Send OTP
Contents
Send Two-Factor Verification Code
Base URL
https://apimobile.callproof.com
Endpoint
/api/v1/verify-code
Purpose
Sends a six-digit verification code to a registered user's email address.
The code is used to complete two-factor authentication for mobile access. The API supports both initial code requests and resend requests.
Request limits are applied separately to initial and resend requests. Normally, up to three requests of each type may be made per day.
HTTP Method
POST
Headers
| Header | Required | Description |
|---|---|---|
| Authorization | Yes | Bearer access token. |
| Content-Type | Yes | application/x-www-form-urlencoded or application/json.
|
Security
- Yes – Requires Bearer Token authentication.
- The access token must be active and unexpired.
- The authenticated user and associated company account must be active.
- Completed two-factor verification is not required to call this endpoint.
Parameters
Request Body Fields
| Parameter | Type | Required | Description |
|---|---|---|---|
| string | Yes | A registered email address that will receive the verification code. | |
| type | string | Yes | Indicates whether to send an initial code or resend a code. |
Supported Type Values
| Value | Meaning |
|---|---|
| send-verification-code | Sends an initial verification code. |
| resend-verification-code | Sends another verification code. |
Successful Response (200)
Confirms that a six-digit verification code was generated and sent to the supplied registered email address.
| Response Field | Type | Description |
|---|---|---|
| clientStatusCode | integer | Business-level response status. A successful request returns 200.
|
| user_id | integer | The authenticated user's unique identifier. |
| company_id | integer | The company associated with the authenticated user. |
| message | string | Confirmation message. The successful value is Verification Code Sent Successfully.
|
| uri | string | The URL of the verification-code request. |
Error Responses
| HTTP Status Code | Client Status Code | Meaning |
|---|---|---|
| 200 | 401 | The required email field was not supplied.
|
| 200 | 401 | The required type field was not supplied.
|
| 200 | 401 | The supplied email address is not registered. |
| 200 | 400 | The verification-code request limit was reached. |
| 200 | 400 | The supplied type value is unsupported.
|
| 200 | 400 | The verification email could not be sent. |
| 401 | 401 | The Bearer token is missing or invalid. |
| 401 | 401 | The access token has expired. |
| 401 | 401 | The authenticated user or company account is disabled. |
| 401 | 401 | A required client application update must be installed. |
Error Response Fields
| Response Field | Type | Description |
|---|---|---|
| clientStatusCode | integer | The business-level error status, commonly 400 or 401.
|
| error.code | integer | The business error code. |
| error.message | string | A plain-language explanation of why the verification code could not be sent. |
| uri | string | The URL of the request. |
Common Error Codes
| Error Code | Meaning |
|---|---|
| 1500 | Authentication, validation, email lookup, or code-delivery failure. |
| 1800 | The user or company account is disabled. |
| 8000 | The access token has expired. |
| 9000 | A required client application update is available. |