Mobile OTP Verification API for Secure Customer Onboarding
Send a one-time password to any mobile number, verify the code the customer enters, and get a signed 5-minute proof token to gate sensitive transactions. Use the Eko India sender by default, or your own DLT-registered Sender ID.
Starts at ₹0.15 per OTP sent · excl. GSTView Pricing
Overview
The Mobile OTP Verification API lets you confirm that a customer controls a mobile number before onboarding them or authorising a transaction. Send an OTP, verify the entered code, and receive a signed JWT proof token that downstream APIs can validate — so OTP verification can be proven server-to-server within a strict time window.
What Can You Verify With Mobile/OTP Verification APIs?
Key details returned across all Mobile OTP Verification API endpoints, ready to power your KYC and onboarding workflows.
OTP Expiry
Timestamp until which the OTP stays valid. Verify before this time.
OTP Verification Token
Signed JWT proving the OTP was verified. Contains the verified mobile and a unique token id; valid for 5 minutes. Validate it with the Validate OTP-Verification-Token API.
Verified Mobile
The mobile number that was verified.
Mobile OTP Verification API Flow – Sample Request and Response
Send simple inputs. Get rich, verified data in seconds.
Send a one-time password (OTP) to a customer's primary mobile number to start mobile verification.
Key Features
Everything you need to integrate and scale
Send OTP
Trigger an OTP SMS to the customer's primary mobile number and get a transaction id plus expiry timestamp.
Verify OTP
Validate the code the customer entered and receive a signed otp_verification_token as proof.
Validate Token
Confirm the proof token is authentic and was issued within the last 5 minutes — ideal for server-to-server checks.
Custom Sender ID
Send OTPs under your own brand by registering a Sender ID and content template on a telecom DLT platform.
Who Should Use This API?
Primary Use Cases
How to Integrate
Get started in minutes with our simple integration process
- 1
Sign Up
Create an account on Connect App and get your sandbox credentials.
- 2
Submit KYC
Complete your KYC verification process by submitting the required documents.
- 3
Integrate API
Use our comprehensive documentation to integrate the APIs.
- 4
Test in Sandbox
Test your integration thoroughly in our sandbox environment.
- 5
Go Live
Start sending and verifying OTPs in production.
Frequently Asked Questions
What is the OTP verification token?+
On successful Verify OTP, the API returns a signed JWT (otp_verification_token) containing the verified mobile and a unique token id. It is valid for 5 minutes and acts as proof that OTP verification happened — pass it to downstream transactions and confirm it with the Validate Token API.
How long is the OTP and the token valid?+
The OTP stays valid until the otp_expiry_timestamp returned by Send OTP. The verification token issued by Verify OTP is valid for 5 minutes from generation.
Can I send OTPs with my own company name?+
Yes. By default OTPs are sent with the Eko India signature. To use your own Sender ID and template, register as a Principal Entity on a telecom DLT platform, register a Sender ID and the OTP content template, and share the approved details during onboarding.
How is the API billed?+
You are billed per OTP sent. Verify OTP and Validate Token are free follow-up calls.
How do I get started?+
Sign up on Connect App, submit the required documents, integrate the REST API using our sandbox environment, and go live.
What are the different ways to integrate with Eko?+
Integrate in whichever way suits your stack: call the REST APIs directly, use our official SDKs (JavaScript and PHP) to skip request-signing boilerplate, or let an AI coding agent build the integration using our MCP server and skills. See the Developers and AI sections for each path.
How does API authentication work?+
Each request carries your static `developer_key` header plus a per-request `secret-key` header — an HMAC-SHA256 signature of the current timestamp, keyed by your access key. The access key itself is never sent over the wire. You receive UAT keys on signup and production keys after KYC.
Is there a sandbox environment for testing?+
Yes. A full sandbox environment is available immediately on signup. You can test your integration end-to-end before going live — no commitment required.
What are the sandbox and production base URLs?+
Sandbox and production share the same paths and differ only by base URL: use https://staging.eko.in/ekoapi/v3 for UAT / Sandbox, and https://api.eko.in/ekoicici/v3 for Production. A common cause of failures is calling the sandbox/staging URL with live credentials (or vice-versa) — make sure the base URL matches the keys you are using.
Do I need to whitelist my server IP?+
Production API access may require your static public (server) IP to be whitelisted. If your calls work from Postman but fail or time out from your own server, share your static public IP with us so we can whitelist it.
What response times can I expect?+
Most verification APIs return in real time with sub-second responses, and 99th-percentile latency stays under two seconds across verification endpoints. Transaction APIs (DMT, AePS, BBPS) respond within seconds.
Can the API handle high volumes?+
Yes. The API is designed to handle large-scale volumes reliably without performance degradation.
How is API usage billed?+
Usage is billed per successful API call with no minimum commitment. Volume-based pricing tiers are available — contact our team for detailed rates.
Get API Access
Sign up now and start integrating in minutes. Our team will help you go live quickly.
- Sandbox access in minutes
- Dedicated integration support
- Comprehensive documentation
- Reliable, high-volume workflows
Get Mobile OTP Verification API Access
Get started in 10 minutes