Skip to main content
The /request endpoint initiates the 2FA handshake. It generates a unique 6-digit code, creates a secure session, and dispatches the message to the user’s mobile device.

Request Flow

When you call this endpoint, Zeckta:
  • Validates the destination number format
  • Verifies your approved Sender ID
  • Calculates billing
  • Generates a secure OTP session
  • Queues the SMS for immediate delivery

Endpoint

Method: POST
Path: /v1/messaging/otp/request

Request Body

FieldTypeRequiredDescription
deststringYesRecipient phone number in E.164 format (e.g., +233240000000).
srcstringYesApproved alphanumeric Sender ID (e.g., ZECKTA).
messageTemplatestringNoCustom message text. Must include the <OTP> placeholder.
purposestringNoLabel for audit trail (e.g., LOGIN, PASSWORD_RESET).

Implementation Example

curl -X POST https://api.zeckta.com/v1/messaging/otp/request \
  -H "Authorization: Bearer YOUR_SECRET:YOUR_WORKSPACE_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "dest": "+233240000000",
    "src": "ZECKTA",
    "messageTemplate": "Your security code is <OTP>. Valid for 3 mins.",
    "purpose": "VERIFICATION"
  }'

Successful Response

{
  "sessionId": "550e8400-e29b-41d4-a716-446655440000",
  "status": "PENDING",
  "expiresIn": 180
}

Security Considerations

  • OTP codes expire automatically.
  • Each session is single-use.
  • Rate limits apply to prevent brute-force attempts.
  • Always use HTTPS.