> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kairosafrika.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Validate OTP

> Validate a one-time password (OTP) code sent to a recipient

# Validate OTP

This endpoint allows you to validate a one-time password (OTP) code that was sent to a recipient.

**Endpoint:** `POST /v1/external/validate/otp`

<RequestExample>
  ```bash cURL theme={null}
  curl --request POST \
    --url https://api.kairosafrika.com/v1/external/validate/otp \
    --header 'x-api-key: YOUR_API_KEY' \
    --header 'x-api-secret: YOUR_API_SECRET' \
    --header 'x-api-version: 2025-08-01' \
    --header 'Content-Type: application/json' \
    --data '{
      "code": "0216",
      "recipient": "233559400612"
    }'
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch('https://api.kairosafrika.com/v1/external/validate/otp', {
    method: 'POST',
    headers: {
      'x-api-key': 'YOUR_API_KEY',
      'x-api-secret': 'YOUR_API_SECRET',
      'x-api-version': '2025-08-01',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      code: '0216',
      recipient: '233559400612'
    })
  });

  const result = await response.json();
  console.log(result);
  ```

  ```python Python theme={null}
  import requests

  response = requests.post(
      'https://api.kairosafrika.com/v1/external/validate/otp',
      headers={
          'x-api-key': 'YOUR_API_KEY',
          'x-api-secret': 'YOUR_API_SECRET',
          'x-api-version': '2025-08-01',
          'Content-Type': 'application/json'
      },
      json={
          'code': '0216',
          'recipient': '233559400612'
      }
  )

  result = response.json()
  print(result)
  ```

  ```php PHP theme={null}
  <?php
  $curl = curl_init();

  curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://api.kairosafrika.com/v1/external/validate/otp',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_POSTFIELDS => json_encode(array(
      'code' => '0216',
      'recipient' => '233559400612'
    )),
    CURLOPT_HTTPHEADER => array(
      'x-api-key: YOUR_API_KEY',
      'x-api-secret: YOUR_API_SECRET',
      'x-api-version: 2025-08-01',
      'Content-Type: application/json'
    ),
  ));

  $response = curl_exec($curl);
  curl_close($curl);
  echo $response;
  ?>
  ```
</RequestExample>

## Request Body

* **code** (string, required): The OTP code to validate.
* **recipient** (string, required): The recipient phone number that received the OTP (without + prefix).

## Responses

* **200 OK**: OTP validation successful.
* **400 Bad Request**: Invalid OTP code or recipient.
* **401 Unauthorized**: Invalid or missing API key.

## Response Example

```json theme={null}
{
  "statusCode": "200",
  "statusMessage": "Verification successful",
  "transactionId": "60642211-155a-48cc-8d90-82fa62897b37",
  "sequenceNo": null,
  "data": {
    "uuid": "60642211-155a-48cc-8d90-82fa62897b37",
    "code": "*************"
  },
  "timestamp": "2025-10-03T15:14:34.919Z"
}
```

## Response Fields

* **statusCode** (string): HTTP status code.
* **statusMessage** (string): Status message (e.g., "Verification successful").
* **transactionId** (string): Unique transaction identifier.
* **sequenceNo** (string|null): Sequence number (typically null for OTP validation).
* **data** (object): Validation result data.
  * **uuid** (string): Unique identifier for the validation.
  * **code** (string): Masked OTP code for security.
* **timestamp** (string): ISO 8601 timestamp of the response.


## OpenAPI

````yaml POST /v1/external/validate/otp
openapi: 3.0.3
info:
  title: Kairos Afrika SMS API
  description: >-
    Send SMS messages through the Kairos Afrika platform. Switch between staging
    and production environments using the server dropdown.
  version: 1.0.0
  contact:
    name: Kairos Afrika Support
    email: support@kairosafrika.com
servers:
  - url: https://api.kairosafrika.com
    description: Sms API Base URL
security:
  - apiKeyAuth: []
    apiSecretAuth: []
paths:
  /v1/external/validate/otp:
    post:
      tags:
        - OTP
      summary: Validate OTP
      description: Validate a one-time password (OTP) code sent to a recipient
      operationId: validateOTP
      parameters:
        - name: x-api-version
          in: header
          required: true
          schema:
            type: string
            enum:
              - '2025-08-01'
          description: API version header (required for full JSON response)
          example: '2025-08-01'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ValidateOTPRequest'
      responses:
        '200':
          description: OTP validation successful
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidateOTPResponse'
        '400':
          description: Bad request - Invalid OTP or recipient
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '401':
          description: Unauthorized - Invalid API key
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
components:
  schemas:
    ValidateOTPRequest:
      type: object
      required:
        - code
        - recipient
      properties:
        code:
          type: string
          description: The OTP code to validate
          example: '0216'
        recipient:
          type: string
          description: The recipient phone number that received the OTP
          example: '233559400612'
    ValidateOTPResponse:
      type: object
      properties:
        statusCode:
          type: string
          description: HTTP status code
          example: '200'
        statusMessage:
          type: string
          description: Status message
          example: Verification successful
        transactionId:
          type: string
          description: Unique transaction identifier
          example: 60642211-155a-48cc-8d90-82fa62897b37
        sequenceNo:
          type: string
          nullable: true
          description: Sequence number
          example: null
        data:
          type: object
          properties:
            uuid:
              type: string
              description: Unique identifier for the validation
              example: 60642211-155a-48cc-8d90-82fa62897b37
            code:
              type: string
              description: Masked OTP code
              example: '*************'
        timestamp:
          type: string
          format: date-time
          description: ISO 8601 timestamp
          example: '2025-10-03T15:14:34.919Z'
    Error:
      type: object
      required:
        - error
        - message
      properties:
        error:
          type: string
          description: Error code
          example: INVALID_PHONE_NUMBER
        message:
          type: string
          description: Human-readable error message
          example: The provided phone number is not valid
        details:
          type: object
          description: Additional error details
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: x-api-key
      description: API Key for authentication
    apiSecretAuth:
      type: apiKey
      in: header
      name: x-api-secret
      description: API Secret for authentication

````