The Verify API enables you to generate, send, and verify OTP codes for the SMS channel. After you create a channel for your brand, you can later edit and update its templates.
Endpoint and Headers
Visit our Postman collection to test this request.
Headers
| Header | Sample Value | Description |
|---|---|---|
| X-INS-AUTH-KEY | 1a2b3c4d5e6f | This key is required to authorize your request. Refer to API Authentication Tokens to generate your token. |
| Content-Type | application/json | This header specifies the media type of the resource. |
Body Parameters
| Parameter | Description | Data Type | Required | Rules |
|---|---|---|---|---|
| channel | Channel that you will send the OTP code. | String | Yes | oneof:sms |
| locale | Determines the language/locale in which the OTP code message will be sent. | String | Yes | oneof:de en es fr it ja nl pt ru tr |
| text | Defines the template text that will be used for generating OTP code messages. | String | Yes | max:100 |
Sample Request
Every request made to the request endpoint requires a request body formatted in JSON and containing your parameters.
Below is a sample request to update an SMS verification template with localized text.
curl --location 'verify.useinsider.com/v1/template/update' \
--header 'Content-Type: application/json' \
--header 'x-ins-auth-key: 1a2b3c4d5e6f' \
--data '{
"channel": "sms",
"locale": "en",
"text": "Your {brandName} verification code is: {code}"
}'Sample Responses
202 Accepted
This response indicates that your request was successfully completed.
{
"status": "success"
}400 Bad Request
{
"errors": [
{
"message": "invalid request payload"
}
]
}400 Bad Request
{
"errors": [
{
"message": "this field is required",
"field": "text"
}
]
}401 Unauthorized
{
"errors": [
{
"message": "unauthorized"
}
]
}409 Conflict
{
"errors": [
{
"message": "no changes detected"
}
]
}This response indicates that the server did not detect any updates in your request.
You’re sending an update/patch/modify request, but the values in your request body are identical to the existing record. So, the server is essentially indicating that there is no difference between what you just sent and what it already has.
Some APIs can also return a 200 OK response, treating the request as idempotent, but others return a 409 Conflict because, technically, an update was requested, but there was nothing to update.
429 Too Many Requests
{
"errors": [
{
"message": "rate limit exceeded"
}
]
}500 Internal Service Error
{
"errors": [
{
"message": "server error"
}
]
}Limitations
- All functions must be executed with a simple HTTPS POST request.
- The API Key should be provided as the authorization key in the request header. If the key is incorrect, the operation will not be executed, and an authorization error will be returned in the response.
- The rate limit is 25 requests per minute.
The default limit shown here is a standard baseline. If your use case requires higher capacity, feel free to reach out to the Insider One team — we can adjust it to fit your needs.