Verify API: Verify OTP Codes

The Verify API enables you to generate, send, and verify OTP codes for the SMS channel. You can utilize this API to generate OTP codes as defined in the payloads. Integrating it into your own websites or apps, you can trigger it on login pages, payment pages, and more.

After you create your channel for your brand and update the templates, you need to perform the verification action for your OTP to send it via SMS.

Endpoint and Headers

POST https://verify.useinsider.com/v1/check

This API key is sensitive and should only be implemented on the backend. Using it on the frontend or mobile SDK may pose security risks.

Visit our Postman collection to test this request.

Headers

Header	Sample Value	Description
X-INS-AUTH-KEY	1a2b3c4d5e6f	This key is required to authorize your request. Refer to API Authentication Tokens to generate your token.
Content-Type	application/json	This header specifies the media type of the resource.

Body Parameters

Parameter	Description	Data Type	Required	Rules
to	Specifies the destination phone number in E.164 format to which the OTP code will be sent.	String	Yes	e164
code	Represents the OTP code provided for verification. The code length must be between 4 and 8 digits.	Integer	No (Default: 4)	min:4 max:8
callback	The endpoint that you define to receive the webhook events	String	No	must be a valid URL

Sample Request

Every request made to the request endpoint requires a request body formatted in JSON and containing your parameters.

Before sending your request, make sure to replace the sample values in the request header(s) and body where required.

Below is a sample request to generate and send a verification code via SMS with a callback URL.

curl --location 'https://verify.useinsider.com/v1/generate' \
--header 'Content-Type: application/json' \
--header 'x-ins-auth-key: 1a2b3c4d5e6f' \
--data '{
    "channel": "sms",
    "to": "+905XXXXXXXXX",
    "callback": "http://callback.url"
}'

Sample Responses

202 Accepted

This response indicates that your request was completed successfully.

{
    "status": "success"
}

400 Bad Request

{
    "errors": [
        {
            "message": "invalid request payload"
        }
    ]
}

401 Unauthorized

{
    "errors": [
        {
            "message": "invalid code"
        }
    ]
}

401 Unauthorized

{
    "errors": [
        {
            "message": "unauthorized"
        }
    ]
}

404 Not found

{
    "errors": [
        {
            "message": "code not found",
            "field": "code"
        }
    ]
}

429 Too Many Requests

{
    "errors": [
        {
            "message": "rate limit exceeded"
        }
    ]
}

429 Too Many Requests

{
    "errors": [
        {
            "message": "maximum attempts exceeded",
            "field": "code"
        }
    ]
}

500 Internal Server Error

{
    "errors": [
        {
            "message": "server error"
        }
    ]
}

Limitations

All functions must be executed with a simple HTTPS POST request.
The API Key should be provided as the authorization key in the request header. If the key is incorrect, the operation will not be executed, and an authorization error will be returned in the response.
The rate limit is 250 requests per minute.

The default limit shown here is a standard baseline. If your use case requires higher capacity, feel free to reach out to the Insider One team — we can adjust it to fit your needs.