Adding WhatsApp verification to a Node.js backend is two REST calls: POST /v1/send to send the OTP and POST /v1/verify to check the code. This example uses the built-in fetch in Node 18+, so there is nothing to install.
10 free OTPs on signup — no credit card required.
Generate an API key, then POST the destination number to /v1/send. OTP Space returns 202 Accepted once the message is queued for WhatsApp delivery.
// Node.js 18+ ships a global fetch — no dependencies needed.
// The key comes from https://app.otpspace.com/dashboard/api-keys.
// Keep it on the server; never expose it in a browser or mobile client.
const API_KEY = process.env.OTPSPACE_API_KEY;
const BASE = "https://api.otpspace.com/v1";
// Send a WhatsApp OTP to an Indonesian number in E.164 form,
// e.g. "+6281234567890". Resolves once OTP Space returns 202 Accepted.
export async function sendOtp(phone) {
const res = await fetch(BASE + "/send", {
method: "POST",
headers: {
"Authorization": "Bearer " + API_KEY,
"Content-Type": "application/json",
},
body: JSON.stringify({ phone: phone }),
});
if (res.status !== 202) {
const err = await res.json().catch(() => ({}));
throw new Error(err.error || ("otp send failed: " + res.status));
}
return res.json(); // { success, data: { otp_id, ... }, credits_remaining }
}
POST the same number plus the code the user entered to /v1/verify. A 200 OK means the code is correct; every number gets up to 5 attempts before the OTP locks.
// Verify the code the user typed. A 200 status means the code is correct;
// 422 (wrong code), 410 (expired) and 429 (too many attempts) mean it is not.
export async function verifyOtp(phone, code) {
const res = await fetch(BASE + "/verify", {
method: "POST",
headers: {
"Authorization": "Bearer " + API_KEY,
"Content-Type": "application/json",
},
body: JSON.stringify({ phone: phone, code: code }),
});
return res.status === 200; // 200 = verified
}
A successful send responds immediately with the masked destination, an otp_id you can track, and your remaining credits.
{
"success": true,
"data": {
"otp_id": "otp_abc123def456",
"destination": "6281234***90",
"channel": "whatsapp",
"status": "queued",
"expires_at": "2026-07-17T10:05:00Z"
},
"credits_remaining": 994
}
OTP Space delivers one-time passwords over WhatsApp to every Indonesian carrier through two REST calls — no WhatsApp Business API setup, no template approvals, no SDK to install. It works the same from any language: sign up, generate a key, and send. The examples here use only the standard library so you can drop them straight into an existing service.
Sign up free, generate your API key, and integrate in two REST calls — no credit card, no sales call, no WhatsApp Business verification.