DNZ Digita
← Back to docs

Documentation

WhatsApp OTP API for Websites and Mobile Apps

DNZ WhatsApp OTP lets each customer link their own WhatsApp number and send OTP messages from their backend. You create an account, scan the QR code in the console, generate an API key (starts with wb_), then call POST /api/send-otp from your server. DNZ delivers the message; your application generates, stores, and verifies the OTP code.

Step 1 — Create your account

Sign in at dnzteam.online and open Console → WhatsApp OTP. Each account is independent: your API key, WhatsApp session, and usage limits belong only to your account.

Choose a plan at /pricing/whatsapp-otp. The free plan supports testing with 50 messages per day.

Step 2 — Link WhatsApp (QR)

In the WhatsApp OTP console, click Link WhatsApp and scan the QR code with the phone that will send OTP messages. Wait until the status shows connected and ready before sending production traffic.

Keep the linked phone online with a stable internet connection. If the session disconnects, queued messages will fail until you reconnect from the console.

Step 3 — Generate an API key

Open the API Keys section in the console and create a production key. The full key is shown once — copy it immediately and store it in your server environment variables.

Never put the API key in browser JavaScript, mobile app code, or public Git repositories. Only your backend should call the DNZ engine.

Step 4 — Send OTP from your backend

Generate the OTP code in your backend, store a hash with expiry and attempt limits, then send the message text through DNZ. The engine URL is https://dnzteam.online/wa-engine and the endpoint is POST /api/send-otp.

Required JSON fields: apiKey (your wb_ key), number (E.164 or digits), and message (full text including the OTP). A successful queue returns HTTP 202 with { accepted: true, jobId }.

const ENGINE = "https://dnzteam.online/wa-engine";

const res = await fetch(`${ENGINE}/api/send-otp`, {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    apiKey: process.env.DNZ_WHATSAPP_OTP_API_KEY,
    number: "+9647878785391",
    message: "Your DNZ verification code is 482910. Expires in 5 minutes."
  })
});

const data = await res.json();
// 202 → { accepted: true, jobId: "..." }
// 401 → { error: "invalid_api_key" }
// 429 → plan or rate limit reached

Step 5 — Verify the OTP in your backend

DNZ only delivers the WhatsApp message. Your backend must compare the user input against the stored hash, enforce expiry, limit attempts, and mark the record as used after success.

Use a separate purpose field per action (login, payment, recovery) so a login code cannot confirm a payment.

Best practices

Use 5-minute OTP expiry, cap resend attempts, and show a countdown timer in your UI. Never log raw OTP values or full API keys in production.

Send only transactional messages the user requested. Do not use OTP infrastructure for marketing or bulk campaigns.

FAQ

What is the engine URL?

Production engine: https://dnzteam.online/wa-engine. Set WHATSAPP_OTP_ENGINE_URL or DNZ_WHATSAPP_OTP_ENGINE_URL in your server environment.

Does the API return delivery confirmation?

The endpoint returns 202 when the message is queued. Final delivery depends on your connected WhatsApp session. Test from the console before going live.

Can I use the same account for multiple apps?

Yes. One account can have multiple API keys and one connected WhatsApp session. All sends use the linked WhatsApp number.

Related content

Support