How it works
What is Octotp?
Octotp is an API service that generates and validates one-time verification codes. You call the API to create a code, deliver it to your user (by email or SMS), and then validate it when they enter it.
How it works
Step 1: Create a project
Sign up and create a project in the Octotp dashboard. You receive an API key scoped to that project.
Step 2: Create a token
Send a POST request to /api/tokens with:
- Your project ID
- The recipient’s email or phone number
- Optional: custom expiry (default 5 minutes)
The API returns a 6-digit code and the expiry time. You are responsible for delivering this code to the user (e.g. via your email service or SMS provider).
Step 3: User enters the code
Your user receives the code and enters it in your app.
Step 4: Validate the token
Send a POST request to /api/tokens/validate with:
- Project ID
- Recipient email or phone (must match the create request)
- The code the user entered
The API returns { "isValid": true } or { "isValid": false }.
Step 5: Tokens are single-use
Each token can be validated only once. After validation, it is marked as used and cannot be reused.
API summary
| Action | Endpoint | Purpose |
|---|---|---|
| Create token | POST /api/tokens | Generate a new code |
| Validate token | POST /api/tokens/validate | Check if the code is correct |
All requests require the X-Api-Key header with your project’s API key.
Next steps
See the API integration guide for request and response examples.