Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.otpedge.com/llms.txt

Use this file to discover all available pages before exploring further.

Welcome to OTP Edge. This guide will walk you through the three essential steps to implementing secure, production-ready authentication.

1. Send the OTP

Use your API Key to dispatch a verification code to your user’s WhatsApp number. 
curl -X POST https://api.otpedge.com/v1/send-otp \
     -H "Authorization: Bearer YOUR_API_KEY" \
     -d '{"to": "919876543210", "app": "MySecureApp"}'

2. Verify the OTP

When the user enters the code, send it to our verification endpoint. If successful, you will receive an Identity Token. 
curl -X POST https://api.otpedge.com/v1/verify-otp \
     -H "Authorization: Bearer YOUR_API_KEY" \
     -d '{"phone_number": "919876543210", "code": "123456"}'
Response: 
{
  "status": "verified",
  "identity_token": "eyJhbG..."
}

3. Validate the Identity Token (Critical)

To prevent spoofing and ensure the verification happened on our servers, you must verify the identity_token on your backend. Think of Step 2 as the Box Office. They give you a Ticket (the JWT). But you still have to walk to the Usher (your backend logic) and show them the Ticket to get into your seat.
Node.js
import * as jose from 'jose';

const JWKS = jose.createRemoteJWKSet(new URL('https://api.otpedge.com/.well-known/jwks.json'));
const { payload } = await jose.jwtVerify(token, JWKS);

// Now you can trust the identity!
console.log(payload.phone);
By following all three steps, you ensure that your login flow is cryptographically secure and tamper-proof.