The Plivo Verify API enables programmatic user authentication via 2FA (Two-Factor Authentication) using SMS and voice calls. With just a few simple steps, you can easily integrate OTP-based verification into your applications.
1

Set Up an Applicationin Plivo Console

To start sending OTPs through Plivo’s Verify API, you first need to create a Verify Application in the Plivo Console.While configuring the application, you’ll need to define the following parameters:
  • OTP Length: Define how many characters your OTP will have.
  • Message Expiry Interval: Specify the time window (in seconds) during which the OTP will remain valid.
  • Template: Choose or create a template for delivering the OTP. For example, “Your brand_name verification code is otp.”
  • Other Settings: Configure additional options such as fraud protection and code expiry duration.
Once you’ve set up the application, you’ll be given an Application UUID. This UUID is essential and needs to be included when triggering requests to send or validate OTPs.
2

Create a Session to Send OTPs

What’s a sessionPlivo’s Verify API is designed around the concept of sessions. Each interaction with a user is a session. A session can have multiple attempts. Let’s say you send an OTP to a user at 10:00 a.m. with an expiry of 10 minutes. This activity initiates a session between you and your user that will expire at 10:10 a.m. You can send one or more requests to this user in this duration, and all the attempts will be considered part of the same session.Plivo lets you choose the length of your sessions and numbers of attempts that you can make to one destination within a session. All requests within a session deliver the same OTP to the user.Use the Create Session API using the following parameters to send the OTP:
  • app_uuid: The UUID of the application you created.
  • recipient: The phone number of the recipient to whom the OTP will be sent.
  • url: The callback URL for delivery status.
  • channel: Specify sms or voice for the OTP delivery method.
  • auth_id: Authentication Details
import plivo

# Sign in to see your API key embedded in code samples.
client = plivo.RestClient('<auth_id>', '<auth_token>')

try:
response = client.verify_session.create(
    recipient='<destination_number>', # +14151234567
    app_uuid='<your_verify_app_uuid>',
    channel='sms',  # or 'voice'
    url='https://your-domain.com/verify-callback',  # optional
    method='POST'
)
print(f"Session UUID: {response.session_uuid}")
except Exception as e:
print(f"Error: {e}")
While creating a session, it’s recommended to set a callback URL to receive real-time status updates for OTP delivery. This callback will notify you about whether the OTP was successfully delivered or not.
3

Validate the OTP

Once the OTP is delivered to the user and they enter it into your app or website, you need to validate the OTP using the Validate Session API. This API checks if the OTP entered by the user is correct.
import plivo

# Sign in to see your API key embedded in code samples.
client = plivo.RestClient('<auth_id>', '<auth_token>')

try:
response = client.verify_session.validate(
    session_uuid='<session_uuid>', # 12345678-1234-1234-1234-123456789012
    otp='<otp_code>' # 123456
)
print(f"Status: {response.message}")
except Exception as e:
print(f"Error: {e}")
  • otp: The OTP entered by the user
  • session_uuid: The UUID of the session generated during OTP creation
4

Handling OTP Verification

Once the OTP is validated, you can proceed with your authentication process. If the OTP is valid, allow the user to proceed with accessing your services. If the OTP entered is invalid, prompt them to re-enter or re-send the OTP.