Generate OTP
Generate and send a one-time password (OTP) to a recipient via SMS
Generate OTP
This endpoint allows you to generate and send a one-time password (OTP) to a recipient via SMS. The OTP can be used for verification purposes with customizable expiry time and retry limits. Endpoint:POST /v1/external/generate/otp
Request Body
- recipient (string, required): Recipient phone number (without + prefix).
- from (string, required): Sender ID or name.
- message (string, required): OTP message template with placeholders:
{code}- Will be replaced with the generated OTP code{amount}- Will be replaced with expiry amount{duration}- Will be replaced with expiry duration
- pinLength (integer, required): Length of the OTP code (4-10 digits).
- pinType (string, required): Type of OTP code (NUMERIC, ALPHANUMERIC, or ALPHABETIC).
- expiry (object, required): OTP expiry configuration.
- amount (integer, required): Expiry time amount.
- duration (string, required): Expiry time duration unit (seconds, minutes, or hours).
- maxAmountOfValidationRetries (integer, required): Maximum number of validation attempts allowed (minimum 1).
Responses
- 200 OK: OTP generated and sent successfully.
- 400 Bad Request: Invalid input data.
- 401 Unauthorized: Invalid or missing API key.
Response Example
Response Fields
- statusCode (string): HTTP status code.
- statusMessage (string): Status message (e.g., “OTP successfully sent to your device”).
- transactionId (string): Unique transaction identifier.
- sequenceNo (string): Sequence number for tracking.
- data (object): OTP generation result data.
- uuid (string): Unique identifier for the OTP generation.
- code (string): Masked OTP code for security.
- timestamp (string): ISO 8601 timestamp of the response.
Usage Flow
- Generate OTP: Call this endpoint to generate and send an OTP to the recipient.
- Validate OTP: Use the Validate OTP endpoint to verify the code entered by the user.
- The OTP will expire after the specified time period.
- Users have a limited number of validation attempts (as specified in
maxAmountOfValidationRetries).
Authorizations
API Key for authentication
API Secret for authentication
Headers
API version header (required for full JSON response)
2025-08-01 Body
Recipient phone number (without + prefix)
"0559400612"
Sender ID or name
"PHCCU"
OTP message template with {code}, {amount}, and {duration} placeholders
"Your verification code is {code}, it expires in {amount} {duration}"
Length of the OTP code
4 <= x <= 104
Type of OTP code
NUMERIC, ALPHANUMERIC, ALPHABETIC "NUMERIC"
Maximum number of validation attempts allowed
x >= 13
Response
OTP generated and sent successfully
HTTP status code
"200"
Status message
"OTP successfully sent to your device"
Unique transaction identifier
"ec1fb725-3e86-47dc-bf0c-82b7776080e8"
Sequence number
"01K6NA4F7KJKSR6JM912JMY4NV"
ISO 8601 timestamp
"2025-10-03T15:13:03.227Z"