For the security of your application, you must make sure to send the IP address of the end user in all requests. To do this, you need to add X-Vfk-Forwarded-For header parameter in all requests.
Validation Method List
You can get verification methods and localization texts to prepare your verification screens. By sending "lang" value as a query parameter you can control the language of the localization texts in the response.
lang
Language of end user. Default value is 'en' (English). This parameter is not required.Response includes specific warning messages in cases of errors for developers to act upon.
{
"meta": {
"requestId": "REQUEST-ID",
"httpStatusCode": 200
},
"result": {
"list": [
{
"appPackage": "whatsapp",
"name": "WhatsApp",
"app": "whatsapp",
"text": "Verify via WhatsApp",
"textColour": "ffffff",
"bgColour": "1bd741",
"icon": "https://web-rest.verifykit.com/img/web/whatsapp@3x.png"
},
{
"appPackage": "telegram",
"name": "Telegram",
"app": "telegram",
"text": "Verify via Telegram",
"textColour": "ffffff",
"bgColour": "61a8de",
"icon": "https://web-rest.verifykit.com/img/web/telegram@3x.png"
},
{
"appPackage": "otp",
"name": "Sms",
"app": "otp",
"text": "Click to verify via SMS",
"textColour": "ffffff",
"bgColour": "cbcbd0",
"icon": "https://web-rest.verifykit.com/img/web/otp@3x.png"
}
],
"description": "Please tap on your preferred messaging app and send us the code appearing on the screen.",
"localizationList": [
{
"key": "validation.description",
"value": "Please tap on your preferred messaging app and send us the code appearing on the screen."
},
{
"key": "validation.chooseAppText",
"value": "Select a messaging app to verify your phone number."
},
.
.
.
],
"messages": []
}
}
// composer require verifykit/verifykit-sdk-php$vfk =newVerifyKitWeb($serverKey, $clientIp);/** @varVerifyKitEntityValidationMethodList $validationMethodList */$validationMethodList = $vfk->getValidationMethodList();/** @varVerifyKitEntityValidationMethod $validationMethod */foreach ($validationMethodList->getList()as $validationMethod) {// $validationMethod-> getName, getApp, getText, getTextColour, getBgColour, getIcon...}// if you want to handle all localizations for validation steps, use this way./** @varVerifyKitEntityLocalization $localization */foreach ($validationMethodList->getLocalizationList()as $localization){// getKey, getValue of localization.}
Depending on your selection of OTP view themes on your application detail screen in VerifyKit Panel, the response structure of the init request changes.
If you choose "Recommended Theme" in VerifyKit Panel, OTP settings will be given in the list array parameter of the response. If you choose the "Basic Theme" setting in VerifyKit Panel, OTP view settings will be given in two different parameters in the root of the response as "alternativeValidationDescription" and "alternativeValidation".
Response Examples
{
"meta": {
"requestId": "REQUEST-ID",
"httpStatusCode": 200
},
"result": {
"list": [],
"alternativeValidation": "otp",
"alternativeValidationDescription": "Don't use any of these apps?",
"description": "Please tap on your preferred messaging app and send us the code appearing on the screen.",
"localizationList": [
{
"key": "validation.description",
"value": "Please tap on your preferred messaging app and send us the code appearing on the screen."
},
{
"key": "validation.chooseAppText",
"value": "Select a messaging app to verify your phone number."
},
.
.
.
],
"messages": []
}
}
{
"meta": {
"requestId": "REQUEST-ID",
"httpStatusCode": 200
},
"result": {
"list": [
{
"appPackage": "otp",
"name": "Sms",
"app": "otp",
"text": "Click to verify via SMS",
"textColour": "ffffff",
"bgColour": "cbcbd0",
"icon": "https://web-rest.verifykit.com/img/web/otp@3x.png"
}
],
"description": "Please tap on your preferred messaging app and send us the code appearing on the screen.",
"localizationList": [
{
"key": "validation.description",
"value": "Please tap on your preferred messaging app and send us the code appearing on the screen."
},
{
"key": "validation.chooseAppText",
"value": "Select a messaging app to verify your phone number."
},
.
.
.
],
"messages": []
}
}
Start Validation (WhatsApp)
When your users choose a validation method from the screen you prepare, you can start the validation process by using the request parameters stated below.
Request ParametersappThis parameter represents the application you want to use in this verification instance. Could be “whatsapp”.
langLanguage of end user. Default value is 'en' (English). This parameter is not required.
deeplinkDetermines if the deep link parameter will be returned in the response.If you send deeplink parameter as boolean true you will receive a deeplink parameter in the response. Useful if you integrate Rest Api for mobile applications or mobile web browsers.
qrCodeDetermines if the qrCode parameter will be returned in the response. If you send qrCode parameter as boolean true, you will receive a base64 qrCode png string. By showing this qrCode to users coming from desktop browsers, you can make it easier to verify.We recommend that you do not send qrCode parameter as boolean true for requests from mobile applications or mobile browsers. You should use deeplink for these platforms."deeplink" and "qrCode" parameters cannot be boolean true at the same time. If you send both parameters as boolean true at the same time, we will only give the deeplink parameter in the response.Default value is true for deeplink, and false for qrCode. These parameters are not required.
phoneNumber If you add this parameter to request, WhatsApp will work as OTP. This parameter is not required. For example: +90_____
Response ParametersreferenceThis parameter is the code given to you in order to track the verification process on our end. You will use this string for the rest of the verification requests.
qrCodeThis parameter is the base64 encoded png string which you can use as an image to help your users open WhatsApp depending on the "app" parameter you have sent.
deeplinkThis parameter is used to open the application in which your users will verify on their mobile devices depending on the "app" parameter you have sent with the request.
