SMS OTP API Guide — Verify Users with One API Call

Hikmet Altun · 2026-06-05

Why SMS OTP?

SMS OTP (One-Time Password) remains the most widely used method for phone number verification. Whether you're building user signup, two-factor authentication, or transaction confirmation, SMS OTP provides a balance of security and user convenience that's hard to beat.

The challenge? Most SMS APIs require you to manage OTP generation, storage, expiry, and verification yourself. LANGR handles all of that in two API calls.

How LANGR SMS OTP Works

LANGR's SMS OTP flow is simple:

1. Send OTP: Call /v1/sms/send-otp with a phone number. LANGR generates a secure 6-digit code, stores it with a 5-minute TTL, and delivers it via SMS. 2. Verify OTP: Call /v1/sms/verify-otp with the phone number and code. LANGR validates the code and returns success or failure.

No database setup. No code generation logic. No expiry management.

Quick Start with the SDK

import { LangrClient } from "@langr/sdk";
const langr = new LangrClient({ apiKey: "lk_live_..." });
// Step 1: Send OTP
await langr.sms.sendOtp({ to: "+4512345678" });
// Step 2: User enters the code they received
const result = await langr.sms.verifyOtp({
  to: "+4512345678",
  code: "123456",
});
console.log(result.ok); // true if valid

Using the REST API Directly

If you prefer raw HTTP:

# Send OTP
curl -X POST https://api.langr.org/v1/sms/send-otp \
  -H "Authorization: Bearer lk_live_..." \
  -H "Content-Type: application/json" \
  -d '{"to": "+4512345678"}'
Verify OTP

curl -X POST https://api.langr.org/v1/sms/verify-otp \
  -H "Authorization: Bearer lk_live_..." \
  -H "Content-Type: application/json" \
  -d '{"to": "+4512345678", "code": "123456"}'

Auth API: OTP + Sessions

Need sessions after verification? Use the Auth API instead — it auto-detects email vs. phone and returns a session token:

// Send OTP (auto-detects SMS for phone numbers)
await langr.auth.sendOtp({ target: "+4512345678" });
// Verify and get a session token (30-day TTL)
const session = await langr.auth.verifyOtp({
  target: "+4512345678",
  code: "123456",
});
console.log(session.session_token); // las_...
console.log(session.expires_at);    // 30 days from now

The Auth API combines OTP verification with session management — one less thing to build.

Pricing

SMS OTP is included in all LANGR API plans:

  • Free: 100 requests/day (enough for development and testing)
  • Pro: 10,000 requests/day ($49/month)
  • Enterprise: Unlimited (custom pricing)

Every OTP send + verify counts as 2 requests.

Get Started

1. Sign up for a free API key 2. Install the SDK: npm install @langr/sdk 3. Read the full SMS API docs

Try LANGR API for free

Get your API key in seconds. 100 requests/day, all services included.

Get Free API Key
© 2026 LANGR. Europe-hosted. GDPR-compliant.