EngageLab OTP API Skill
This skill enables interaction with the EngageLab OTP REST API. The OTP service handles one-time password generation, multi-channel delivery (SMS, WhatsApp, Email, Voice), verification, and fraud monitoring.
It covers six areas:
- 1. OTP Send — Platform-generated OTP code delivery
- Custom OTP Send — User-generated OTP code delivery
- OTP Verify — Validate OTP codes
- Custom Messages Send — Send custom template messages (notifications, marketing)
- Template Management — Create, list, get, and delete OTP templates
- Callback & SMPP — Webhook configuration and SMPP protocol integration
Resources
scripts/
- -
otp_client.py — Python client class (EngageLabOTP) wrapping all API endpoints: send_otp(), send_custom_otp(), verify(), send_custom_message(), and template CRUD. Handles authentication, request construction, and typed error handling. Use this as a ready-to-run helper or import it into the user's project. verify_callback.py — HMAC-SHA256 signature verifier for incoming OTP callback webhooks. Parses the X-CALLBACK-ID header and validates authenticity. Drop into any web framework (Flask, FastAPI, Django) to secure callback endpoints.
references/
- -
error-codes.md — Complete error code tables for all OTP APIs template-api.md — Full template CRUD specs with all channel configurationscallback-config.md — Webhook setup, security, and all event typessmpp-guide.md — SMPP protocol connection, messaging, and delivery reports
Authentication
All EngageLab OTP API calls use HTTP Basic Authentication.
- - Base URL: �INLINECODE12
- Header: �INLINECODE13
- Content-Type: �INLINECODE14
The user must provide their dev_key and dev_secret. Encode them as base64("dev_key:dev_secret") and set the Authorization header.
Example (using curl):
CODEBLOCK0
If the user hasn't provided credentials, ask them for their dev_key and dev_secret before generating API calls.
Quick Reference — All Endpoints
| Operation | Method | Path |
|---|
| Send OTP (platform-generated) | INLINECODE21 | INLINECODE22 |
| Send OTP (custom code) |
POST |
/v1/codes |
| Verify OTP |
POST |
/v1/verifications |
| Send custom message |
POST |
/v1/custom-messages |
| List templates |
GET |
/v1/template-configs |
| Get template details |
GET |
/v1/template-configs/:templateId |
| Create template |
POST |
/v1/template-configs |
| Delete template |
DELETE |
/v1/template-configs/:templateId |
OTP Send (Platform-Generated Code)
Use this when you want EngageLab to generate the verification code and deliver it according to the template's channel strategy (SMS, WhatsApp, Email, Voice).
Endpoint: �INLINECODE37
Request Body
CODEBLOCK1
Parameters
| Field | Type | Required | Description |
|---|
| INLINECODE38 | INLINECODE39 | Yes | Phone number (with country code, e.g., +6581234567) or email address |
| INLINECODE41 |
string | Yes | Template ID |
|
template.language |
string | No | Language:
default,
zh_CN,
zh_HK,
en,
ja,
th,
es. Defaults to
default |
|
template.params |
object | No | Custom template variable values as key-value pairs |
Notes on params
- - Preset variables like
{{brand_name}}, {{ttl}}, {{pwa_url}} are auto-filled from template settings — no need to pass them. - For custom variables in the template (e.g.,
Hi {{name}}, your code is {{code}}), pass values via params: {"name": "Bob"}. - If the template's
from_id field is preset and you pass {"from_id": "12345"}, the preset value is overridden.
Response
Success:
CODEBLOCK2�
| Field | Type | Description |
|---|
| INLINECODE63 | INLINECODE64 | Unique message ID, used for verification and tracking |
| INLINECODE65 |
string | Current delivery channel:
whatsapp,
sms,
email, or
voice |
The send_channel indicates the initial channel — if fallback is configured (e.g., WhatsApp → SMS), the final delivery channel may differ.
For error codes, read references/error-codes.md.
Custom OTP Send (User-Generated Code)
Use this when you want to generate the verification code yourself and have EngageLab deliver it. This API does not generate codes and does not require calling the Verify API afterward.
Endpoint: �INLINECODE73
Request Body
CODEBLOCK3
Parameters
| Field | Type | Required | Description |
|---|
| INLINECODE74 | INLINECODE75 | Yes | Phone number or email address |
| INLINECODE76 |
string | Yes | Your custom verification code |
|
template.id |
string | Yes | Template ID |
|
template.language |
string | No | Language (same options as OTP Send). Defaults to
default |
|
template.params |
object | No | Custom template variable values |
Response
Same format as OTP Send — returns message_id and send_channel.
OTP Verify
Validate a verification code that was sent via the OTP Send API (/v1/messages). Only applicable to platform-generated codes — not needed for Custom OTP Send.
Endpoint: �INLINECODE88
Request Body
CODEBLOCK4
Parameters
| Field | Type | Required | Description |
|---|
| INLINECODE89 | INLINECODE90 | Yes | The message_id returned by �INLINECODE92 |
| INLINECODE93 |
string | Yes | The code the user entered |
Response
Success:
CODEBLOCK5�
| Field | Type | Description |
|---|
| INLINECODE95 | INLINECODE96 | Message ID |
| INLINECODE97 |
string | The submitted code |
|
verified |
boolean |
true = valid,
false = invalid |
Important: Successfully verified codes cannot be verified again — subsequent attempts will fail. Expired codes return error 3003.
