June 13, 2019 · Getting Started otp

Sending OTP mobile verification codes with Textbelt

This post describes how to send OTP (one-time password) to a mobile phone using the Textbelt OTP API.  An OTP is usually a string of 4-6 digits.  

One-time passwords or verification codes are a common way to verify that user accounts are actually attached to a provided phone number.  This approach may help to reduce potential for abuse by making sure that accounts are mapped to unique phone numbers.

There are many services that provide OTP capabilities, but we built Textbelt as a simple alternative.  Head to our OTP and mobile verification signup page to get started.

Step 1: Generate the OTP

The OTP generation API lives at textbelt.com/otp/generate and takes these variables:

Here's a minimal example to send a verification code, which you can run from the command line using curl:

curl -X POST https://textbelt.com/otp/generate \
       --data-urlencode phone='5551234567' \
       --data-urlencode userid='[email protected]' \
       -d key=example_otp_key

This will send a message to phone number 555-123-4567 that says "Your verification code is 9999999".

Because it's just an HTTP POST request, you can make this work in any language of your choosing.  Here's the same example in Python:

import requests

requests.post('https://textbelt.com/otp/generate', {
  'phone': '5557727420',
  'userid': '[email protected]',
  'key': 'example_otp_key',
})

The response is a JSON object.  Make sure that success == true:

{"success": true, "textId": "1234", "quotaRemaining": 70, "otp": "672383"}

See the OTP homepage for further examples.

Step 2: Verify the code

We sent a code to the user in the previous step.  Now the user will take the code and enter it on your website or app.  The next step is to validate the code entered by the user.

This verification is done using the textbelt.com/otp/verify endpoint.  It takes the following parameters:

Put these params together in a simple GET request:

https://textbelt.com/otp/verify?otp=123456&userid[email protected]&key=example_otp_key

Here's the curl/bash equivalent:

curl 'https://textbelt.com/otp/verify?otp=123456&[email protected]&key=example_otp_key'

And the Python equivalent:

import requests

requests.get('https://textbelt.com/otp/verify?otp=123456&[email protected]&key=example_otp_key')

Again, the response is a JSON object.  Make sure that success and isValidOtp == true:

{"success": true, "isValidOtp": true}

Conclusion

That's it.  Textbelt abstracts the need to generate verification codes, track usage and expiry, and manage SMS in your own application.

Why consider Textbelt over other OTP providers?

  1. Quick setup: Other providers require you to create an account, purchase a phone number, verify your account, download and set up a special library with SID and auth, etc. None of this is necessary if you just want to send a text or OTP. Textbelt has no login, no extra libraries, and exactly one credential.
  2. Flat pricing: Pricing by region (North America, Europe, Asia, etc) rather than by country + provider which leads to literally thousands of different rates.
  3. Low-budget friendly: Other services require a ~$20 purchase up-front. Our 1 quota = 1 sms means we can sell small packages. The smallest package is $3 - a good price point for prototyping.
  4. Based on open-source: We got our start as an open-source project and we give back to developers.  A free version of Textbelt is open source on Github: https://github.com/typpo/textbelt
  5. Fast, personal support: If you have any questions about sending OTP verification codes or using the Textbelt API, send us an email at [email protected] - we will get back to you very quickly!