$vfk =newVerifyKitWeb($serverKey, $clientIp);$validationMethod ='whatsapp';/** @varVerifyKitEntityValidationStart $result */$validationStart = $vfk->startValidation($validationMethod, $lang, $deeplink, $qrCode);// if you want to redirect your user for validation, get deeplink.echo $validationStart->getDeeplink();// if you want to view a Qr code to your user for validation, get base64 png string and set it as an image source on web browsers.echo $validationStart->getQrCode();// keep this reference code for next step.echo $validationStart->getReference();
Check Validation (WhatsApp)
With the "reference" code you received in the previous response, you can check whether the validation has been completed by the user or not.
If your user has completed the validation, you will receive a "session id" of this validation in the response.
$vfk =newVerifyKitWeb($serverKey, $clientIp);$validationMethod ='whatsapp';/** @varVerifyKitEntityValidationStart $result */$validationStart = $vfk->startValidation($validationMethod, $lang, $deeplink, $qrCode);// if you want to redirect your user for validation, get deeplink.echo $validationStart->getDeeplink();// if you want to view a Qr code to your user for validation, get base64 png string and set it as an image source on web browsers.echo $validationStart->getQrCode();// keep this reference code for next step.echo $validationStart->getReference();
Check Validation (WhatsApp OTP)
With the "reference" code you received in the previous response, you can check whether the validation has been completed by the user or not.
In WhatsApp OTP, you must add the code parameter to the check request. This parameter is required.
If your user has completed the validation, you will receive a "session id" of this validation in the response.
Firstly, prepare a screen where your user will enter their phone number and country code. While preparing this screen, you can get the list of country information such as country code and phone code by sending a request to the "/country" endpoint like the example below.
Other parameters you can send at this request:countryCode
Country code parameter for the request. We return the sent countryCode parameter at the top of the list in the response. If you want a specific country (user's country detected by ip on your side for example) to be the first response parameter, you can send countryCode with your request. Not required.
$vfk =newVerifyKitWeb($serverKey, $clientIp);$countryCode ="TR";$result = $vfk->getCountryList($countryCode);/** @varVerifyKitEntityCountry $country */foreach ($result->getCountryList()as $country){echo $country->getPhoneCode(); // phone code.echo $country->getCountryCode(); // country code echo $country->getTitle(); // country name
Send OTP Request
Then, you must post the country code and the phone number that your user entered. The response you receive includes the "reference" you will use for checking status and the validity period of this verification. During this period, a validation code will be sent to the phone number that was entered by your user. Proceed to the next step to continue verification with the user-entered code.
Other parameters you can send at this request:
For OTP verification to work best, you should send us the MCC and MNC code of the sim card in the user's device.
mcc
Mobile Country Code (MCC) of the sim card in the user's device. Default value is '999'. Not required.
mnc
Mobile Network Code (MNC) of the sim card in the user's device. Default value is '999'. Not required.
lang
Language of end user. Default value is 'en' (English). You can set the language of the sent message. This parameter is not required.
$vfk =newVerifyKitWeb($serverKey, $clientIp);$phoneNumber ='+90........'; // End user phone number.$countryCode ='TR';$mcc ='999';$mnc ='999';$lang ='en';,/** @varVerifyKitEntityOTPSend $result */$result = $vfk->sendOTP($phoneNumber, $countryCode, $mcc, $mnc, $lang);$reference = $result->getReference(); // This parameter is required for a check OTP request.
Check Validation (OTP)
With the "reference" code you received in the previous response, you can check whether the validation has been completed by the user or not.
If your user has completed the validation, you will receive a "session id" of this validation in the response which means the verification process sucessfully finished.
$vfk =newVerifyKitWeb($serverKey, $clientIp);$phoneNumber ='+90........'; // End user phone number.$countryCode ='TR';$reference ="111111"; // reference from sendOtp step.$code ="123456"; // The code to be entered by the user receiving the OTP./** @varVerifyKitEntityOtpCheck $validation */$otpCheck = $vfk->checkOtp($phoneNumber, $countryCode, $reference, $code);if ($otpCheck->getValidationStatus()) { $sessionId = $otpCheck->getSessionId(); // session id for the OTP validation result}
Last Step : Complete Validation
This is where you will get your user's credentials such as phone number et cetera. You can complete the validation by sending the "session id" parameter of the validation here. It is important to note that the domain for the post request is different from previous requests. For this last step only, you need to post the following request to https://api.verifykit.com domain in order to obtain the data of your verified user and complete validation process.