1. Auth (OTP/Verification)
RASL
  • Introduction
  • Authentication
  • Changelog
  • Messages
    • Overview
    • Send Text Message
      POST
    • Send Media Message
      POST
    • Send Template Message
      POST
    • Send Interactive Message
      POST
    • List Messages
      GET
    • Get Message
      GET
  • Auth (OTP/Verification)
    • Overview
    • Send OTP
      POST
    • Verify OTP
      POST
    • Resend OTP
      POST
    • Check OTP Status
      POST
    • List Authentication Templates
      GET
  • Templates
    • Overview
    • List Templates
      GET
    • Get Template
      GET
    • Sync Templates
      POST
  • Contacts
    • Overview
    • List Contacts
      GET
    • Create Contact
      POST
    • Get Contact
      GET
    • Update Contact
      PATCH
    • Delete Contact
      DELETE
    • Batch Create Contacts
      POST
    • Batch Delete Contacts
      DELETE
  • Groups
    • Overview
    • List Groups
    • Create Group
    • Get Group
    • Update Group
    • Delete Group
    • Add Contacts to Group
    • Remove Contacts from Group
  • Account
    • Overview
    • Get Account Info
    • Get Usage Statistics
    • Get Plan Limits
  • Integrations
    • Webhook Format Reference
    • N8N Webhook Integration
    • eCommerce Webhook Integration
      • Webhook Listener
      • WooCommerce Webhook Setup
Dashboard
Support
Support
  • Email
  • WhatsApp
Dashboard
Support
Support
  • Email
  • WhatsApp
Instagram
  1. Auth (OTP/Verification)

RASL provides a complete OTP-as-a-Service solution for secure WhatsApp-based authentication

This module enables businesses to send, verify, resend, and monitor one-time password (OTP) codes delivered via approved WhatsApp AUTHENTICATION category templates.
It is designed for secure phone verification, user login flows, onboarding, and two-factor authentication (2FA).

Key Features#

Secure OTP generation and validation
WhatsApp AUTHENTICATION template delivery
Automatic contact creation
Attempt tracking and brute-force protection
Expiry time management
Built-in rate limiting
Non-destructive status checks
Template discovery support

Authentication Flow#

1.
GET /auth/templates
Discover available approved AUTHENTICATION templates.
2.
POST /auth/send-otp
Generate and send an OTP code via WhatsApp.
3.
POST /auth/verify
Validate the submitted OTP code against the stored record.
4.
POST /auth/resend
Generate and send a new OTP code, invalidating any previous active code.
5.
POST /auth/status (Optional)
Check OTP status, expiry time, and remaining attempts without consuming the code.

Security & Validation#

Only one active OTP per phone number and purpose
Expired codes are automatically rejected
Previous OTPs are invalidated on resend
Successful verification clears attempt counters
Brute-force protection via configurable attempt limits

Required Scopes#

messages:send — Required for send, verify, resend, and status endpoints
templates:read — Required to list available authentication templates
Requests without the appropriate scope will return 403 INSUFFICIENT_SCOPE

Rate Limits#

To ensure security and prevent abuse, the following limits apply per phone number:
Verify: 10 requests per minute
Resend: 3 requests per 5 minutes
OTP attempts: 5 verification attempts per issued code (configurable)
Exceeding these limits may result in temporary blocking or throttling responses.

WhatsApp Policy Compliance#

OTP messages are delivered exclusively through pre-approved WhatsApp AUTHENTICATION category.
Free-form messages cannot be used for authentication outside of WhatsApp policy requirements.
Previous
Get Message
Next
Send OTP
Built with