/otp/sendSend OTP
Generates a 6-digit OTP, stores a salted hash in Redis (TTL 5 minutes), and delivers via SMS or email.
Middleware: validateAppApiKey → checkOtpSendCooldown (SMS only) → rateLimitOtpSend → global rate limit.
Rate limits (send/resend only):
- Global: 10 requests/minute per appId (or apiKey / IP fallback)
- Per phone: 3/minute, 10/hour
Cooldown (SMS only): Redis key blocks rapid resends after successful SMS send.
SMS delivery: When OTP_DLT_ENABLED=true and the app is mapped in otp-mappings.json
with dltEnabled: true, OTP SMS uses Fast2SMS route=dlt (e.g. eNandi LOGIN_OTP).
Otherwise OTP uses Fast2SMS route=q (legacy free-text).
OTP templates (LOGIN_OTP, LOGIN_OTP_WITH_ID): Use this endpoint only — not POST /notify.
See /docs/api/otp for full narrative.
operationId: otpSend
Related documentation
Request
Requires appId and apiKey in the JSON body.
Schemas: SMS (default channel) — eNandi LOGIN_OTP via DLT, SMS — LOGIN_OTP_WITH_ID (optional loginId), EMAIL channel
SMS (default channel) — eNandi LOGIN_OTP via DLT
{
"appId": "eNandi",
"apiKey": "your-secret-key",
"phone": "918660397320"
}SMS — LOGIN_OTP_WITH_ID (optional loginId)
{
"appId": "eNandi",
"apiKey": "your-secret-key",
"phone": "918660397320",
"loginId": "user_7488"
}EMAIL channel
{
"appId": "enandi-app",
"apiKey": "your-secret-key",
"channel": "EMAIL",
"email": "user@example.com"
}