You can test these APIs on postman! Click here.
This ExoVerify API is used to start an SMS OTP verification. Please ensure the following pre-requisites are taken care of before using this API
Please refer to following Sequence Diagram to understand the API hits flow:
The following data points are required to start using this API:
Please use the following Headers in the API Request:
1. Authorization: Basic <credentials>
<credentials> is a Base64 encoded value of “Application_ID:Application_Secret” (ignore quotes).
2. Content-Type: application/json
https://exoverify.exotel.com/v2/accounts/{account_sid}/verifications/sms
Replace {account_sid} with your Account SID (Find it on the top left side of this page)
The following are the Body Parameters of the API Request
| Parameter Name | Mandatory/Optional | Value / Description |
| application_id | Mandatory | Indicates the Exoverify SMS App to be used for the verification request. |
| phone_number | Mandatory | Indicates the phone number that needs to be verified. It must be in the E164 format. |
| replace_vars | Optional | A list of variables that are to be used for replacing {#var#} placeholders in a DLT approved SMS Template that has variables apart from the OTP itself. For instance, if you have two occurrences of {#var#} in your template, and specify a list of two strings for the “replace_vars“ array parameter - the replacement of each {#var#} will be done with each item in the list using the order of the items in the list, from left to right. |
{
"application_id": "f5b1c365648e6f50fd1b29634a5e166e",
"phone_number": "+916666666666"
}
{
"application_id": "f5b1c365648e6f50fd1b29634a5e166e",
"phone_number": "+916666666666",
"replace_vars": ["John", "Doe"]
}
{
"request_id":"881cf11407d54595a6902267d05eff4a",
"method":"POST",
"http_code":200,
"response":{
"code":200,
"error_data":null,
"status":"success",
"data":{
"verification_id":"463fac2fa3ece58c6551e296c1b9167c",
"phone_number":"+918637XX2391",
"application_id":"f5b1c365648e6f50fd1b29633a5e166e",
"account_sid":"google",
"max_attempts":10,
"expiration_in_seconds":60,
"url":"/v2/accounts/google/sms/verifications/463fac2fa3ece58c6551e296c1b9167c",
"created_at":"2022-07-12T12:13:16Z",
"updated_at":"2022-07-12T12:13:16Z"
}
}
}
{
"request_id":"6d9de1b5576b446692ffd9d1c1620c8e",
"method":"POST",
"http_code":400,
"response":{
"code":400,
"error_data":{
"code":1002,
"description":"ApplicationId in Body and Authorization Header should be same",
"message":"Invalid parameter"
},
"status":"failure",
"data":null
}
}
The following are a sample list of the HTTP codes and corresponding error codes that can encountered in the event of a failure.
|
400 |
1001 |
Mandatory Parameter missing |
|
400 |
1002 |
Invalid parameter |
|
400 |
1005 |
Mandatory Body Parameters missing |
|
401 |
1010 |
Authentication failed |
|
403 |
1012 |
Forbidden Operation |
|
403 |
1015 |
Verification has been denied |
|
404 |
1000 |
Not Found |
|
429 |
1030 |
Throttle limit Breached for Sending Sms |
|
500 |
1110 |
Internal Server Error |
|
500 |
1123 |
Internal Server Error |
|
500 |
1120 |
Internal Server Error |
This ExoVerify API is used to verify if the OTP entered by the user is correct or not
Note: Please ensure you use this API only after successfully creating an SMS OTP app on ExoVerify. The following data points are a pre-requisite to using this API:
This API can be used only after the Start Verification API has been hit successfully.
Please use the following Headers in the API Request:
1. Authorization: Basic <credentials>
<credentials> is a Base64 encoded value of “Application_ID:Application_Secret” (ignore quotes).
2. Content-Type: application/json
https://exoverify.exotel.com/v2/accounts/{account_sid}/verifications/sms/{verification_id}
Replace {account_sid} with your Account SID (Find it on the top left side of this page)
Replace {verification_id} with the Verification ID as received in the response of the Start Verification API request
The following are the Body Parameters of the API Request
| Parameter Name | Mandatory/Optional | Value / Description |
| OTP | Mandatory | The user entered OTP that is to be verified |
{
"OTP": "576389"
}
{
"request_id":"48f97c0f1cca46b09fb0e4255ef8a4eb",
"method":"POST",
"http_code":200,
"response":{
"code":200,
"error_data":null,
"status":"success",
"data":{
"verification_id":"12c705bc55de82cc96f9d543cf77167c",
"application_id":"f5b1c365648e6f50fd1b29633a5e166e",
"account_sid":"Zomato5",
"status":"success",
"created_at":"2022-07-12T12:15:55+05:30",
"updated_at":"2022-07-12T12:15:55+05:30"
}
}
}
{
"request_id":"34f1bed8b4f246049e894d44d588d911",
"method":"POST",
"http_code":403,
"response":{
"code":403,
"error_data":{
"code":1003,
"description":"VerificationId already verified.",
"message":"Authentication failed"
},
"status":"failure",
"data":null
}
}
The following are a sample list of the HTTP codes and corresponding error codes that can encountered in the event of a failure.
|
400 |
1210 |
OTP has expired |
|
400 |
1211 |
Invalid OTP Entered |
|
400 |
1210 |
Mandatory Body Parameters missing |
|
401 |
1010 |
Authentication failed |
|
403 |
1017 |
VerificationId already verified |
|
403 |
1012 |
Forbidden Operation |
|
403 |
1016 |
Maximum allowed verification attempts has been made |
|
404 |
1000 |
Not Found |
|
500 |
1110 |
Internal Server Error |
|
500 |
1120 |
Internal server error |