WA.cr APP - API v2
  1. Authentication (OTP Verification)
WA.cr APP - API v2
  • API v2 Documentation
    • Account
      • Get Account Info
      • Get Usage Statistics
      • Get Plan Limits
    • Authentication (OTP Verification)
      • Send OTP/Verification Code
        POST
      • Resend OTP
        POST
      • Verify OTP
        POST
      • Check OTP Status
        POST
      • List Authentication Templates
        GET
    • Comments
      • Get Comments
      • Add Comment
    • Contacts
      • List Contacts
      • Create Contact
      • Get Contact
      • Update Contact
      • Delete Contact
      • Batch Create Contacts
      • Batch Delete Contacts
    • Groups
      • List Groups
      • Create Group
      • Get Group
      • Update Group
      • Delete Group
      • Add Contacts to Group
      • Remove Contacts from Group
    • Messages
      • Send Text Message
      • Send Template Message
      • Send Media Message
      • Send Interactive Message
      • List Messages
      • Get Message
    • Sources
      • List Sources
      • Create Source
      • Get Source
      • Update Source
      • Delete Source
    • Statuses
      • List Statuses
      • Create Status
      • Get Status
      • Update Status
      • Delete Status
    • Templates
      • List Templates
      • Sync Templates from WhatsApp
      • Get Template
  1. Authentication (OTP Verification)

Verify OTP

POST
/auth/verify
Verify an OTP code that was sent via the /auth/send-otp endpoint.
This endpoint validates the OTP code against the stored record, checking expiry, attempt limits, and code correctness. On successful verification, the rate limiter is cleared.
Required Scope: messages:send

Request Body#

FieldTypeRequiredValidationDescription
phonestringYesPhone number that received the OTP
codestringYesThe OTP code to verify
purposestringNomax:50OTP purpose (default: authentication). Must match the purpose used when sending

Rate Limiting#

10 verification attempts per minute per phone number per tenant
Rate limit key: otp-verify:{tenant_id}:{phone}
Rate limit clears automatically on successful verification
Returns retry_after seconds when limit exceeded

Verification Flow#

1.
Phone number is cleaned (non-numeric chars removed except +)
2.
Rate limit check (10 attempts/min)
3.
Active OTP lookup for phone + purpose combination
4.
Max attempts check (default: 5 attempts per OTP)
5.
Expiry check
6.
Code comparison
7.
On success: OTP marked as verified, rate limiter cleared

Success Response Fields#

FieldTypeDescription
phonestringVerified phone number
purposestringOTP purpose
verified_atstringISO 8601 verification timestamp

Error Scenarios#

Error CodeDescription
OTP_NOT_FOUNDNo active OTP for this phone number and purpose
MAX_ATTEMPTS_EXCEEDEDToo many failed verification attempts (default: 5). Must request new OTP
OTP_EXPIREDOTP has passed its expiry time. Must request new OTP
INVALID_CODEWrong code entered. Returns attempts_remaining count

Error Responses#

StatusError CodeDescription
401UNAUTHORIZEDInvalid or missing API token
403INSUFFICIENT_SCOPEToken missing messages:send scope
422VALIDATION_ERRORRequest validation failed or OTP verification failed
429RATE_LIMIT_EXCEEDEDToo many verification attempts
500INTERNAL_ERRORUnexpected server error

Validation Error Messages#

FieldMessage
phonePhone number is required
codeVerification code is required

Request

Authorization
Bearer Token
Provide your bearer token in the
Authorization
header when making requests to protected resources.
Example:
Authorization: Bearer ********************
or
Header Params

Body Params application/json

Examples

Responses

🟢200
application/json
Successful response
Body

Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request POST '/auth/verify' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "phone": "+919999999999",
    "code": "123456",
    "purpose": "authentication"
}'
Response Response Example
{}
Modified at 2026-02-25 01:30:11
Previous
Resend OTP
Next
Check OTP Status
Built with