---
type: "product"
title: "Mobile OTP Verification API India | Send, Verify & Validate OTP"
description: "Send OTPs to mobile numbers, verify the code entered by the customer, and validate a signed proof token — for onboarding, payouts, and any OTP-gated transaction. Bring your own DLT-registered Sender ID."
category: "verification"
canonical: "https://eps.eko.in/products/mobile-otp-verification-api"
---


> **Canonical URL:** https://eps.eko.in/products/mobile-otp-verification-api
> This is a machine-readable Markdown version of the page for AI agents and LLMs. The primary (HTML) version lives at the canonical URL above.

# Mobile OTP Verification API for Secure Customer Onboarding

Send a one-time password to any mobile number, verify the code the customer enters, and get a signed 5-minute proof token to gate sensitive transactions. Use the Eko India sender by default, or your own DLT-registered Sender ID.

_Send, verify & validate mobile OTPs_

To get started, fill the form at https://eps.eko.in/signup (with your name, mobile number and email) or call us at +919513181707

## Overview

The Mobile OTP Verification API lets you confirm that a customer controls a mobile number before onboarding them or authorising a transaction. Send an OTP, verify the entered code, and receive a signed JWT proof token that downstream APIs can validate — so OTP verification can be proven server-to-server within a strict time window.

## Features

- Send OTP: Trigger an OTP SMS to the customer's primary mobile number and get a transaction id plus expiry timestamp.
- Verify OTP: Validate the code the customer entered and receive a signed otp_verification_token as proof.
- Validate Token: Confirm the proof token is authentic and was issued within the last 5 minutes — ideal for server-to-server checks.
- Custom Sender ID: Send OTPs under your own brand by registering a Sender ID and content template on a telecom DLT platform.

## Who Should Use This

- Fintechs and NBFCs onboarding customers
- Agent-banking and assisted-commerce platforms
- Marketplaces verifying buyers and sellers
- Any product gating actions behind mobile verification

## Use Cases

- Verify a mobile number during customer onboarding
- Two-factor confirmation before payouts or high-value transactions
- Prove OTP verification to a downstream API via the token
- Reduce fake signups with real mobile-ownership checks

## What Can You Verify With Mobile/OTP Verification API?

- **OTP Expiry** — Timestamp until which the OTP stays valid. Verify before this time.
- **OTP Verification Token** — Signed JWT proving the OTP was verified. Contains the verified mobile and a unique token id; valid for 5 minutes. Validate it with the Validate OTP-Verification-Token API.
- **Verified Mobile** — The mobile number that was verified.

## API Preview — Send OTP

`POST /tools/kyc/mobile/otp`

### Example inputs

| Field | Value |
| --- | --- |
| CSP ID | 9002336768 |
| Mobile Number | 9002336768 |

### Example outputs

| Field | Value |
| --- | --- |
| OTP Expiry | Fri May 22 16:04:04 IST 2026 |

## API Preview — Verify OTP

`PUT /tools/kyc/mobile/otp/verify`

### Example inputs

| Field | Value |
| --- | --- |
| OTP | 3643 |
| Mobile Number | 9002336768 |

### Example outputs

| Field | Value |
| --- | --- |
| OTP Verification Token | eyJ0eXAiOiJKV1QiLCJ...5aXdrqrNcEbhfYfDsI |
| Verified Mobile | 9002336768 |

## API Preview — Validate OTP-Verification-Token

`GET /tools/kyc/mobile/otp/validate-token`

### Example inputs

| Field | Value |
| --- | --- |
| OTP Verification Token | eyJ0eXAiOiJKV1QiLCJ...5aXdrqrNcEbhfYfDsI |

### Example outputs

| Field | Value |
| --- | --- |
| Verified Mobile | 9002336768 |

## Integration Steps

1. **Sign Up** — Create an account on Connect App and get your sandbox credentials.
2. **Submit KYC** — Complete your KYC verification process by submitting the required documents.
3. **Integrate API** — Use our comprehensive documentation to integrate the APIs.
4. **Test in Sandbox** — Test your integration thoroughly in our sandbox environment.
5. **Go Live** — Start sending and verifying OTPs in production.

