1. Auth (OTP/Verification)
RASL
  • Introduction
  • Authentication
  • Changelog
  • Messages
    • Overview
    • Send Text Message
      POST
    • Send Media Message
      POST
    • Send Template Message
      POST
    • Send Interactive Message
      POST
    • List Messages
      GET
    • Get Message
      GET
  • Auth (OTP/Verification)
    • Overview
    • Send OTP
      POST
    • Verify OTP
      POST
    • Resend OTP
      POST
    • Check OTP Status
      POST
    • List Authentication Templates
      GET
  • Templates
    • Overview
    • List Templates
      GET
    • Get Template
      GET
    • Sync Templates
      POST
  • Contacts
    • Overview
    • List Contacts
      GET
    • Create Contact
      POST
    • Get Contact
      GET
    • Update Contact
      PATCH
    • Delete Contact
      DELETE
    • Batch Create Contacts
      POST
    • Batch Delete Contacts
      DELETE
  • Groups
    • Overview
    • List Groups
    • Create Group
    • Get Group
    • Update Group
    • Delete Group
    • Add Contacts to Group
    • Remove Contacts from Group
  • Account
    • Overview
    • Get Account Info
    • Get Usage Statistics
    • Get Plan Limits
  • Integrations
    • Webhook Format Reference
    • N8N Webhook Integration
    • eCommerce Webhook Integration
      • Webhook Listener
      • WooCommerce Webhook Setup
Dashboard
Support
Support
  • Email
  • WhatsApp
Dashboard
Support
Support
  • Email
  • WhatsApp
Instagram
  1. Auth (OTP/Verification)

Verify OTP

POST
https://getrasl.io/api/v2/auth/verify

Verify an OTP code that was sent via the /auth/send-otp endpoint#

This endpoint validates the OTP code against the stored record, checking expiry, attempt limits, and code correctness. On successful verification, the rate limiter is cleared

Required Scope#

messages:send

Rate Limiting#

10 verification attempts per minute per phone number per tenant
Rate limit key: otp-verify:{tenant_id}:{phone}
Rate limit clears automatically on successful verification
Returns retry_after seconds when limit exceeded

Verification Flow#

Phone number is cleaned (non-numeric chars removed except +)
Rate limit check (10 attempts/min)
Active OTP lookup for phone & purpose combination
Max attempts check (default: 5 attempts per OTP)
Expiry check
Code comparison
On success: OTP marked as verified, rate limiter cleared

Error Scenarios#

OTP_NOT_FOUND No active OTP for this phone number and purpose
MAX_ATTEMPTS_EXCEEDED Too many failed verification attempts (default: 5). Must request new OTP
OTP_EXPIRED OTP has passed its expiry time. Must request new OTP
INVALID_CODE Wrong code entered. Returns attempts_remaining count

Request

Authorization
Bearer Token
Provide your bearer token in the
Authorization
header when making requests to protected resources.
Example:
Authorization: Bearer ********************
or
Header Params

Body Params application/jsonRequired

Example
{
    "phone": "+201XXXXXXXXX",
    "code": "123456",
    "purpose": "authentication"
}

Request Code Samples

Shell
JavaScript
Java
Swift
Go
PHP
Python
HTTP
C
C#
Objective-C
Ruby
OCaml
Dart
R
Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request POST 'https://getrasl.io/api/v2/auth/verify' \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "phone": "+201XXXXXXXXX",
    "code": "123456",
    "purpose": "authentication"
}'

Responses

🟢200Success
application/json
Body

Example
{
    "success": true,
    "data": {
        "phone": "201XXXXXXXXX",
        "purpose": "authentication",
        "verified_at": "2026-01-01T07:49:46+00:00"
    },
    "message": "OTP verified successfully",
    "meta": {
        "request_id": "8588ee1b-00b1-4756-b778-5607f6b3528d",
        "timestamp": "2026-01-01T07:49:46+00:00"
    }
}
🟠401UNAUTHORIZED
🟠403INSUFFICIENT_SCOPE
🟠422VALIDATION_ERROR
🟠422WHATSAPP_NOT_CONFIGURED
🟠429RATE_LIMIT_EXCEEDED
🔴500INTERNAL_ERROR
Previous
Send OTP
Next
Resend OTP
Built with