API de vérification OTP
Guide d'intégration application mobile
Envoyez des mots de passe à usage unique par SMS ou email et vérifiez-les depuis n'importe quelle application.
Cet endpoint nécessite un token Bearer ou X-API-Token — générez une clé API depuis Paramètres → Clé API.
Envoyer un OTP
Génère un code, l'envoie au destinataire et enregistre la tentative. Limité à un envoi par 60 secondes par destinataire.
Corps de requête
| Champ | Type | Description | |
|---|---|---|---|
| recipient | string | obligatoire | Numéro de téléphone (format E.164) ou adresse email. |
| channel | string | optionnel | "sms" ou "email". Par défaut : canal configuré dans les paramètres OTP. |
| lang | string | optionnel | Code de langue du modèle : en, ro, bg, fr, de, uk. Par défaut "en". |
| ref_id | string | optionnel | Votre référence optionnelle (ID de commande, session…) — retournée dans la réponse de vérification. |
Exemple de requête
cURL
curl -X POST "https://api.rcszilla.com/api/?endpoint=send_otp" \
-H "Authorization: Bearer YOUR-API-TOKEN" \
-H "Content-Type: application/json" \
-d '{"recipient":"+40700000000","channel":"sms","lang":"en","ref_id":"order_42"}'
PHP
$ch = curl_init('https://api.rcszilla.com/api/?endpoint=send_otp');
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => json_encode([
'recipient' => '+40700000000',
'channel' => 'sms',
'lang' => 'en',
'ref_id' => 'order_42',
]),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => ['Authorization: Bearer YOUR-API-TOKEN', 'Content-Type: application/json'],
]);
$result = json_decode(curl_exec($ch), true);
// $result = ['success' => true, 'otp_id' => 42]
Python
import requests
r = requests.post(
"https://api.rcszilla.com/api/",
params={"endpoint": "send_otp"},
json={"recipient": "+40700000000", "channel": "sms", "lang": "en", "ref_id": "order_42"},
headers={"Authorization": "Bearer YOUR-API-TOKEN"},
timeout=10,
)
print(r.json()) # {'success': True, 'otp_id': 42}
Node.js
const res = await fetch("https://api.rcszilla.com/api/?endpoint=send_otp", {
method: "POST",
headers: { "Authorization": "Bearer YOUR-API-TOKEN", "Content-Type": "application/json" },
body: JSON.stringify({ recipient: "+40700000000", channel: "sms", lang: "en", ref_id: "order_42" }),
});
const data = await res.json();
// data = { success: true, otp_id: 42 }
Ruby
require 'net/http'; require 'json'
uri = URI("https://api.rcszilla.com/api/?endpoint=send_otp")
req = Net::HTTP::Post.new(uri, 'Authorization' => 'Bearer YOUR-API-TOKEN', 'Content-Type' => 'application/json')
req.body = {recipient: '+40700000000', channel: 'sms', lang: 'en'}.to_json
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == 'https') { |h| h.request(req) }
puts JSON.parse(res.body)
Go
payload, _ := json.Marshal(map[string]string{"recipient": "+40700000000", "channel": "sms", "lang": "en"})
req, _ := http.NewRequest("POST", "https://api.rcszilla.com/api/?endpoint=send_otp", bytes.NewBuffer(payload))
req.Header.Set("Authorization", "Bearer YOUR-API-TOKEN")
req.Header.Set("Content-Type", "application/json")
resp, _ := http.DefaultClient.Do(req)
// read resp.Body...
Java
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://api.rcszilla.com/api/?endpoint=send_otp"))
.header("Authorization", "Bearer YOUR-API-TOKEN")
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(
"{\"recipient\":\"+40700000000\",\"channel\":\"sms\",\"lang\":\"en\"}"
))
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
// parse response.body() as JSON
Réponse
JSON200 OK
{
"success": true,
"message": "OTP sent.",
"otp_id": 42
}
JSON429 Rate Limited
{
"success": false,
"message": "Please wait 45 seconds before requesting a new code.",
"retry_after": 45
}
Vérifier un OTP
Vérifie le code soumis par rapport au dernier OTP actif pour ce destinataire.
Corps de requête
| Champ | Type | Description | |
|---|---|---|---|
| recipient | string | obligatoire | Même téléphone/email utilisé lors de l'envoi. |
| code | string | obligatoire | Le code saisi par l'utilisateur. |
Exemple de requête
cURL
curl -X POST "https://api.rcszilla.com/api/?endpoint=verify_otp" \
-H "Authorization: Bearer YOUR-API-TOKEN" \
-H "Content-Type: application/json" \
-d '{"recipient":"+40700000000","code":"123456"}'
PHP
$ch = curl_init('https://api.rcszilla.com/api/?endpoint=verify_otp');
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => json_encode(['recipient' => '+40700000000', 'code' => '123456']),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => ['Authorization: Bearer YOUR-API-TOKEN', 'Content-Type: application/json'],
]);
$result = json_decode(curl_exec($ch), true);
if ($result['success']) {
// phone verified — proceed with user action
}
Python
r = requests.post(
"https://api.rcszilla.com/api/",
params={"endpoint": "verify_otp"},
json={"recipient": "+40700000000", "code": "123456"},
headers={"Authorization": "Bearer YOUR-API-TOKEN"},
)
if r.json().get("success"):
pass # verified — continue
Node.js
const res = await fetch("https://api.rcszilla.com/api/?endpoint=verify_otp", {
method: "POST",
headers: { "Authorization": "Bearer YOUR-API-TOKEN", "Content-Type": "application/json" },
body: JSON.stringify({ recipient: "+40700000000", code: "123456" }),
});
const { success, message, otp_id, ref_id, verified_at } = await res.json();
Ruby
require 'net/http'; require 'json'
uri = URI("https://api.rcszilla.com/api/?endpoint=verify_otp")
req = Net::HTTP::Post.new(uri, 'Authorization' => 'Bearer YOUR-API-TOKEN', 'Content-Type' => 'application/json')
req.body = {recipient: '+40700000000', code: '123456'}.to_json
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == 'https') { |h| h.request(req) }
puts JSON.parse(res.body)
Go
payload, _ := json.Marshal(map[string]string{"recipient": "+40700000000", "code": "123456"})
req, _ := http.NewRequest("POST", "https://api.rcszilla.com/api/?endpoint=verify_otp", bytes.NewBuffer(payload))
req.Header.Set("Authorization", "Bearer YOUR-API-TOKEN")
req.Header.Set("Content-Type", "application/json")
resp, _ := http.DefaultClient.Do(req)
// read resp.Body...
Réponse
JSON200 OK
{
"success": true,
"message": "OTP verified successfully.",
"otp_id": 42,
"ref_id": "order_42",
"verified_at": "2026-05-05T14:30:00+00:00"
}
JSON422 Wrong Code
{
"success": false,
"message": "Wrong code. 2 attempt(s) remaining.",
"attempts_remaining": 2
}
Codes d'erreur
| HTTP | Description |
|---|---|
| 400 | Requête invalide ou action inconnue. |
| 401 | Token API invalide ou manquant. |
| 403 | Trop de tentatives incorrectes — OTP invalidé. |
| 404 | Aucun OTP actif trouvé pour ce destinataire. |
| 410 | L'OTP a expiré. |
| 422 | Code incorrect — la réponse inclut attempts_remaining. |
| 429 | Limite de débit — la réponse inclut retry_after (secondes). |
| 500 | Erreur de livraison — vérifiez les paramètres du canal. |