Skip to main content
Send a one-time password (OTP) to a user’s phone number for secure authentication and verification. This endpoint is designed for multi-factor authentication (MFA), login verification, onboarding flows, and transaction confirmations. It ensures reliable OTP delivery using Antryk’s scalable SMS infrastructure. Authentication is handled via secure headers, keeping your credentials protected and separate from the request payload. 
curl --request POST \
  --url https://ses.antryk.com/api/v1/sms/send-otp \
  --header "Content-Type: application/json" \
  --header "x-access-key: YOUR_ACCESS_KEY" \
  --header "x-secret-key: YOUR_SECRET_KEY" \
  --data '{
    "to": "+1XXXXXXXXXX",
    "serviceId": "YOUR_SERVICE_ID"
  }'
For Node.js applications, it is recommended to use the official @antryk/sdk. The SDK simplifies OTP delivery by handling authentication, validation, retries, and error handling internally.
Authentication is handled via headers (x-access-key, x-secret-key). The request body should only include OTP-related fields such as recipient number and service ID.
This is the recommended and modern approach for sending OTPs:
  • Authentication is passed via headers instead of the request body.
  • Request body contains only OTP-related parameters.
  • Improved security by isolating credentials from payload.
  • Cleaner and more maintainable API integration.
⚠️ The older approach (passing accessKey and secretKey in the request body) may still work for backward compatibility, but it is strongly recommended to migrate to header-based authentication.

Request Parameters

x-access-key
string
required
Your Antryk access key used to authenticate API requests.
x-secret-key
string
required
Your Antryk secret key used to securely authorize the request.
to
string
required
Recipient phone number in E.164 format (e.g. +1XXXXXXXXXX). Only one number is supported per request.
serviceId
string
required
Unique identifier (UUID v4) of your configured SMS verification service.
Always store phone numbers in E.164 format (e.g. +919876543210) to ensure compatibility and successful OTP delivery.
Invalid phone numbers or incorrectly formatted serviceId values will result in request failure. Ensure inputs are validated before sending requests.

Examples

x-access-key
string
required
Example: YOUR_ACCESS_KEY
x-secret-key
string
required
Example: YOUR_SECRET_KEY
to
string
required
Example: +919876543210
serviceId
string
required
Example: xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx

Additional Notes

  • Supports secure OTP delivery for login, signup, and transaction verification.
  • Each OTP is time-bound and automatically expires after a defined duration.
  • Avoid exposing API keys in client-side applications.
  • Use server-side integrations or the SDK for better security and reliability.

Successful Response

Returns a JSON object confirming that the OTP has been successfully sent. 
{
  "success": true,
  "message": "Otp Sent Successfully!",
  "data": {
    "to": "+1XXXXXXXXXX",
    "serviceId": "YOUR_SERVICE_ID",
    "status": "pending"
  }
}
The OTP expires five minutes after issuance. Subsequent verification attempts with the same code after this window return 410 otp_expired.

Error Scenarios

  • 401 invalid_credentials – Incorrect x-access-key or x-secret-key
  • 400 invalid_recipient – Missing or improperly formatted phone number
  • 409 otp_pending – A previously sent OTP is still active
  • 429 rate_limited – Too many OTP requests in a short time
  • 401 invalid_request – Invalid or missing serviceId
  • 500 provider_unavailable – Temporary SMS gateway failure

Invalid Service ID Example

{
  "success": false,
  "errors": [
    {
      "message": "Invalid Request",
      "code": 401
    }
  ]
}