SMS OTP and Mobile Verification

A simple API for one-time password mobile verification via text message

Textbelt is a no-nonsense API built for developers who want to send account verification SMS.

Thousands of clients prefer Textbelt over other SMS providers for our ease of setup, simple, predictable pricing packages, and personal support. Since its creation, Textbelt has sent millions of OTPs on behalf of thousands of companies.

Send verification SMS

We handle both steps of mobile identity and two-factor verification:

  1. Send an SMS verification code - generate a one-time code and send it to the user's phone.
  2. Verify the code - check the user's input against the code you just sent.

Create an API key   View pricing

Generate a verification code and send it via SMS

OTP generation does not require client libraries or an account. Here is a minimal example that sends a verification code to the user's phone:

  • Command Line
  • Python
  • Ruby
  • Node.js
  • PHP
  • C#
  • Java
$ curl -X POST https://textbelt.com/otp/generate \
--data-urlencode phone='5555555555' \
--data-urlencode userid='myuser@site.com' \
-d key=example_otp_key
Using the popular requests library:
import requests
resp = requests.post('https://textbelt.com/otp/generate', {
'phone': '5555555555',
'userid': 'myuser@site.com',
'key': 'example_otp_key',
})
print(resp.json())
require 'net/http'
require 'uri'

uri = URI.parse("https://textbelt.com/otp/generate")
Net::HTTP.post_form(uri, {
:phone => '5555555555',
:userid => 'myuser@site.com',
:key => 'example_otp_key',
})
Using the popular request library:
var request = require('request');
request('https://textbelt.com/otp/generate', {
body: {
phone: '5555555555',
userid: 'myuser@site.com',
key: 'example_otp_key',
},
})
using System;
using System.Collections.Specialized;
using System.Net;

using (WebClient client = new WebClient())
{
byte[] response = client.UploadValues("http://textbelt.com/text", new NameValueCollection() {
{ "phone", "5555555555" },
{ "userid", "myuser@site.com" },
{ "key", "example_otp_key" },
});

string result = System.Text.Encoding.UTF8.GetString(response);
}
$ch = curl_init('https://textbelt.com/otp/generate');
$data = array(
'phone' => '5555555555',
'userid' => 'myuser@site.com',
'key' => 'example_otp_key',
);

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
curl_close($ch);
Using the popular Apache HttpComponents library:
final NameValuePair[] data = {
new BasicNameValuePair("phone", "5555555555"),
new BasicNameValuePair("userid", "myuser@site.com"),
new BasicNameValuePair("key", "example_otp_key")
};
HttpClient httpClient = HttpClients.createMinimal();
HttpPost httpPost = new HttpPost("https://textbelt.com/otp/generate");
httpPost.setEntity(new UrlEncodedFormEntity(Arrays.asList(data)));
HttpResponse httpResponse = httpClient.execute(httpPost);

String responseString = EntityUtils.toString(httpResponse.getEntity());
JSONObject response = new JSONObject(responseString);

Try it now!userid can be anything that uniquely identifies users. Use key "example_otp_key" to send an example one-time password. You'll need your own key to send an actual OTP.

To text internationally, use the E.164 format when setting phone (+ country code with numbers, no spaces). For example, a Brazilian phone number is +5511912345678 and a UK phone number is +447712345678.

Verify OTP provided by a user

After the user receives the text message, they'll input the verification code in your app. Textbelt will tell you if that code is valid.

Supply the otp to verify, a userid, and your Textbelt key via GET request:

https://textbelt.com/otp/verify?otp=123456&userid=myuser@site.com&key=example_otp_key

Send and verify OTPs by creating an API key.

Customizing your OTP

There are a few parameters you can add to your /otp/generate request:

$ curl -X POST https://textbelt.com/otp/generate \
--data-urlencode phone='5557727420' \
--data-urlencode userid='myuser@site.com' \
--data-urlencode message='Nuclear launch code: $OTP! Use it to login.' \
-d lifetime=120 \
-d length=4 \
-d key=example_otp_key

Response Details

Example API response from the OTP generation endpoint /otp/generate:

{"success": true, "textId": "1234", "quotaRemaining": 70, "otp": "672383"}

Check success to determine whether the OTP was sent to the user. This means the user was sent a text containing an OTP. By default the message format is: "Your verification code is 672 383".

Example out-of-quota or invalid key response from /otp/generate:

{"success": false, "quotaRemaining": 0, "otp": ""}

Here's an example valid OTP response from OTP verification endpoint /otp/verify. Check isValidOtp to decide whether the OTP has been approved:

{"success": true, "isValidOtp": true}

Here's an example response for an invalid OTP. Note that "success" indicates a successful API response, not a successful OTP:

{"success": true, "isValidOtp": false}

Get started

OTP keys are the same as normal Textbelt keys. This means you can mix and match your quota to send OTPs and normal text messages. Create an API key to start sending and receiving SMS:

Generate an API key

Get in touch

Any questions? Email support@textbelt.com, text +1 (650) 332-4607, or read the FAQ.