Appearance

Verify (OTP/2FA)

Send and check one-time passwords via SMS, voice call, or email. Two API calls: one to send the code, one to verify it.

Best for: login verification, transaction confirmation, account recovery, and any flow that needs to prove the user controls a phone number or email address.

Activate Verify | Verify API reference

What this is

WAYSCloud Verify generates, delivers, and validates one-time passwords across three channels: SMS, voice call, and email. You call POST /v1/verify/start to send a code and POST /v1/verify/check to validate the user's input. Codes are SHA-256 hashed at rest and never stored in plaintext. Each session has a configurable TTL (default 5 minutes) and a maximum of 5 attempts before automatic lockout.

The service handles delivery, retry logic, and expiration. You handle the user interface.

When to use it

Use this when:

  • You need to verify a user owns a phone number or email address
  • You are adding two-factor authentication to login, signup, or password reset
  • You need transaction confirmation codes (e.g., approve a payment)
  • You want a managed OTP service without building delivery infrastructure

Consider something else when:

  • You need to send marketing or transactional messages (not codes) — use SMS
  • You need TOTP-based authenticator app support — Verify handles delivery-based OTP only

What you get

  • 3 channels: SMS, voice call, email
  • Configurable codes: 4-8 digits, 60-900 second TTL
  • 5 locales: English, Norwegian, Swedish, Danish, Finnish
  • SHA-256 hashing of codes at rest
  • 5 attempts per session before lockout
  • Session status tracking: pending, delivered, verified, failed, expired, cancelled
  • 4 API endpoints: start, check, status, cancel

Pricing

All prices exclude VAT.

ItemEURNOKSEKDKK
E-postverifisering0.020.200.200.15
SMS-verifisering0.121.501.501
Taleverifisering0.121.501.501

View all plans in dashboard

How it works

  1. Activate the service in the dashboard and copy your API key.
  2. Send a code by calling POST /v1/verify/start with the channel (sms, voice, or email) and the recipient.
  3. User enters the code in your application.
  4. Validate the code by calling POST /v1/verify/check with the session ID and the code the user entered.
  5. Check the result. The response returns verified on success, or pending with remaining attempts on failure.
  6. Session expires automatically after the TTL (default 300 seconds) if the code is not verified.

What you see in the dashboard

  • Sessions today: count of SMS, voice, and email verifications sent
  • This month: total sessions with breakdown by channel
  • Success rate: percentage of sessions that reached verified status
  • Session history: destination (masked), channel, status (Verified / Expired / Pending / Failed), timestamp
  • API key management: create and revoke keys

Fastest way to get started

Dashboard

  1. Open my.wayscloud.services and go to Communication then Verify
  2. Click Activate to enable the service
  3. Copy your API key (shown only once)

API

bash
# Send a code
curl -X POST https://api.wayscloud.services/v1/verify/start \
  -H "X-API-Key: wayscloud_verify_abc12_YOUR_SECRET" \
  -H "Content-Type: application/json" \
  -d '{"channel": "sms", "recipient": "+4712345678"}'

# Check the code
curl -X POST https://api.wayscloud.services/v1/verify/check \
  -H "X-API-Key: wayscloud_verify_abc12_YOUR_SECRET" \
  -H "Content-Type: application/json" \
  -d '{"session_id": "550e8400-e29b-41d4-a716-446655440000", "code": "483291"}'

Example request and response

Request: Send a voice OTP

bash
curl -X POST https://api.wayscloud.services/v1/verify/start \
  -H "X-API-Key: wayscloud_verify_abc12_YOUR_SECRET" \
  -H "Content-Type: application/json" \
  -d '{
    "channel": "voice",
    "recipient": "+4798765432",
    "code_length": 6,
    "ttl_seconds": 300,
    "locale": "no"
  }'

Response:

json
{
  "session_id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
  "status": "pending",
  "channel": "voice",
  "expires_at": "2026-03-30T14:10:00Z",
  "created_at": "2026-03-30T14:05:00Z"
}

Check the code:

bash
curl -X POST https://api.wayscloud.services/v1/verify/check \
  -H "X-API-Key: wayscloud_verify_abc12_YOUR_SECRET" \
  -H "Content-Type: application/json" \
  -d '{
    "session_id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
    "code": "719384"
  }'

Success response:

json
{
  "status": "verified",
  "verified_at": "2026-03-30T14:06:12Z"
}

Failure response:

json
{
  "status": "pending",
  "error": "invalid_code",
  "attempts_remaining": 4
}

Common use cases

  • Login 2FA — verify phone or email before granting access
  • Signup confirmation — prove the user owns the email or phone number they entered
  • Password reset — send a code before allowing a new password
  • Transaction approval — confirm a payment or sensitive operation with a voice call
  • Account recovery — verify identity through a previously registered channel
  • SMS — send transactional or bulk messages (not verification codes)
  • IP Intelligence — score the login IP before sending OTP
  • WAYSCloud Shield — block suspicious traffic before it reaches your app

Open in dashboard

WAYSCloud AS

Copyright 2024-2026 WAYSCloud AS. All rights reserved.