Stytch – The most powerful identity platform built for developers

Send one-time passcode by WhatsApp

POST

https://test.stytch.com/v1/otps/whatsapp/send

Send a One-Time Passcode (OTP) to a User's WhatsApp. If you'd like to create a user and send them a passcode with one request, use our log in or create endpoint.

Note that sending another OTP code before the first has expired will invalidate the first code.

Cost to send SMS OTP

Before configuring SMS or WhatsApp OTPs, please review how Stytch bills the costs of international OTPs and understand how to protect your app against toll fraud.

Add a phone number to an existing user

This endpoint also allows you to add a new phone number to an existing Stytch User. Including a user_id, session_token, or session_jwt in your Send one-time passcode by WhatsApp request will add the new, unverified phone number to the existing Stytch User. If the user successfully authenticates within 5 minutes, the new phone number will be marked as verified and remain permanently on the existing Stytch User. Otherwise, it will be removed from the User object, and any subsequent login requests using that phone number will create a new User.

Next steps

Collect the OTP which was delivered to the user. Call Authenticate OTP using the OTP code along with the phone_id found in the response as the method_id.

Body parameters

phone_number* string

The phone number to use for one-time passcodes. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX). You may use +10000000000 to test this endpoint, see Testing for more detail.

expiration_minutes int

Set the expiration for the one-time passcode, in minutes. The minimum expiration is 1 minute and the maximum is 10 minutes. The default expiration is 2 minutes.

locale string

Used to determine which language to use when sending the user this delivery method. Parameter is a IETF BCP 47 language tag, e.g. "en".

Currently supported languages are English ("en"), Spanish ("es"), French ("fr") and Brazilian Portuguese ("pt-br"); if no value is provided, the copy defaults to English.

Request support for additional languages here!

attributes object

Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.

ip_address string

The IP address of the client.

user_agent string

The user agent of the client.

user_id string

The unique ID of a specific User. You may use an external_id here if one is set for the user.

session_token string

The session_token associated with a User's existing Session.

session_jwt string

The session_jwt associated with a User's existing Session.

Response fields

status_code int

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

request_id string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

user_id string

The unique ID of the affected User.

phone_id string

The unique ID for the phone number.

const stytch = require('stytch');

const client = new stytch.Client({
  project_id: 'PROJECT_ID',
  secret: 'SECRET',
});

const params = {
  phone_number: "+12025550162",
};

client.otps.whatsapp.send(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

RESPONSE 200

{
  "status_code": 200,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
  "phone_id": "phone-number-test-d5a3b680-e8a3-40c0-b815-ab79986666d0"
}

RESPONSE 400

{
  "status_code": 400,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "invalid_phone_number",
  "error_message": "phone_number format is invalid.",
  "error_url": "https://stytch.com/docs/api/errors/400"
}

RESPONSE 401

{
  "status_code": 401,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "unauthorized_credentials",
  "error_message": "Unauthorized credentials.",
  "error_url": "https://stytch.com/docs/api/errors/401"
}

RESPONSE 404

{
  "status_code": 404,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "phone_number_not_found",
  "error_message": "Phone number could not be found.",
  "error_url": "https://stytch.com/docs/api/errors/404"
}

RESPONSE 429

{
  "status_code": 429,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "too_many_requests",
  "error_message": "Too many requests have been made.",
  "error_url": "https://stytch.com/docs/api/errors/429"
}

RESPONSE 500

{
  "status_code": 500,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "internal_server_error",
  "error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
  "error_url": "https://stytch.com/docs/api/errors/500"
}

Delete

Via email

Embeddable

Start

Reset options

Via SMS

Via Whatsapp

Via email

Register

Authenticate

Token

M2M Client

Rotate secret

Tokens

Configuration

Methods

Consent Management

Application Management