Verify users with a single API call
Send one-time passwords via SMS, WhatsApp, or Voice -- with automatic channel fallback, built-in fraud detection, and a 99.5% verification rate. Two endpoints. Zero OTP infrastructure to build.
Three steps to verified users
No OTP infrastructure to build, no delivery logic to manage, no fraud rules to maintain. Just two API calls and you are done.
Your app requests verification
Call our API with the user's phone number and preferred channel. We generate a cryptographically secure OTP and queue it for delivery.
Sakura sends the OTP
We deliver the code via SMS, WhatsApp, or Voice -- whichever channel you specify. If the first channel fails, we automatically fall back to the next.
User enters code, Sakura validates
The user enters the code in your app. You pass it to our verify endpoint, and we confirm whether it is correct, expired, or invalid. One response, one boolean.
Built for security at scale
Every feature is designed to maximize verification rates while minimizing fraud and cost.
Fraud Guard
Built-in rate limiting, device fingerprinting, and phone number reputation scoring. Block SMS pumping, toll fraud, and bot attacks before they reach your verification flow.
Silent Network Auth
Verify users without sending a code. SNA uses carrier-level SIM authentication to confirm the user possesses the phone number -- zero friction, instant verification.
Channel Fallback
Define a fallback chain across SMS, WhatsApp, and Voice. If delivery fails on one channel, the system automatically retries on the next until the OTP is delivered.
Customizable Templates
Personalize the OTP message with your brand name, custom text, and localized language. Templates support variable substitution and are pre-approved for fast delivery.
Time-Based Expiry
Configure OTP expiry from 60 seconds to 10 minutes. Shorter windows increase security; longer windows accommodate users on slower networks. Expired codes are automatically purged.
Geographic Intelligence
Route OTPs through the optimal carrier path based on the recipient's location and network. Detect geographic anomalies to flag suspicious verification attempts in real time.
Two endpoints. That's it.
Request an OTP with one call, verify it with another. Our SDKs handle authentication, error handling, and retry logic. Most developers are live in under 30 minutes.
import { SakuraSMS } from "@sakura-sms/sdk";
const client = new SakuraSMS("sk_live_your_api_key");
// Step 1: Request OTP
const verification = await client.verify.request({
to: "+255712345678",
channel: "sms", // "sms" | "whatsapp" | "voice"
code_length: 6,
expiry: 300, // seconds
});
console.log(verification.request_id); // vrf_abc123
// Step 2: Verify OTP
const result = await client.verify.check({
request_id: "vrf_abc123",
code: "482916",
});
console.log(result.status); // "approved"Frequently asked questions
Everything you need to know about verifying users with the Sakura Verify API.
The Verify API is a purpose-built service for user verification. It handles the entire OTP lifecycle -- generating secure codes, delivering them via SMS, WhatsApp, or Voice, managing expiry and retry logic, and validating user input. You make two API calls: one to request a verification, and one to check the code the user enters.
Verify supports four channels: SMS, WhatsApp, Voice, and Silent Network Authentication (SNA). You can configure automatic fallback so if delivery fails on one channel, the system retries on the next. For example, SMS first, then WhatsApp if undelivered after 30 seconds, then a voice call.
OTP codes can be 4 to 10 digits long, with 6 being the default and recommended length. Expiry is configurable from 60 seconds to 600 seconds (10 minutes), with the default set at 300 seconds (5 minutes). Shorter expiry windows are more secure but may impact user experience on slower networks.
Verify includes built-in rate limiting at multiple levels: per phone number (default 5 requests per 10 minutes), per IP address, and per account. If a phone number exceeds the rate limit, the API returns a 429 status with a retry-after header. You can customize these thresholds in your dashboard.
Verify is priced per successful verification. You pay only when a user successfully enters the correct code. Failed attempts, expired codes, and retries on fallback channels are not charged separately. Volume discounts are available starting at 10,000 verifications per month. Contact sales for enterprise pricing.
Verify includes Fraud Guard, which uses device fingerprinting, velocity checks, geographic anomaly detection, and phone number reputation scoring to block fraudulent verification attempts before they cost you money. Fraud Guard can block toll fraud, SMS pumping attacks, and bot-driven abuse automatically.
You define a fallback chain when requesting a verification, for example ['sms', 'whatsapp', 'voice']. If the OTP is not delivered on the first channel within a configurable timeout (default 30 seconds), the system automatically retries on the next channel. This continues until delivery succeeds or all channels are exhausted.
Most developers integrate Verify in under 30 minutes. The API requires just two endpoints: request and check. Our SDKs for JavaScript, Python, PHP, Java, and Go handle authentication, error handling, and retry logic. Pre-built UI components for React and Flutter are also available to speed up front-end integration.
Yes. All messages sent through the Verify API comply with TCRA regulations and the Tanzania Data Protection Act. OTP codes are generated using cryptographically secure random number generators, stored with AES-256 encryption, and automatically purged after expiry. We maintain SOC 2 Type II compliance and provide audit logs for all verification events.
Start verifying users today
Create an account, get your API key, and send your first OTP in under five minutes.