Skip to main content
Welcome to OTP Edge. This guide will walk you through the three essential steps to implementing secure, production-ready authentication.

1. Send the OTP

Use your API Key to dispatch a verification code to your user’s WhatsApp number. 
curl -X POST https://otpedge.com/api/v1/send-otp \
     -H "Authorization: Bearer YOUR_API_KEY" \
     -d '{"to": "+919876543210", "app": "MySecureApp"}'
Expiry: The dispatched OTP code is valid for 10 minutes.

2. Verify the OTP

When the user enters the code, send it to our verification endpoint. If successful, you will receive an Identity Token. 
curl -X POST https://otpedge.com/api/v1/verify-otp \
     -H "Authorization: Bearer YOUR_API_KEY" \
     -d '{"phone_number": "+919876543210", "code": "123456"}'
Response: 
{
  "status": "verified",
  "identity_token": "eyJhbG..."
}

3. Validate the Identity Token (Critical)

To prevent spoofing and ensure the verification happened on our servers, you must verify the identity_token on your backend. Think of Step 2 as the Box Office. They give you a Ticket (the JWT). But you still have to walk to the Usher (your backend logic) and show them the Ticket to get into your seat.
Node.js
import * as jose from 'jose';

const JWKS = jose.createRemoteJWKSet(new URL('https://otpedge.com/.well-known/jwks.json'));
const { payload } = await jose.jwtVerify(token, JWKS);

// Now you can trust the identity!
console.log(payload.phone);
By following all three steps, you ensure that your login flow is cryptographically secure and tamper-proof.