Email OTP API · Disposable-email filtering · 10-minute stability

The easy way to send an email code.

One endpoint to send a one-time code, one to verify it. Use it for login, email lists, private photos, downloadable files, generated reports, and any flow where an inbox should prove access.

The promise

Same email, same code

For 10 minutes, retries return the existing OTP. Visitors can refresh, resend, and come back without chasing a moving target in their inbox.

Disposable emails blocked

Throwaway and disposable inboxes are rejected before a code is ever sent, so lists, reports, galleries, and signups keep real reachable addresses.

Fast to verify

Low-latency code creation and verification, so the next step feels direct whether someone is opening an account, joining a list, or returning to private content.

Short answer: An email OTP API sends a one-time password to an email address, then verifies it before expiry. sendotp.email keeps that code stable for 10 minutes so retries are safe, and rejects disposable inboxes up front.

Call API → get OTP

Start with the marketing contract now; wire the implementation next. Two calls: send a code, then verify it.

Send the OTP

curl -X POST https://api.sendotp.email/v1/otp/send \
  -H "Authorization: Bearer $SENDOTP_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"email":"customer@example.com","purpose":"report-access"}'

Verify the code

curl -X POST https://api.sendotp.email/v1/otp/verify \
  -H "Authorization: Bearer $SENDOTP_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"email":"customer@example.com","code":"493021","purpose":"report-access"}'

No rolling bucket.

If a user clicks “resend” five times, they should see one usable code, not five confusing emails with five different answers.

Built for inbox gates that must work.

Developer-first email OTP service for authentication, verification, private content, and returning users to the thing they asked for.

  • Email list signup confirmation
  • Private photo album access
  • Customer report retrieval
  • Generated PDF or analysis portals
  • Download and file access gates
  • Lead magnet delivery
  • Event RSVP confirmation
  • One-time client portal entry
  • Passwordless login
  • Signup email verification
  • Magic-code fallback when links fail
  • High-risk action confirmation

Questions developers ask

Is the OTP rolling?

No. Repeated requests for the same email and purpose during the 10-minute window return the same OTP. A new code is minted after expiry.

Do you block disposable email addresses?

Yes. Known disposable and throwaway domains are rejected before a code is sent, so signups, lists, reports, and private content gates land on real, reachable inboxes.

What should I key idempotency on?

The core service will key idempotency on the normalized email address plus purpose or tenant context, so report access, gallery access, login, and account-delete challenges can be isolated.

The inbox should not be the hard part.

Let people prove email ownership and get back in.