Skip to main content
POST
/
v1
/
sms
/
verify
/
check
Check Verification Code
curl --request POST \
  --url https://api.example.com/v1/sms/verify/check \
  --header 'Content-Type: application/json' \
  --data '
{
  "phone": "<string>",
  "code": "<string>"
}
'
{
  "valid": true,
  "status": "<string>",
  "message": "<string>"
}

Request Body

phone
string
required
The phone number that received the code
code
string
required
The verification code entered by the user

Response

valid
boolean
Whether the code is valid
status
string
One of: verified, invalid, expired, max_attempts
message
string
Human-readable result message

Examples

curl -X POST https://www.unosend.co/api/v1/sms/verify/check \
  -H "Authorization: Bearer un_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "phone": "+14155551234",
    "code": "123456"
  }'

Response Examples

Successful Verification

{
  "valid": true,
  "status": "verified",
  "message": "Phone number verified successfully"
}

Invalid Code

{
  "valid": false,
  "status": "invalid",
  "message": "Invalid code. 2 attempts remaining."
}

Expired Code

{
  "valid": false,
  "status": "expired",
  "message": "Verification code has expired"
}

Max Attempts Exceeded

{
  "valid": false,
  "status": "max_attempts",
  "message": "Maximum verification attempts exceeded"
}

Security Features

  • Rate limiting: Maximum 3 attempts per verification code
  • Expiration: Codes expire after 10 minutes by default
  • One-time use: Codes are invalidated after successful verification
  • Automatic cleanup: Expired codes are marked as such

Best Practices

  1. Don’t reveal too much: Avoid telling users if the phone number exists
  2. Handle all statuses: Show appropriate messages for each status
  3. Retry flow: Allow users to request a new code if expired or max attempts
  4. Log attempts: Monitor for brute force attempts