> ## Documentation Index
> Fetch the complete documentation index at: https://docs.otpedge.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Quickstart

> Start sending secure WhatsApp OTPs in under 5 minutes.

Welcome to OTP Edge. This guide will walk you through the three essential steps to implementing secure, production-ready authentication.

## 1. Send the OTP

Use your API Key to dispatch a verification code to your user's WhatsApp number.

```bash theme={null}
curl -X POST https://otpedge.com/api/v1/send-otp \
     -H "Authorization: Bearer YOUR_API_KEY" \
     -d '{"to": "+919876543210", "app": "MySecureApp"}'
```

<Note>
  **Expiry**: The dispatched OTP code is valid for **10 minutes**.
</Note>

## 2. Verify the OTP

When the user enters the code, send it to our verification endpoint. If successful, you will receive an **Identity Token**.

```bash theme={null}
curl -X POST https://otpedge.com/api/v1/verify-otp \
     -H "Authorization: Bearer YOUR_API_KEY" \
     -d '{"phone_number": "+919876543210", "code": "123456"}'
```

**Response:**

```json theme={null}
{
  "status": "verified",
  "identity_token": "eyJhbG..."
}
```

## 3. Validate the Identity Token (Critical)

To prevent spoofing and ensure the verification happened on our servers, you **must** verify the `identity_token` on your backend.

Think of Step 2 as the **Box Office**. They give you a **Ticket** (the JWT). But you still have to walk to the **Usher** (your backend logic) and show them the Ticket to get into your seat.

```javascript Node.js theme={null}
import * as jose from 'jose';

const JWKS = jose.createRemoteJWKSet(new URL('https://otpedge.com/.well-known/jwks.json'));
const { payload } = await jose.jwtVerify(token, JWKS);

// Now you can trust the identity!
console.log(payload.phone);
```

<Check>
  By following all three steps, you ensure that your login flow is cryptographically secure and tamper-proof.
</Check>