Exotel Developer Portal

You can test these APIs on postman! Click here.

This ExoVerify API is used to start an SMS OTP verification. Please ensure the following pre-requisites are taken care of before using this API

Please refer to following Sequence Diagram to understand the API hits flow:

The following data points are required to start using this API:

App ID (generated after creating an SMS OTP app on ExoVerify)
App Secret (generated after creating an SMS OTP app on ExoVerify)
Account Sid (Can be seen on the top left side of this page)

Please use the following Headers in the API Request:
1. Authorization: Basic <credentials>
<credentials> is a Base64 encoded value of “Application_ID:Application_Secret” (ignore quotes).
2. Content-Type: application/json

POST

https://exoverify.exotel.com/v2/accounts/{account_sid}/verifications/sms

Replace {account_sid} with your Account SID (Find it on the top left side of this page)

The following are the Body Parameters of the API Request

Parameter Name	Mandatory/Optional	Value / Description
application_id	Mandatory	Indicates the Exoverify SMS App to be used for the verification request.
phone_number	Mandatory	Indicates the phone number that needs to be verified. It must be in the E164 format.
replace_vars	Optional	A list of variables that are to be used for replacing {#var#} placeholders in a DLT approved SMS Template that has variables apart from the OTP itself. For instance, if you have two occurrences of {#var#} in your template, and specify a list of two strings for the “replace_vars“ array parameter - the replacement of each {#var#} will be done with each item in the list using the order of the items in the list, from left to right.

Example Request
JSON

{
"application_id": "f5b1c365648e6f50fd1b29634a5e166e",
"phone_number": "+916666666666"
}

Example Request (Multi-Variable SMS Template)
JSON

{
"application_id": "f5b1c365648e6f50fd1b29634a5e166e",
"phone_number": "+916666666666",
"replace_vars": ["John", "Doe"]
}

Example Response on Success
JSON

{
  "request_id":"881cf11407d54595a6902267d05eff4a",
  "method":"POST",
  "http_code":200,
  "response":{
    "code":200,
    "error_data":null,
    "status":"success",
    "data":{
      "verification_id":"463fac2fa3ece58c6551e296c1b9167c",
      "phone_number":"+918637XX2391",
      "application_id":"f5b1c365648e6f50fd1b29633a5e166e",
      "account_sid":"google",
      "max_attempts":10,
      "expiration_in_seconds":60,
      "url":"/v2/accounts/google/sms/verifications/463fac2fa3ece58c6551e296c1b9167c",
      "created_at":"2022-07-12T12:13:16Z",
      "updated_at":"2022-07-12T12:13:16Z"
    }
  }
}

Example Response on Failure
JSON

{
  "request_id":"6d9de1b5576b446692ffd9d1c1620c8e",
  "method":"POST",
  "http_code":400,
  "response":{
    "code":400,
    "error_data":{
      "code":1002,
      "description":"ApplicationId in Body and Authorization Header should be same",
      "message":"Invalid parameter"
    },
    "status":"failure",
    "data":null
  }
}

The following are a sample list of the HTTP codes and corresponding error codes that can encountered in the event of a failure.

HTTP Code	Error Code	Description
400	1001	Mandatory Parameter missing
400	1002	Invalid parameter
400	1005	Mandatory Body Parameters missing
401	1010	Authentication failed
403	1012	Forbidden Operation
403	1015	Verification has been denied
404	1000	Not Found
429	1030	Throttle limit Breached for Sending Sms
500	1110	Internal Server Error
500	1123	Internal Server Error
500	1120	Internal Server Error