Skip to main content
POST
/
v1
/
otp
/
request
Request OTP
curl --request POST \
  --url https://karibu.briq.tz/v1/otp/request \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "phone_number": "<string>",
  "app_key": "<string>"
}
'
{
  "success": true,
  "message": "<string>",
  "data": {},
  "status_code": 200
}

Authorizations

X-API-Key
string
header
required

Headers

X-API-Key
string
required

Body

application/json
phone_number
string
required

Recipient's phone number, E.164 digits-only (no '+', e.g. 255712345678)

Example:

"255712345678"

app_key
string
required

Developer app key

Example:

"devapp_123456"

sender_id
string | null

Sender ID shown to the recipient. SMS only — silently ignored on call and whatsapp. Defaults to the platform-configured OTP_DEFAULT_SENDER_ID.

Example:

"BRIQ OTP"

otp_length
integer
default:6

Length of OTP code

Example:

6

minutes_to_expire
integer
default:10

OTP expiry time in minutes

Example:

10

delivery_method
enum<string>
default:sms

Delivery channel: sms (default), call (TTS), or whatsapp (uses platform-managed briq_otp template; sender resolution is automatic).

Available options:
sms,
call,
whatsapp
Examples:

"sms"

"call"

"whatsapp"

message_template
string | null

Custom OTP message template. Must contain {code}; {expiry} is also substituted. SMS only — silently ignored on call and whatsapp. WhatsApp wording is fixed by the approved briq_otp Meta template.

Example:

"Your OTP is {code}"

callback_url
string<uri> | null

Optional HTTPS URL to receive async flake lifecycle webhooks (e.g. flake.verified) for this request. Active for this OTP's lifetime. Must not resolve to private or loopback addresses.

Example:

"https://api.example.com/briq/otp-events"

callback_secret
string | null

Optional shared secret for HMAC signing (X-Briq-Signature) on callbacks to callback_url.

Response

Successful Response

success
boolean
required
message
string
required
data
Data · object
status_code
integer
default:200