×

Start SMS OTP Verification Beta

This ExoVerify API is used to start an SMS OTP verification. Please ensure the following pre-requisites are taken care of before using this API

 

Please refer to following Sequence Diagram to understand the API hits flow:

The following data points are required to start using this API:

  • App ID (generated after creating an SMS OTP app on ExoVerify)
  • App Secret (generated after creating an SMS OTP app on ExoVerify)
  • Account Sid (Can be seen on the top left side of this page)
POST

https://exoverify.exotel.com/v2/accounts/{account_sid}/verifications/sms

Replace {account_sid} with your Account SID (Find it on the top left side of this page)

The following are the Body Parameters of the API Request

Parameter Name Mandatory/Optional Value / Description
application_id Mandatory Indicates the Exoverify SMS App to be used for the verification request.
phone_number Mandatory Indicates the phone number that needs to be verified. It must be in the E164 format.
replace_vars Optional A list of variables that are to be used for replacing {#var#} placeholders in a  DLT approved SMS Template that has variables apart from the OTP itself. For instance, if you have two occurrences of {#var#} in your template, and specify a list of two strings for the “replace_vars“ array parameter - the replacement of each {#var#} will be done with each item in the list using the order of the items in the list, from left to right. 
{
"application_id": "f5b1c365648e6f50fd1b29634a5e166e",
"phone_number": "+916666666666"
}
{
"application_id": "f5b1c365648e6f50fd1b29634a5e166e",
"phone_number": "+916666666666",
"replace_vars": ["John", "Doe"]
}
{
  "request_id":"881cf11407d54595a6902267d05eff4a",
  "method":"POST",
  "http_code":200,
  "response":{
    "code":200,
    "error_data":null,
    "status":"success",
    "data":{
      "verification_id":"463fac2fa3ece58c6551e296c1b9167c",
      "phone_number":"+918637XX2391",
      "application_id":"f5b1c365648e6f50fd1b29633a5e166e",
      "account_sid":"google",
      "max_attempts":10,
      "expiration_in_seconds":60,
      "url":"/v2/accounts/google/sms/verifications/463fac2fa3ece58c6551e296c1b9167c",
      "created_at":"2022-07-12T12:13:16Z",
      "updated_at":"2022-07-12T12:13:16Z"
    }
  }
}
{
  "request_id":"6d9de1b5576b446692ffd9d1c1620c8e",
  "method":"POST",
  "http_code":400,
  "response":{
    "code":400,
    "error_data":{
      "code":1002,
      "description":"ApplicationId in Body and Authorization Header should be same",
      "message":"Invalid parameter"
    },
    "status":"failure",
    "data":null
  }
}

The following are a sample list of the HTTP codes and corresponding error codes that can encountered in the event of a failure. 

HTTP Code 

Error Code

Description

400

1001

Mandatory Parameter missing

400

1002

Invalid parameter

400

1005

Mandatory Body Parameters missing

401

1010

Authentication failed

403

1012

Forbidden Operation

403

1015

Verification has been denied

404

1000

Not Found

429

1030

Throttle limit Breached for Sending Sms

500

1110

Internal Server Error

500

1123

Internal Server Error

500

1120

Internal Server Error


Verify OTP API Beta

This ExoVerify API is used to verify if the OTP entered by the user is correct or not

POST

https://exoverify.exotel.com/v2/accounts/{account_sid}/verifications/sms/{verification_id}

Replace {account_sid} with your Account SID (Find it on the top left side of this page)
Replace {verification_id} with the Verification ID as received in the response of the Start Verification API request

The following are the Body Parameters of the API Request

Parameter Name Mandatory/Optional Value / Description
OTP Mandatory The user entered OTP that is to be verified
{
"OTP": "576389"
}
{
  "request_id":"48f97c0f1cca46b09fb0e4255ef8a4eb",
  "method":"POST",
  "http_code":200,
  "response":{
    "code":200,
    "error_data":null,
    "status":"success",
    "data":{
      "verification_id":"12c705bc55de82cc96f9d543cf77167c",
      "application_id":"f5b1c365648e6f50fd1b29633a5e166e",
      "account_sid":"Zomato5",
      "status":"success",
      "created_at":"2022-07-12T12:15:55+05:30",
      "updated_at":"2022-07-12T12:15:55+05:30"
    }
  }
}
{
  "request_id":"34f1bed8b4f246049e894d44d588d911",
  "method":"POST",
  "http_code":403,
  "response":{
    "code":403,
    "error_data":{
      "code":1003,
      "description":"VerificationId already verified.",
      "message":"Authentication failed"
    },
    "status":"failure",
    "data":null
  }
}

The following are a sample list of the HTTP codes and corresponding error codes that can encountered in the event of a failure. 

Http Code

Error Code 

Description

400

1210

OTP has expired

400

1211

Invalid OTP Entered

400

1210

Mandatory Body Parameters missing

401

1010

Authentication failed

403

1017

VerificationId already verified

403

1012

Forbidden Operation

403

1016

Maximum allowed verification attempts has been made

404

1000

Not Found

500

1110

Internal Server Error

500

1120

Internal server error


nOTP

nOTP is a No-OTP verification mechanism under ExoVerify from Exotel that helps secure your business by verifying customer identity based upon their mobile number.

Available as an SDK for Android phones only, nOTP allows users to verify with absolutely no actions from their end. All they have to do is enter their phone number, and click on the ‘verify’ button. Everything else happens automatically, and the number gets securely verified. nOTP works without an SMS. It is simple and makes number authentication foolproof by ensuring that the mobile number and the user's device are tightly coupled at the time of verification. 

nOTP works with the SDK automatically intercepts a phone call triggered by Exotel to the mobile number seeking verification, allowing you to verify your users seamlessly with zero user interaction.

Using the SDK, you can have nOTP verification into your existing android apps with just a few lines of code.

Please refer to this Sequence Diagram to understand the back-end magic of nOTP