to go! Fill out the form below to generate a key.

Generate a key to send texts

If you already have one, add funds to an existing key.

Get Key

Get in touch

Any questions? Email [email protected], text +1 (650) 332-4607, or read the FAQ.