Skip to main content
The Verify API is not just an API to send an OTP code to a phone number. It’s a tool that allows you to build and manage the full phone verification flow in your application. By understanding the verification lifecycle, you can leverage the full potential of the Verify API and build a fully-functional OTP flow in your application.

Verification window

A verification window is the time span that starts when you send a verification request for a phone number. Any subsequent calls for that same number within this window are treated as retries on the same verification rather than new one. When the window ends—or the user successfully checks the code—the next verification call creates a new verification window.
1

Create a verification request

Your user enters their phone number in your application and you perform a verification request.
2

Filter-out fraud

We analyze the request and check for fraud using our existing database and the Signals you provided.If the verification is suspicious the request is blocked, no verification window is opened and we don’t send any code. In that case you will receive a response with the status blocked.Learn more about our fraud prevention system here.
3

Start the verification window

Prelude creates a new verification window. Inside this window, any subsequent attempts and checks will be added.Any subsequent attempts and checks will be added to this lifecycle up until:
  • the user converts by inputting a correct code.
  • the maximum number of attempts is reached.
  • the maximum number of checks is reached.
  • the window expires (typically after a few minutes).
A response with the status success will be returned when a new verification window is created.
You can configure the maximum number of attempts as well as the duration of the verification window from the Prelude dashboard
4

Send the code

Prelude compares all of the available and sends a code using the one with the better combination of cost and conversion rate.Learn more about multi-routing and multi-channel delivery here.
5

Retry sending the code

If the user requests another, you can initiate a retry during the same verification window by repeating the same verification request with the same phone number.A response with the status retry will be returned when a new attempt is created within the same verification window.The request will fail with a 429 Too Many Requests error code if the maximum number of attempts is reached (too_many_attempts) or if it is performed before the minimum delay between retries is reached (premature_retry).For each new attempt, Prelude switches to another route to increase the chances of the user receiving the code and converting.
6

Check the code

The user receives the code and enters it in your application.You then send it to the Check endpoint. If it’s correct, the endpoint returns a valid status code.The request will fail with a 429 Too Many Requests error code if the maximum number of checks is reached (too_many_checks).
For each verification request, you can inspect it along with the entire verification lifecycle from the Prelude dashboard by looking at the Verifications tab or by searching for it using the search modal.

Rate limiting

Whereas there are no application-level rate limits, we do have a rate limit on the number of verification requests per phone number per time span. This is to prevent excessive charges and abuse attempts (such as SMS pumping) on your account. You can configure the amount of verification requests per phone number per time span from the Prelude dashboard. If a phone number exceeds the limit of verification requests per time span, you will receive a response with the status blocked. The phone number will be automatically unblocked after the time span has expired.

Next steps

Build a fully-functional SMS OTP flow in your application by following the steps below.

Set up your app

And get your credentials.

Send an OTP code

To your user’s phone.

Verify a code

And authenticate a user.