This document describes the full functionalities and detailed documentation of the SMSPoh Verify API V3. It is intended for organizations and individuals who need to send or receive SMS messages programmatically.
The last version of SMSPoh Verify API V3.0 enhanced performance, streamlined endpoints, and improved security features. With simplified authentication and more consistent responses, it aims to provide a smoother, more reliable experience for developers.
The base URL for this service is https://v3.smspoh.com/api/otp.
This base URL cannot be used independently;
you must append a specific path that
identifies
the
desired operation, and you may need
to specify certain path parameters.
https://v3.smspoh.com/api/otp
Please note that the previous SMSPoh API credentials are no longer compatible with API V3.
To create a new API credential, please navigate to the https://v3.smspoh.com/ and Accounts & Security > API Credentials page in the customer dashboard.
base64encode(SMSPohV3APIKey:SMSPohV3APISecret)
QueryParamAuth is an action filter that supports the authentication based on the access token passed through a query parameter.
accessToken=U01TUG9oVjNBUElLZXk6U01TUG9oVjNBUElTZWNyZXQ=
This API allows you to request OTP code.
https://v3.smspoh.com/api/otp/request?from=SMSPoh&to=099*******&brand=SMSPoh&accessToken=U01TUG9oVjNBUElLZXk6U01TUG9oVjNBUElTZWNyZXQ=
| Name | Type | Description |
|---|---|---|
| accessToken | String Required | Your API credential. |
| to | String Required | Recipient mobile numbers. The mobile number can start with (09, 959 or +959) prefixes. |
| brand | String Required | The brand name included in the message content |
| from | String Required | The sender ID (alphanumeric or numeric, depending on your account settings). |
| ttl | Integer | Time to live or OTP validity period. You can specify time to live value in seconds. Min. 60, Max. 3,600 |
| pinLength | Integer | OTP code length. Min. 4, Max. 8 |
| template | String | Customize your OTP message. For Example: [{brand}] Dear customer, Your OTP code
is {code}
|
| maxInvalidAttempts | Integer | Max invalid attempts for OTP code. If the user exceeds the maximum attempts, the code transaction will automatically become invalid. Min. 1, Max. 10 |
When SMSPoh responds with an HTTP or status code, it indicates that your OTP request was successful and forwarded to the mobile phone, and you may proceed with the verification process. You must extract the requestId from the response body. The requestId is used to verify the request along with the OTP code that your customer has received.
Status: Content-type:
{
"channel": "SMS",
"requestId": 123456789,
"to": "09********",
"createdAt": "2025-01-22 12:02:07",
"expireAt": "2025-01-22 12:03:07"
}
Status: Content-type:
{
"name": "Unauthorized",
"message": "Your request was made with invalid credentials.",
"code": 0,
"status": 401,
}
This API allows you to verify the OTP code that was requested previously. SMSPoh will validate the OTP code provided by the user against the one sent for the corresponding requestID.
https://v3.smspoh.com/api/otp/verify?requestId=123456789&code=1234&accessToken=U01TUG9oVjNBUElLZXk6U01TUG9oVjNBUElTZWNyZXQ=
| Name | Type | Description |
|---|---|---|
| accessToken | String Required | Your API credential. |
| requestId | Integer Required | OTP Request ID which response while you request the OTP. |
| code | String Required | The OTP code received by your customer |
If SMSPoh responds with a successful HTTP status code such as or , it indicates that the requestId and OTP are valid, and you should grant access, confirming that the process has been successfully completed.
Status: Content-type:
{
"request_id": 123456789,
"to": "09*******",
"verifiedAt": "2025-01-22 12:23:54"
}
If SMSPoh responds with error codes such as 3**, 4**, or 5**, it indicates that the requestId and OTP are invalid, and access should not be granted.
Status: Content-type:
{
"name": "Bad Request",
"message": "Invalid request!.",
"code": 0,
"status": 400,
}