Verify a phone number in two API calls

Adding phone verification to your product is genuinely two HTTPS requests. There is no SDK to install and no client library to keep updated — anything that can send JSON over HTTPS can integrate Authevo. This post walks the complete round trip.

Step 1 — Send the code

Call POST https://api.authevo.dev/v1/otp/send from your backend with the user’s phone number in E.164 format. Authenticate with your secret key as a bearer token: Authorization: Bearer sk_live_…. The request body is just { "phone": "+201234567890" }.

Authevo generates a one-time code, delivers it over WhatsApp, and responds with a message id and a status. A successful response looks like { "data": { "id": "msg_…", "status": "sent", "expires_in": 300 } }. Store nothing client-side — the user simply reads the code from WhatsApp.

Step 2 — Verify the code

When the user types the code into your app, send it to POST https://api.authevo.dev/v1/otp/verify with the same phone number: { "phone": "+201234567890", "code": "123456" }. A match returns { "data": { "verified": true } }; a wrong or expired code comes back as an error envelope with a machine-readable error.code.

A couple of details worth wiring in from day one:

• Branch on the HTTP status and error.code, never on the human-readable message — messages can change, codes won’t.
• Keep the secret key on the server. It can send and verify on your account, so it must never ship in a browser or mobile bundle.
• You only pay when a code is delivered and verified — failed sends and wrong guesses cost nothing.

That is the entire integration. Delivery falls back to Telegram automatically when WhatsApp can’t be reached, and your two calls never change.