Same email, same code
For 10 minutes, retries return the existing OTP. Visitors can refresh, resend, and come back without chasing a moving target in their inbox.
Email OTP API · Disposable-email filtering · 10-minute stability
One endpoint to send a one-time code, one to verify it. Use it for login, email lists, private photos, downloadable files, generated reports, and any flow where an inbox should prove access.
For 10 minutes, retries return the existing OTP. Visitors can refresh, resend, and come back without chasing a moving target in their inbox.
Throwaway and disposable inboxes are rejected before a code is ever sent, so lists, reports, galleries, and signups keep real reachable addresses.
Low-latency code creation and verification, so the next step feels direct whether someone is opening an account, joining a list, or returning to private content.
Start with the marketing contract now; wire the implementation next. Two calls: send a code, then verify it.
curl -X POST https://api.sendotp.email/v1/otp/send \
-H "Authorization: Bearer $SENDOTP_API_KEY" \
-H "Content-Type: application/json" \
-d '{"email":"customer@example.com","purpose":"report-access"}'curl -X POST https://api.sendotp.email/v1/otp/verify \
-H "Authorization: Bearer $SENDOTP_API_KEY" \
-H "Content-Type: application/json" \
-d '{"email":"customer@example.com","code":"493021","purpose":"report-access"}'If a user clicks “resend” five times, they should see one usable code, not five confusing emails with five different answers.
Developer-first email OTP service for authentication, verification, private content, and returning users to the thing they asked for.
No. Repeated requests for the same email and purpose during the 10-minute window return the same OTP. A new code is minted after expiry.
Yes. Known disposable and throwaway domains are rejected before a code is sent, so signups, lists, reports, and private content gates land on real, reachable inboxes.
The core service will key idempotency on the normalized email address plus purpose or tenant context, so report access, gallery access, login, and account-delete challenges can be isolated.
The inbox should not be the hard part.