SMS verification codes are a fast and effective way to enhance your platform’s security and keep out fake or malicious profiles. They provide a quick, seamless way to verify user identities. A Google study found that SMS codes block 100% of automated bot attacks, 96% of bulk phishing attempts, and 76% of targeted attacks.

Getting started is easier than you think. In this guide, you'll see how to send your first SMS verification code in just 2 minutes using Prelude’s Verify API, helping you secure your platform and build user trust. 

The benefits of SMS verification codes

User’s security is not something you can bypass. And while there are many ways to protect your users accounts, SMS verification codes stand as one of the most popular ones. 

Accessible to everyone: SMS is widely used for 2FA, easily accessible to anyone with a phone, and doesn’t require additional apps, technology or educating users as everyone is now familiar with this process.

Stronger security and fraud prevention: SMS one-time passwords (OTPs) generate unique, time-sensitive codes that help protect accounts from unauthorized access. SMS isn’t foolproof (e.g., SIM swapping fraud), but if you opt for the right OTP service, you can easily prevent these flaws.

Instant user authentication: With high delivery and open rates, SMS OTPs enable fast authentication. For mobile apps, automatic code detection and autofill make the process even smoother.

Ease of implementation: SMS OTP integration is straightforward and can be launched in no time with minimal resources, as you’ll see below.

Scalability: SMS OTP can grow with your business, expanding to new markets without the need for new vendors or channels.

Cost-effective: SMS verification is often more affordable than alternative methods, giving you greater control over your security budget.

How to send an SMS verification code?

Prerequisites to send your first OTP

In order to send your first SMS verification code using our Verify API, here some requirements you need to complete:

1. Prelude account: Sign up for a Prelude account there.

2. API key: Generate your API Key in your Settings.

And you’re ready to go! Here’s how to start sending OTPs.

1. Sending a verification code

Prelude’s Verify API can be used with many languages and we provide SDKs for Python, Node.js, Java and Go. This article will focus on Node.js.

To verify a phone number, the first step is to trigger a message with a verification code, using the /v2/verification endpoint.

Request example: 

import Prelude from "@prelude.so/sdk";
const client = new Prelude();
async function main() {
  const verification = await client.verification.create({
    target: {
      type: "phone_number",
      value: "+30123456789",
    },
  });
  console.log(verification.id);
}
main();

Response example:

{
  "id": "vrf_01jc0t6fwwfgfsq1md24mhyztj",
  "status": "success",
  "method": "message",
  "metadata": {
    "correlation_id": "<string>"
  },
  "request_id": "<string>"
}

You can get started just like this. If you want to customize your verification process, here are some options provided by our API: 

• sender_id: To send SMS using an alphanumeric Sender ID (in countries allowing it). For security measures, its value needs to be validated by our team before going live.

• app_realm: To automatically retrieve and fill the OTP code on Android devices

• code_size: From 4 to 8 digits. This can also be specified in your Dashboard settings.

• custom_code: The custom code to use for OTP verification. This feature is only available for compatibility purposes and subject to Prelude’s approval.

• locale: A BCP-47 formatted locale string with the language the text message will be sent to. If there's no locale set, the language will be determined by the country code of the phone number.

From your dashboard, you can access more customization options:

2. Checking the code

Once the user receives the SMS verification code, they enter it into your app. To verify the OTP validity, use the /v2/verification/check endpoint.

Note: the 2 API endpoints need to be configured in order to use Prelude.

Request example:

import Prelude from "@prelude.so/sdk";
const client = new Prelude();
async function main() {
  const check = await client.verification.check({
    target: {
      type: "phone_number",
      value: "+30123456789",
    },
    code: "123456",
  });
  console.log(check.id);
}
main();

Response example:

{
  "id": "vrf_01jc0t6fwwfgfsq1md24mhyztj",
  "status": "success",
  "metadata": {
    "correlation_id": "<string>"
  },
  "request_id": "<string>"
}

And that’s pretty much it! With only 2 API endpoints, Prelude Verify is really quick and easy to integrate. 

Prelude is also globally registered and we use pre-approved templates for OTP messages, meaning you can start sending verification codes globally immediately, without having to do some paperwork or wait to be approved.

Optional configurations

We just went through the basic configuration of SMS verification codes. But if you want to use Prelude to its full potential, here are some optional (yet recommended) configurations.

Capture more fraud signals with our front-end SDKs

Prelude stands out by preventing fraud from draining your verification budget. Fraudsters exploit SMS pumping to cash in on verification codes, but our industry-leading anti-fraud algorithm stops them in their tracks. With four layers of protection and a granular approach, we help companies like BeReal and Locket block spam while ensuring real users sign up—even in high-risk regions.

For our anti-fraud system to perform at its best, it needs to retrieve some signals from your users, such as device model, application versionor OS version. To share this data with our API, you can use our Mobile SDKs (for iOS, Android and React Native) that collect over 50 signals to assess the risk score of your users.

Learn more about it here.

Open additional channels

By default, your OTPs are sent through SMS. However in some markets, it can be useful to leverage online messaging channels to reach your users. Think of WhatsApp in Brazil, Viber in Ukraine or Zalo in Vietnam.

In addition to SMS, Prelude gives you access to 4 other channels: RCS, WhatsApp, Viber and Zalo. You can enable them in your Dashboard directly.

Adding test numbers

In your Settings, you can add test phone numbers, allowing you to test the API without sending (and paying for) any message.

Chose a strategic trade-off

Strategic Trade-offs are a set of 3 options that you can use to configure the routing engine per country:

• Price: will prioritize less expensive routes at the expense of conversion rate.

• Balanced: will try to find the best compromise between cost and conversion rate (set on all countries by default).

• Conversion rate: will give priority to the route with the highest conversion rate, even if it means paying a bit more.

Whether you have an upcoming marketing campaign in a specific country and want to guarantee a high conversion rate or need to reduce your acquisition costs in a certain market, you have total control over user authentication with Prelude.

Slack Connect

Finally, you can connect with Prelude’s team directly via Slack during onboarding! Get fast, direct support for any questions or integration needs.

For more details regarding setting up OTPs with Prelude Verify, check our developer resources.