RCSZilla Version 1.0

API de vérification OTP

Guide d'intégration application mobile

Envoyez des mots de passe à usage unique par SMS ou email et vérifiez-les depuis n'importe quelle application.

*
Cet endpoint nécessite un token Bearer ou X-API-Token — générez une clé API depuis Paramètres → Clé API.

Envoyer un OTP

POST /api/?endpoint=send_otp

Génère un code, l'envoie au destinataire et enregistre la tentative. Limité à un envoi par 60 secondes par destinataire.

Corps de requête

Champ Type Description
recipient string obligatoire Numéro de téléphone (format E.164) ou adresse email.
channel string optionnel "sms" ou "email". Par défaut : canal configuré dans les paramètres OTP.
lang string optionnel Code de langue du modèle : en, ro, bg, fr, de, uk. Par défaut "en".
ref_id string optionnel Votre référence optionnelle (ID de commande, session…) — retournée dans la réponse de vérification.

Exemple de requête

cURL
curl -X POST "https://api.rcszilla.com/api/?endpoint=send_otp" \
  -H "Authorization: Bearer YOUR-API-TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"recipient":"+40700000000","channel":"sms","lang":"en","ref_id":"order_42"}'
PHP
$ch = curl_init('https://api.rcszilla.com/api/?endpoint=send_otp');
curl_setopt_array($ch, [
    CURLOPT_POST           => true,
    CURLOPT_POSTFIELDS     => json_encode([
        'recipient' => '+40700000000',
        'channel'   => 'sms',
        'lang'      => 'en',
        'ref_id'    => 'order_42',
    ]),
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER     => ['Authorization: Bearer YOUR-API-TOKEN', 'Content-Type: application/json'],
]);
$result = json_decode(curl_exec($ch), true);
// $result = ['success' => true, 'otp_id' => 42]
Python
import requests

r = requests.post(
    "https://api.rcszilla.com/api/",
    params={"endpoint": "send_otp"},
    json={"recipient": "+40700000000", "channel": "sms", "lang": "en", "ref_id": "order_42"},
    headers={"Authorization": "Bearer YOUR-API-TOKEN"},
    timeout=10,
)
print(r.json())  # {'success': True, 'otp_id': 42}
Node.js
const res = await fetch("https://api.rcszilla.com/api/?endpoint=send_otp", {
  method: "POST",
  headers: { "Authorization": "Bearer YOUR-API-TOKEN", "Content-Type": "application/json" },
  body: JSON.stringify({ recipient: "+40700000000", channel: "sms", lang: "en", ref_id: "order_42" }),
});
const data = await res.json();
// data = { success: true, otp_id: 42 }
Ruby
require 'net/http'; require 'json'
uri = URI("https://api.rcszilla.com/api/?endpoint=send_otp")
req = Net::HTTP::Post.new(uri, 'Authorization' => 'Bearer YOUR-API-TOKEN', 'Content-Type' => 'application/json')
req.body = {recipient: '+40700000000', channel: 'sms', lang: 'en'}.to_json
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == 'https') { |h| h.request(req) }
puts JSON.parse(res.body)
Go
payload, _ := json.Marshal(map[string]string{"recipient": "+40700000000", "channel": "sms", "lang": "en"})
req, _ := http.NewRequest("POST", "https://api.rcszilla.com/api/?endpoint=send_otp", bytes.NewBuffer(payload))
req.Header.Set("Authorization", "Bearer YOUR-API-TOKEN")
req.Header.Set("Content-Type", "application/json")
resp, _ := http.DefaultClient.Do(req)
// read resp.Body...
Java
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
    .uri(URI.create("https://api.rcszilla.com/api/?endpoint=send_otp"))
    .header("Authorization", "Bearer YOUR-API-TOKEN")
    .header("Content-Type", "application/json")
    .POST(HttpRequest.BodyPublishers.ofString(
        "{\"recipient\":\"+40700000000\",\"channel\":\"sms\",\"lang\":\"en\"}"
    ))
    .build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
// parse response.body() as JSON

Réponse

JSON200 OK
{
  "success": true,
  "message": "OTP sent.",
  "otp_id": 42
}
JSON429 Rate Limited
{
  "success": false,
  "message": "Please wait 45 seconds before requesting a new code.",
  "retry_after": 45
}

Vérifier un OTP

POST /api/?endpoint=verify_otp

Vérifie le code soumis par rapport au dernier OTP actif pour ce destinataire.