## FAQs

### What is the OTP verification token?
On successful Verify OTP, the API returns a signed JWT (otp_verification_token) containing the verified mobile and a unique token id. It is valid for 5 minutes and acts as proof that OTP verification happened — pass it to downstream transactions and confirm it with the Validate Token API.

### How long is the OTP and the token valid?
The OTP stays valid until the otp_expiry_timestamp returned by Send OTP. The verification token issued by Verify OTP is valid for 5 minutes from generation.

### Can I send OTPs with my own company name?
Yes. By default OTPs are sent with the Eko India signature. To use your own Sender ID and template, register as a Principal Entity on a telecom DLT platform, register a Sender ID and the OTP content template, and share the approved details during onboarding.

### How is the API billed?
You are billed per OTP sent. Verify OTP and Validate Token are free follow-up calls.

### How do I get started?
Sign up on Connect App, submit the required documents, integrate the REST API using our sandbox environment, and go live.

### What are the different ways to integrate with Eko?
Integrate in whichever way suits your stack: call the REST APIs directly, use our official SDKs (JavaScript and PHP) to skip request-signing boilerplate, or let an AI coding agent build the integration using our MCP server and skills. See the Developers and AI sections for each path.

### How does API authentication work?
Each request carries your static `developer_key` header plus a per-request `secret-key` header — an HMAC-SHA256 signature of the current timestamp, keyed by your access key. The access key itself is never sent over the wire. You receive UAT keys on signup and production keys after KYC.

### Is there a sandbox environment for testing?
Yes. A full sandbox environment is available immediately on signup. You can test your integration end-to-end before going live — no commitment required.

### What are the sandbox and production base URLs?
Sandbox and production share the same paths and differ only by base URL: use https://staging.eko.in/ekoapi/v3 for UAT / Sandbox, and https://api.eko.in/ekoicici/v3 for Production. A common cause of failures is calling the sandbox/staging URL with live credentials (or vice-versa) — make sure the base URL matches the keys you are using.

### Do I need to whitelist my server IP?
Production API access may require your static public (server) IP to be whitelisted. If your calls work from Postman but fail or time out from your own server, share your static public IP with us so we can whitelist it.

### What response times can I expect?
Most verification APIs return in real time with sub-second responses, and 99th-percentile latency stays under two seconds across verification endpoints. Transaction APIs (DMT, AePS, BBPS) respond within seconds.

### Can the API handle high volumes?
Yes. The API is designed to handle large-scale volumes reliably without performance degradation.

### How is API usage billed?
Usage is billed per successful API call with no minimum commitment. Volume-based pricing tiers are available — contact our team for detailed rates.

## API Endpoints

- [Send OTP](https://eps.eko.in/docs/mobile-otp-send.md) (POST)
- [Verify OTP](https://eps.eko.in/docs/mobile-otp-verify.md) (PUT)
- [Validate OTP-Verification-Token](https://eps.eko.in/docs/mobile-otp-validate-token.md) (GET)

## API Documentation

- [Full developer docs](https://eps.eko.in/docs/mobile-otp-send)

## Related Products

- [PAN Verification](https://eps.eko.in/products/pan-verification-api): Full PAN identity fetch in <2 seconds ([markdown](https://eps.eko.in/products/pan-verification-api.md))
- [Bank Account Verification](https://eps.eko.in/products/bank-verification-api): Penny-drop bank account validation ([markdown](https://eps.eko.in/products/bank-verification-api.md))
- [GST Verification](https://eps.eko.in/products/gst-verification-api): GSTIN lookup & filing status ([markdown](https://eps.eko.in/products/gst-verification-api.md))
- [DigiLocker Integration](https://eps.eko.in/products/digilocker-api): Fetch notarised docs — Aadhaar, DL, marksheets, etc ([markdown](https://eps.eko.in/products/digilocker-api.md))
- [UPI ID (VPA) Verification](https://eps.eko.in/products/upi-verification-api): Validate UPI ID (VPA) in real time ([markdown](https://eps.eko.in/products/upi-verification-api.md))

- [Site index](https://eps.eko.in/index.md): Full list of API products, industries, and solution packs