Cookie

Cookie consent

We use some essential cookies to make this website work. We'd like to set additional cookies to help us measure your experience when you view and interact with the website.

Cookie policy

otp/verify

Postcoder one-time password (OTP) verification provides authentication via SMS. It consists of two types of request: a send request to send an OTP within a text message to a user's UK mobile phone number, and a verify request that you can use to check the OTP provided by the user.

This is the verify endpoint. It returns a true or false for a given OTP and ID. Before using this endpoint, use the otp/send endpoint to send the OTP and get an ID.

OTP verification: Enable access on your API key using the Features page or by contacting us.

Request URL and body

POST https://ws.postcoder.com/pcw/{apikey}/otp/verify
{
    "id": "{id}",
    "otp": "{otp}"
}

Path and body parameters

ParameterDescriptionExample
apikeyYour API keyPCW45-12345-12345-1234X
idThe ID that was returned in the response from your request to the otp/send endpointOTP45-12345-12345-1234X
otpThe one-time password (OTP) supplied to you by the person that received the OTP532132

Querystring parameters

ParameterDescriptionExample
formatSets the format of the response, xml or json (default unless "application/xml" header is detected)format=json
identifierSpecifies your own meaningful identifier for the request such as "websiteA" or "client123"; you can view usage for each identifier on the Identifier Usage page, which may be helpful when using your API key across multiple websites, apps or clientsidentifier=websiteA

Example request and response

POST https://ws.postcoder.com/pcw/PCW45-12345-12345-1234X/otp/verify?format=json
{
    "id": "OTP45-12345-12345-1234X",
    "otp": "532132"
}

HTTP response body

{
    "valid": true
}

Response fields

FieldDescriptionExample
validA true / false indicating whether the OTP is valid (true) or incorrect / expired (false)true

Integration advice

  • URL encode all special characters (including /) in your request parameters with %xx encoding
  • Verify your request was successful by checking for an HTTP status code of 200; see all HTTP status codes with descriptions
  • When using your API key across multiple websites, apps or clients, set the identifier querystring parameter to a meaningful value such as "websiteA" or "client123"; you'll then be able to view these identifiers and the number of requests made by each one on the Identifier Usage page

Credit cost

This endpoint is free to use providing you use it with the chargeable otp/send endpoint.

Buy a credit pack or set up a monthly plan to use with all Postcoder endpoints.