Corps de requête

Champ Type Description
recipient string obligatoire Même téléphone/email utilisé lors de l'envoi.
code string obligatoire Le code saisi par l'utilisateur.

Exemple de requête

cURL
curl -X POST "https://api.rcszilla.com/api/?endpoint=verify_otp" \
  -H "Authorization: Bearer YOUR-API-TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"recipient":"+40700000000","code":"123456"}'
PHP
$ch = curl_init('https://api.rcszilla.com/api/?endpoint=verify_otp');
curl_setopt_array($ch, [
    CURLOPT_POST           => true,
    CURLOPT_POSTFIELDS     => json_encode(['recipient' => '+40700000000', 'code' => '123456']),
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER     => ['Authorization: Bearer YOUR-API-TOKEN', 'Content-Type: application/json'],
]);
$result = json_decode(curl_exec($ch), true);
if ($result['success']) {
    // phone verified — proceed with user action
}
Python
r = requests.post(
    "https://api.rcszilla.com/api/",
    params={"endpoint": "verify_otp"},
    json={"recipient": "+40700000000", "code": "123456"},
    headers={"Authorization": "Bearer YOUR-API-TOKEN"},
)
if r.json().get("success"):
    pass  # verified — continue
Node.js
const res = await fetch("https://api.rcszilla.com/api/?endpoint=verify_otp", {
  method: "POST",
  headers: { "Authorization": "Bearer YOUR-API-TOKEN", "Content-Type": "application/json" },
  body: JSON.stringify({ recipient: "+40700000000", code: "123456" }),
});
const { success, message, otp_id, ref_id, verified_at } = await res.json();
Ruby
require 'net/http'; require 'json'
uri = URI("https://api.rcszilla.com/api/?endpoint=verify_otp")
req = Net::HTTP::Post.new(uri, 'Authorization' => 'Bearer YOUR-API-TOKEN', 'Content-Type' => 'application/json')
req.body = {recipient: '+40700000000', code: '123456'}.to_json
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == 'https') { |h| h.request(req) }
puts JSON.parse(res.body)
Go
payload, _ := json.Marshal(map[string]string{"recipient": "+40700000000", "code": "123456"})
req, _ := http.NewRequest("POST", "https://api.rcszilla.com/api/?endpoint=verify_otp", bytes.NewBuffer(payload))
req.Header.Set("Authorization", "Bearer YOUR-API-TOKEN")
req.Header.Set("Content-Type", "application/json")
resp, _ := http.DefaultClient.Do(req)
// read resp.Body...

Réponse

JSON200 OK
{
  "success": true,
  "message": "OTP verified successfully.",
  "otp_id": 42,
  "ref_id": "order_42",
  "verified_at": "2026-05-05T14:30:00+00:00"
}
JSON422 Wrong Code
{
  "success": false,
  "message": "Wrong code. 2 attempt(s) remaining.",
  "attempts_remaining": 2
}

Codes d'erreur

HTTP Description
400Requête invalide ou action inconnue.
401Token API invalide ou manquant.
403Trop de tentatives incorrectes — OTP invalidé.
404Aucun OTP actif trouvé pour ce destinataire.
410L'OTP a expiré.
422Code incorrect — la réponse inclut attempts_remaining.
429Limite de débit — la réponse inclut retry_after (secondes).
500Erreur de livraison — vérifiez les paramètres du canal.