Start SMS OTP Verification

This ExoVerify API is used to start an SMS OTP verification. Please ensure the following pre-requisites are taken care of before using this API

 

Please refer to following Sequence Diagram to understand the API hits flow:

The following data points are required to start using this API:

  • App ID (generated after creating an SMS OTP app on ExoVerify)
  • App Secret (generated after creating an SMS OTP app on ExoVerify)
  • Account Sid (Can be seen on the top left side of this page)
POST

https://exoverify.exotel.com/v2/accounts/{account_sid}/verifications/sms

Replace {account_sid} with your Account SID (Find it on the top left side of this page)

The following are the Body Parameters of the API Request

Parameter Name Mandatory/Optional Value / Description
application_id Mandatory Indicates the Exoverify SMS App to be used for the verification request.
phone_number Mandatory Indicates the phone number that needs to be verified. It must be in the E164 format.
replace_vars Optional A list of variables that are to be used for replacing {#var#} placeholders in a  DLT approved SMS Template that has variables apart from the OTP itself. For instance, if you have two occurrences of {#var#} in your template, and specify a list of two strings for the “replace_vars“ array parameter - the replacement of each {#var#} will be done with each item in the list using the order of the items in the list, from left to right. 
{
"application_id": "f5b1c365648e6f50fd1b29634a5e166e",
"phone_number": "+916666666666"
}
{
"application_id": "f5b1c365648e6f50fd1b29634a5e166e",
"phone_number": "+916666666666",
"replace_vars": ["John", "Doe"]
}
{
  "request_id":"881cf11407d54595a6902267d05eff4a",
  "method":"POST",
  "http_code":200,
  "response":{
    "code":200,
    "error_data":null,
    "status":"success",
    "data":{
      "verification_id":"463fac2fa3ece58c6551e296c1b9167c",
      "phone_number":"+918637XX2391",
      "application_id":"f5b1c365648e6f50fd1b29633a5e166e",
      "account_sid":"google",
      "max_attempts":10,
      "expiration_in_seconds":60,
      "url":"/v2/accounts/google/sms/verifications/463fac2fa3ece58c6551e296c1b9167c",
      "created_at":"2022-07-12T12:13:16Z",
      "updated_at":"2022-07-12T12:13:16Z"
    }
  }
}
{
  "request_id":"6d9de1b5576b446692ffd9d1c1620c8e",
  "method":"POST",
  "http_code":400,
  "response":{
    "code":400,
    "error_data":{
      "code":1002,
      "description":"ApplicationId in Body and Authorization Header should be same",
      "message":"Invalid parameter"
    },
    "status":"failure",
    "data":null
  }
}

The following are a sample list of the HTTP codes and corresponding error codes that can encountered in the event of a failure. 

HTTP Code 

Error Code

Description

400

1001

Mandatory Parameter missing

400

1002

Invalid parameter

400

1005

Mandatory Body Parameters missing

401

1010

Authentication failed

403

1012

Forbidden Operation

403

1015

Verification has been denied

404

1000

Not Found

429

1030

Throttle limit Breached for Sending Sms

500

1110

Internal Server Error

500

1123

Internal Server Error

500

1120

Internal Server Error