SMS OTP and Mobile Verification API

A simple API for one-time password mobile verification via text message

Use this API to verify user identity (mobile verification) or possession of a device (OTP/two-factor authentication):

  1. Send an SMS verification code - generate a secret code and send it to the user's phone.
  2. Verify the code - check the user's input against the code you just sent.

Since its creation, the Textbelt SMS gateway has sent millions of OTPs on behalf of thousands of companies.

Generate a verification code and send it via SMS

OTP generation does not require client libraries or an account. The verification code is automatically sent to the user's phone:

$ curl -X POST \
       --data-urlencode phone='5555555555' \
       --data-urlencode userid='' \
       -d key=example_otp_key
Using the popular requests library:
import requests
resp ='', {
  'phone': '5555555555',
  'userid': '',
  'key': 'example_otp_key',
require 'net/http'
require 'uri'

uri = URI.parse("")
Net::HTTP.post_form(uri, {
  :phone => '5555555555',
  :userid => '',
  :key => 'example_otp_key',
Using the popular request library:
var request = require('request');
request('', {
  body: {
    phone: '5555555555',
    userid: '',
    key: 'example_otp_key',
using System;
using System.Collections.Specialized;
using System.Net;

using (WebClient client = new WebClient())
  byte[] response = client.UploadValues("", new NameValueCollection() {
    { "phone", "5555555555" },
    { "userid", "" },
    { "key", "example_otp_key" },

  string result = System.Text.Encoding.UTF8.GetString(response);
$ch = curl_init('');
$data = array(
  'phone' => '5555555555',
  'userid' => '',
  'key' => 'example_otp_key',

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
Using the popular Apache HttpComponents library:
final NameValuePair[] data = {
    new BasicNameValuePair("phone", "5555555555"),
    new BasicNameValuePair("userid", ""),
    new BasicNameValuePair("key", "example_otp_key")
HttpClient httpClient = HttpClients.createMinimal();
HttpPost httpPost = new HttpPost("");
httpPost.setEntity(new UrlEncodedFormEntity(Arrays.asList(data)));
HttpResponse httpResponse = httpClient.execute(httpPost);

String responseString = EntityUtils.toString(httpResponse.getEntity());
JSONObject response = new JSONObject(responseString);

Try it now! userid can be anything that uniquely identifies users. Use key "example_otp_key" to send an example one-time password. You'll need your own key to send an actual OTP.

To text internationally, use the E.164 format when setting phone (+ country code with numbers, no spaces). For example, a Brazilian phone number is +5511912345678 and a UK phone number is +447712345678.

Verify an OTP from a user

After the user receives the text message, they'll input the verification code in your app. Textbelt will tell you if that code is valid.

Supply the otp to verify, a userid, and your Textbelt key via GET request:

Send and verify OTPs by creating an API key:

Response Details

OTP generation (/otp/generate)

Example success API response from /otp/generate:
{"success": true, "textId": "1234", "quotaRemaining": 70, "otp": "672383"}

Check success to determine whether the OTP was sent to the user. This means the user was sent a text containing an OTP. By default the message format is: "Your verification code is 672 383".

There are a few parameters you can add to your request:

$ curl -X POST \
       --data-urlencode phone='5557727420' \
       --data-urlencode userid='' \
       --data-urlencode message='Nuclear launch code: $OTP! Use it to login.' \
       -d lifetime=120 \
       -d length=4 \
       -d key=example_otp_key

Example out-of-quota or invalid key response from /otp/generate:

{"success": false, "quotaRemaining": 0, "otp": ""}

OTP verification (/otp/verify)

Here's an example valid OTP response from /otp/verify. Check isValidOtp to decide whether the OTP has been approved:

{"success": true, "isValidOtp": true}

Example response for an invalid OTP. Note that "success" indicates a successful response, not a successful OTP:

{"success": true, "isValidOtp": false}

Get started

OTP keys are the same as normal Textbelt keys. This means you can mix and match your quota to send OTPs and normal text messages.

You're ready to go! Fill out the form below to generate a key.

Generate an API key to send texts

If you already have one, add funds to an existing key.

Get Key

Get in touch

Any questions? Email, text +1 (650) 332-4607, or read the FAQ.