API key

OTP Verification

Create OTP sessions, send verification codes by SMS, and verify submitted codes.

POST
/v1/otp/sessions
API key scope otp:create - Create an OTP session and queue the SMS.
GET
/v1/otp/sessions/:id
API key scope otp:verify - Read OTP session state.
POST
/v1/otp/sessions/:id/verify
API key scope otp:verify - Verify a user-submitted OTP code.

Overview

OTP sessions generate a numeric code, store only a hash, and send the code by SMS. The code never appears in normal API responses.

The OTP API charges credits through the same SMS path as regular messages. The generated message has type otp.

Create a session

curl https://api.bar9.me/v1/otp/sessions \
  -H "Authorization: Bearer $BAR9_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "to": "+213661000000",
    "template": "Your Bar9 code is {{code}}",
    "code_length": 6,
    "ttl_seconds": 300,
    "client_reference": "login-1001"
  }'

Create fields

FieldRequiredNotes
toYesE.164 phone number.
templateNoMust include {{code}}; defaults to Your verification code is {{code}}.
code_lengthNoInteger from 4 to 8; defaults to 6.
ttl_secondsNoInteger from 60 to 900; defaults to 300.
client_referenceNoPassed through to the SMS message.

Session response

{
	"ok": true,
	"data": {
		"id": "otp_...",
		"message_id": "msg_...",
		"to": "+213661000000",
		"status": "pending",
		"expires_at": 1778407500,
		"created_at": 1778407200,
		"verified_at": null
	}
}

Verify a code

curl https://api.bar9.me/v1/otp/sessions/otp_123/verify \
  -H "Authorization: Bearer $BAR9_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "code": "773421" }'

The code must be 4 to 8 digits. Already verified, expired, and incorrect-code attempts are returned as API errors.