Verify OTP Codes

The Verify API enables you to generate, send, and verify OTP codes for the WhatsApp channel. You can utilize this API to generate OTP codes as defined in the payloads. Integrating it into your websites or apps, you can trigger it on login pages, payment pages, and more.

After you create your channel for your brand and update the templates, you need to perform the verification action for your OTP.

Endpoint and Headers

POST https://verify.useinsider.com/v1/check/

Your title goes here

This API key is sensitive and should never be used on the frontend or mobile SDK; it should only be implemented on the backend.

Visit our Postman collection to test this request.

Headers

Header	Sample Value	Description
X-INS-AUTH-KEY	1a2b3c4d5e6f	This key is required to authorize your request. Refer to API Authentication Tokens to generate your token.
Content-Type	application/json	This header specifies the media type of the resource.

Body Parameters

Parameter	Description	Data Type	Required	Rules
to	Specifies the destination phone number in E.164 format to which the OTP code will be sent.	String	Yes	e164
code	Represents the OTP code provided for verification. The code length must be between 4 and 8 digits.	Integer	No (Default: 4)	min:4 max:8

Sample Request

Every request made to the request endpoint requires a request body formatted in JSON and containing your parameters.

Your title goes here

Make sure to replace the sample values in the request header(s) and body where required before sending your request.

Below is a sample request to verify a user’s WhatsApp code by checking the number and code combination.

curl --location 'verify.useinsider.com/v1/check/' \
--header 'Content-Type: application/json' \
--header 'x-ins-auth-key: 1a2b3c4d5e6f' \
--data '{
    "to": "+905XXXXXXXXX",
    "code": 1234
}'

Sample Responses

202 Accepted

This response indicates that your request was successfully completed.

{
    "status": "success"
}

400 Bad Request: Invalid request payload

{
    "errors": [
        {
            "message": "invalid request payload"
        }
    ]
}

422 Unprocessable Entity: Invalid code

{
    "errors": [
        {
            "message": "invalid code"
        }
    ]
}

401 Unauthorized

{
    "errors": [
        {
            "message": "unauthorized"
        }
    ]
}

404 Not found: Code not found

{
    "errors": [
        {
            "message": "code not found",
            "field": "code"
        }
    ]
}

429 Too Many Requests: Rate limit exceeded

{
    "errors": [
        {
            "message": "rate limit exceeded"
        }
    ]
}

429 Too Many Requests: Maximum attempts exceeded

{
    "errors": [
        {
            "message": "maximum attempts exceeded",
            "field": "code"
        }
    ]
}

500 Internal Server Error

{
    "errors": [
        {
            "message": "server error"
        }
    ]
}

Limitations

All functions must be executed with a simple HTTPS POST request.
The API Key should be provided as the authorization key in the request header. If the key is incorrect, the operation will not be executed, and an authorization error will be returned in the response.
The service is subject to a rate limit of 10 requests per minute to ensure optimal system performance, and clients exceeding this limit will receive an HTTP 429 Too Many Requests response.

The default limit shown here is a standard baseline. If your use case requires higher capacity, feel free to reach out to the Insider One team — we can adjust it to fit your needs.