Vylo OTP generates verification codes and delivers them to your users over WhatsApp — no SMS fees, no gateway to run. Send a code, verify it, done. You're billed only for messages that go out.
Three steps between you and a verified user.
Your backend calls POST /otp/send with the user's phone number. We generate a secure random code and store only its hash.
The code is sent from your own connected WhatsApp number through our gateway. Your user reads it in WhatsApp and types it into your app.
Your backend calls POST /otp/verify with the phone + code. We confirm it (single-use, time-limited) and you're done.
Authenticate with your API key (starts with otpsk_) in the Authorization header. Server-side only — never ship the key to a browser or app.
# 1) Send a code curl -X POST https://otp.vylo-tech.com/otp/send \ -H "Authorization: Bearer otpsk_YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{"phone":"9647501234567"}' # 2) Verify what the user typed curl -X POST https://otp.vylo-tech.com/otp/verify \ -H "Authorization: Bearer otpsk_YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{"phone":"9647501234567","code":"482913"}'
| Method | Path | What it does |
|---|---|---|
| POST | /otp/send | Generate + deliver a code to a phone. |
| POST | /otp/verify | Check the code the user entered. |
| GET | /usage | Your send counts, cost, and balance. |
A quick picture of what runs when you call the API.
GET /usage anytime; there are no surprise blocks.