Getting started
Quickstart Authentication SDKs & libraries Sandbox environment Error handling
OTP & 2FA
POST Send OTP POST Verify OTP DEL Cancel OTP
Messaging
POST Send SMS POST Send WhatsApp POST Send Telegram POST Send Voice
Logs & analytics
GET List messages GET Get message GET Analytics
Webhooks
Webhook events Configure webhooks
Account
GET API keys GET Credit balance
API v2.4 — current

SysSecure API Reference

The SysSecure API is organized around REST. All requests must be made over HTTPS. The base URL for all API calls is:

Base URL
https://api.syssecure.me/v2

Quickstart

Send your first OTP in under 5 minutes. Install the SDK, grab your API key from the dashboard, and run the example below.

🐍
Python
v2.4.1
🟨
Node.js
v2.4.0
🐘
PHP
v2.3.2
💎
Ruby
v2.2.0
Java
v2.1.3
🐹
Go
v2.4.0
bash
# Install the Python SDK
pip install syssecure-sdk

# Or via npm for Node.js
npm install @syssecure/sdk
Python
import syssecure

# Initialize with your API key
client = syssecure.Client(api_key="sk_live_your_key_here")

# Send OTP via WhatsApp with SMS fallback
otp = client.otp.send(
    to="+32470123456",
    channels=["whatsapp", "sms"],
    expires_in=300
)

# Verify the code entered by the user
result = client.otp.verify(otp_id=otp.id, code="847291")
print(result.valid)  # True

Authentication

All API requests require an API key passed in the Authorization header. Keys are prefixed with sk_live_ for production or sk_test_ for sandbox.

ℹ️Never expose your API key in client-side code. Always make API calls from your server. Rotate keys immediately from the dashboard if compromised.
HTTP Header
Authorization: Bearer sk_live_your_api_key_here
Content-Type: application/json

Send OTP

Generates a secure one-time password and delivers it to the specified phone number. Supports automatic fallback across channels.

POST /v2/otp/send

Request parameters

ParameterTypeRequiredDescription
tostringRequiredPhone number in E.164 format (e.g. +32470123456)
channelsarrayRequiredOrdered list of delivery channels: whatsapp, sms, telegram, voice
expires_inintegerOptionalOTP validity in seconds (default: 300, max: 3600)
lengthintegerOptionalOTP length (default: 6, range: 4–10)
templatestringOptionalTemplate ID for the OTP message body
localestringOptionalBCP 47 locale tag for message language (e.g. en, fr, es)
metadataobjectOptionalArbitrary key-value pairs attached to the OTP for your own tracking
JSON Request
{
  "to": "+32470123456",
  "channels": ["whatsapp", "sms"],
  "expires_in": 300,
  "length": 6,
  "locale": "en",
  "metadata": {
    "user_id": "usr_abc123",
    "action": "login"
  }
}
200 OK — Success response
{
  "otp_id": "otp_01HWXYZABC123DEF456",
  "status": "sent",
  "channel": "whatsapp",
  "to": "+32470123456",
  "expires_at": "2026-04-25T15:32:00Z",
  "created_at": "2026-04-25T15:27:00Z"
}

Verify OTP

Validates a code submitted by the user against the original OTP. Codes are single-use — once verified, the OTP is invalidated.

POST /v2/otp/verify
ParameterTypeRequiredDescription
otp_idstringRequiredThe OTP ID returned by the Send OTP endpoint
codestringRequiredThe code entered by the user
200 OK — Success response
{
  "valid": true,
  "otp_id": "otp_01HWXYZABC123DEF456",
  "verified_at": "2026-04-25T15:28:14Z"
}

Send SMS

Send a standard or unicode SMS to any phone number in 195+ countries.

POST /v2/sms/send
ParameterTypeRequiredDescription
tostringRequiredRecipient phone number in E.164 format
bodystringRequiredMessage content (max 1600 characters)
fromstringOptionalSender ID (alphanumeric or phone number)
callback_urlstringOptionalWebhook URL to receive delivery status updates
scheduled_atstringOptionalISO 8601 datetime to schedule the message

Webhook Events

SysSecure sends HTTP POST requests to your configured URL whenever a message event occurs. All requests include an X-SysSecure-Signature header for verification.

Event types

EventDescription
message.sentMessage has been submitted to the carrier
message.deliveredDelivery confirmed by carrier or device
message.failedDelivery failed — includes failure reason code
message.readMessage read by recipient (WhatsApp/Telegram only)
otp.verifiedOTP successfully verified by end user
otp.expiredOTP expired before verification
contact.opted_outRecipient replied STOP or equivalent
Webhook payload example
{
  "event": "message.delivered",
  "message_id": "msg_01HWXYZ789",
  "channel": "sms",
  "to": "+32470123456",
  "status": "delivered",
  "delivered_at": "2026-04-25T15:28:02Z",
  "latency_ms": 1241
}

Error handling

SysSecure uses standard HTTP status codes. All error responses include a JSON body with a machine-readable code and human-readable message.

HTTP codeError codeDescription
400invalid_paramsMissing or malformed request parameters
401unauthorizedMissing or invalid API key
402insufficient_creditsAccount has insufficient credits
404not_foundResource not found
422invalid_phonePhone number is invalid or not reachable
429rate_limit_exceededToo many requests — back off and retry
500internal_errorUnexpected server error — retry with exponential backoff
On this page
Quickstart Authentication Send OTP Verify OTP Send SMS Webhooks Error handling
Need help?
Contact support → System status →