Verify phone numbers via SMS, Flashcall, Phone Call, Data (seamless carrier-level), or WhatsApp with Sinch Verification API. Use when implementing user phone verification, OTP, two-factor authentication, or number ownership confirmation flows.
From sinch-claude-pluginnpx claudepluginhub sinch/sinch-plugins --plugin sinch-claude-pluginThis skill uses the workspace's default tool permissions.
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.
Details PluginEval's skill quality evaluation: 3 layers (static, LLM judge), 10 dimensions, rubrics, formulas, anti-patterns, badges. Use to interpret scores, improve triggering, calibrate thresholds.
The Sinch Verification API verifies phone numbers through SMS OTP, Flashcall (missed call CLI), Phone Call (spoken OTP), Data (carrier-level), and WhatsApp OTP. Used for registration, 2FA, and number ownership confirmation.
Base URL: https://verification.api.sinch.com
URL path prefix: /verification/v1/
Auth: Application Key + Secret (NOT project-level OAuth2 — see Authentication Guide)
Before generating code, you MUST ask the user:
sms, flashcall, callout, seamless, or whatsappDo not assume defaults or skip these questions. Wait for answers before generating code.
For SDK syntax, fetch the appropriate reference:
For direct HTTP, use the API Reference (Markdown) for request/response schemas.
See sinch-authentication skill for dashboard setup.
The Verification API uses Application Key + Application Secret (from your Sinch dashboard app), not project-level OAuth2. Three auth methods are supported:
| Method | Use for |
|---|---|
| Application Signed Request | Secure authentication method for production traffic |
| Basic Auth | Simple method for prototyping and trying out API calls |
| Public Auth | Insecure environments (end user's device). Android/iOS SDK only, requires callback webhook |
Minimum auth level is configurable in the Sinch Dashboard — requests below that level are rejected. See the Authentication Guide for signing details.
| Language | Package | Install |
|---|---|---|
| Node.js | @sinch/sdk-core or @sinch/verification | npm install @sinch/sdk-core |
| Python | sinch | pip install sinch |
| Java | com.sinch.sdk:sinch-sdk-java | Maven dependency |
| .NET | Sinch | dotnet add package Sinch |
All SDKs initialize with applicationKey + applicationSecret (not project credentials).
# Uses Basic Auth (-u) for simplicity. Use Application Signed Requests in production.
curl -X POST https://verification.api.sinch.com/verification/v1/verifications \
-H 'Content-Type: application/json' \
-u YOUR_APPLICATION_KEY:YOUR_APPLICATION_SECRET \
-d '{
"identity": { "type": "number", "endpoint": "+12025550134" },
"method": "sms"
}'
Response includes id (verification ID), sms.template, sms.interceptionTimeout, and _links with localized URLs for status/report actions.
| Method | Value | Behavior |
|---|---|---|
| SMS | sms | Sends OTP via SMS. User enters code. |
| FlashCall | flashcall | Missed call — caller ID is the OTP. Auto-intercepted on Android; manual entry on iOS/JS. |
| Phone Call | callout | PSTN call dictates an OTP code. User enters the code into the app (same flow as SMS). |
| Data | seamless | Carrier-level verification via mobile data. No user interaction. Requires account manager to enable. |
whatsapp | Sends OTP via WhatsApp message. User enters code. |
{ "type": "number", "endpoint": "+E164_NUMBER" }PENDING | SUCCESSFUL | FAIL | DENIED | ABORTED | ERRORInvalid code, Expired, Fraud, Blocked, Denied by callback. Full list in the API Reference.All endpoints documented in the Verification API Reference.
POST /verification/v1/verifications
Set method to sms, flashcall, callout, seamless, or whatsapp. Optional fields:
reference — unique tracking string, passed to all eventscustom — arbitrary text (max 4096 chars), passed to all eventsAccept-Language header — controls SMS language (default en-US)Method-specific options (backend-originated signed requests only): smsOptions, flashCallOptions, calloutOptions, whatsappOptions. See the API Reference for full schemas.
Report by identity: PUT /verification/v1/verifications/number/{endpoint}
Report by ID: PUT /verification/v1/verifications/id/{id}
Body includes method and a method-specific object with the user's input:
{ "method": "sms", "sms": { "code": "1234" } } (replace method name + key accordingly){ "method": "flashcall", "flashCall": { "cli": "+46000000000" } } — the cli is the full international caller ID from the incoming missed callBy ID: GET /verification/v1/verifications/id/{id}
By method + number: GET /verification/v1/verifications/{method}/number/{endpoint}
By reference: GET /verification/v1/verifications/reference/{reference}
Note: The by-identity endpoint requires {method} in the path — it is NOT /verifications/number/{endpoint}.
POST /verification/v1/verifications with identity + method → receive verification idPUT /verification/v1/verifications/id/{id} with the code/CLIGET /verification/v1/verifications/id/{id} → confirm SUCCESSFULIf the code expires or verification fails, you cannot re-report — start a new verification.
For production flows, configure a callback URL in the Sinch Dashboard. The API sends:
action: allow or action: deny to approve/reject.Callbacks are signed — verify signatures using Callback Signing.
smsOptions.expiry. Start a new verification if expired — you cannot re-report on a completed/expired verification.