Check whether an OTP code is correct, unexpired, and unused using the Laravel SDK. Use this after the user submits the code they received via WhatsApp.
Parameters
| Field | Type | Required | Description |
|---|
| chatId | string | yes | WhatsApp chat ID that received the OTP. |
| code | string | yes | The OTP code entered by the user. |
Validate the code
use Hypersender\Hypersender;
$response = Hypersender::otp()->validateCode([
'chatId' => '[email protected]',
'code' => '439713',
]);
if (($response['success'] ?? false) && (($response['data']['status'] ?? '') === 'validated')) {
// proceed with login or protected action
}
Common failure reasons
- Code does not match the active OTP
- Code expired based on
expires value
- Code already used (single-use)
- No active OTP found for the
chatId
Implement rate limits on validation attempts (e.g., max 3-5 tries) to block brute-force guessing.
