Learn the integration specs

WHATOTP_API_DOCS

Comprehensive REST API documentation for global encrypted OTP dispatch and verification.

docs.md - WhatOTP

# Authentication

All requests to the WhatOTP API must be authenticated using a Bearer token in the `Authorization` header.

warning

SECURITY WARNING: Never expose your API keys in client-side code (e.g., browsers, mobile apps). Always execute requests from a secure backend server.

Authorization: Bearer sk_live_82x...

# Rate Limits

Rate limits are enforced in backend middleware and are keyed per endpoint group.

Auth APIs

20 req/min

IP keyed (`/api/v1/auth/*`)

Product APIs

120 req/min

API key hash + IP (`/v1/*`)

# Endpoints

POST /v1/otp/send

Dispatch a secure OTP to a predefined channel.

Payload Parameters

to *

string - Target phone number in E.164 format (e.g., +1234567890).

channel *

enum - Delivery method. Supported: `whatsapp` only.

length

int - Length of the generated OTP (4 to 8). Default is `6`.

POST /v1/otp/verify

Validate a user-provided OTP against an active session.

Payload Parameters

code *

string - The code inputted by the user.

session_id *

string - ID returned from the initial `send` request.

POST /v1/messages/send

Queue a template-based outbound message for delivery.

Payload Parameters

phone_number *

string - Destination number.

template_id *

string - Template identifier.

variables

object - Template variables map.

expires_in_seconds

int - Optional. Default `300`.

# Delivery Updates

This backend currently exposes synchronous request/response APIs only. No outbound webhook/callback endpoint is shipped in this deployment.

callbacks - Not available.
tracking - Use admin logs and ticket modules for operational follow-up.
message flow - `/v1/messages/send` returns queued status (`202 Accepted`).

End of documentation chunk.

codeOPEN_PORTAL forumOPEN_HELP_CENTER

Example Execution

[14:22:01] EXAMPLE: Preparing OTP send request...

[14:22:01] EXEC: POST /v1/otp/send

[14:22:02] AUTH: API key accepted.

[14:22:02] VALIDATION: Request payload validated successfully.

[14:22:02] SUCCESS: 200 OK | session_id: otp_72x991

_ review request and response fields above...

Code_Snippets

cURL Python Node

curl -X POST https://api.whatotp.com/v1/otp/send \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "to": "+1234567890",
    "channel": "whatsapp"
  }'

Response_Examples

200 OK

Success Response

{
  "status": "success",
  "session_id": "otp_72x991",
  "to": "+1234567890",
  "channel": "whatsapp"
}

400 Bad Request

Error Response

{
  "error": "invalid_parameter",
  "message": "Phone number format invalid"
}

verified_user ROLE_SCOPED_ACCESS

Production safety depends on deployment configuration, JWT rotation, and scoped access controls.