Custom Messages Send
Send custom template content (verification codes, notifications, or marketing messages) using templates created on the OTP platform.
Endpoint: �INLINECODE104
Request Body
CODEBLOCK6
Parameters
| Field | Type | Required | Description |
|---|
| INLINECODE105 | INLINECODE106� or �INLINECODE107 | Yes | Single recipient (string) or multiple (array). Phone number or email |
| INLINECODE108 |
string | Yes | Template ID |
|
template.params |
object | No | Template variable values |
|
template.params.code |
string | Conditional | Required if template type is verification code |
Notes on params
- - Preset variables (
{{brand_name}}, {{ttl}}, {{pwa_url}}) are auto-replaced from template settings. - For verification code templates, you must pass
{{code}} or an error will occur. - Custom variables need values via params, e.g.,
{"name": "Bob"} for Hi {{name}}.
Response
Same format as OTP Send — returns message_id and send_channel.
Use Case Examples
Verification code:
�CODEBLOCK7
Notification:
�CODEBLOCK8
Marketing:
�CODEBLOCK9
Template Management
OTP templates define the message content, channel strategy, and verification code settings. Templates support multi-channel delivery with fallback (e.g., WhatsApp → SMS).
For full request/response details including all channel configurations (WhatsApp, SMS, Voice, Email, PWA), read references/template-api.md.
Quick Summary
Create — �INLINECODE124
CODEBLOCK10
List all — GET /v1/template-configs (returns array of templates without detailed content)
Get details — GET /v1/template-configs/:templateId (returns full template with channel configs)
Delete — �INLINECODE127
Template Status
| Value | Status |
|---|
| 1 | Pending Review |
| 2 |
Approved |
| 3 | Rejected |
Channel Strategy
Use | to define fallback chains. Examples:
- -
"sms" — SMS only - INLINECODE130� — Try WhatsApp first, fall back to SMS
- INLINECODE131� — WhatsApp → SMS → Email
Supported channels: whatsapp, sms, voice, �INLINECODE135
Verification Code Config
| Field | Range | Description |
|---|
| INLINECODE136 | 1–7 | 1=Numeric, 2=Lowercase, 4=Uppercase. Combine: 3=Numeric+Lowercase |
| INLINECODE137 |
4–10 | Code length |
|
verify_code_ttl | 1–10 | Validity in minutes. With WhatsApp: only 1, 5, or 10 |
Callback Configuration
Configure webhook URLs to receive real-time delivery status, notification events, message responses, and system events.
For the full callback data structures, security mechanisms, and event types, read references/callback-config.md.
SMPP Integration
For TCP-based SMPP protocol integration (used in carrier-level SMS delivery), read references/smpp-guide.md.
Generating Code
When the user asks to send OTPs or manage templates, generate working code. Default to curl unless the user specifies a language. Supported patterns:
- - curl — Shell commands with proper auth header
- Python — Using
requests library - Node.js — Using
fetch or �INLINECODE144 - Java — Using �INLINECODE145
- Go — Using �INLINECODE146
Always include the authentication header and proper error handling. Use placeholder values like YOUR_DEV_KEY and YOUR_DEV_SECRET if the user hasn't provided credentials.
Python Example — Send OTP and Verify
CODEBLOCK11
EngageLab OTP API 技能
该技能支持与 EngageLab OTP REST API 进行交互。OTP 服务处理一次性密码生成、多渠道投递(短信、WhatsApp、电子邮件、语音)、验证和欺诈监控。
涵盖六个领域:
- 1. OTP 发送 — 平台生成的 OTP 码投递
- 自定义 OTP 发送 — 用户生成的 OTP 码投递
- OTP 验证 — 验证 OTP 码
- 自定义消息发送 — 发送自定义模板消息(通知、营销)
- 模板管理 — 创建、列出、获取和删除 OTP 模板
- 回调与 SMPP — Webhook 配置和 SMPP 协议集成
资源
scripts/
- - otpclient.py — Python 客户端类(EngageLabOTP),封装了所有 API 端点:sendotp()、sendcustomotp()、verify()、sendcustommessage() 以及模板 CRUD 操作。处理身份验证、请求构建和类型化错误处理。可作为即用型辅助工具或导入到用户的项目中。
- verify_callback.py — 用于传入 OTP 回调 webhook 的 HMAC-SHA256 签名验证器。解析 X-CALLBACK-ID 标头并验证真实性。可嵌入任何 Web 框架(Flask、FastAPI、Django)以保护回调端点安全。
references/
- - error-codes.md — 所有 OTP API 的完整错误码表
- template-api.md — 包含所有渠道配置的完整模板 CRUD 规范
- callback-config.md — Webhook 设置、安全性和所有事件类型
- smpp-guide.md — SMPP 协议连接、消息传递和投递报告
身份验证
所有 EngageLab OTP API 调用均使用 HTTP 基本认证。
- - 基础 URL:https://otp.api.engagelab.cc
- 标头:Authorization: Basic key:devsecret)>
- 内容类型:application/json
用户必须提供其 devkey 和 devsecret。将其编码为 base64(devkey:devsecret) 并设置 Authorization 标头。
示例(使用 curl):
bash
curl -X POST https://otp.api.engagelab.cc/v1/messages \
-H Content-Type: application/json \
-H Authorization: Basic $(echo -n YOURDEVKEY:YOURDEVSECRET | base64) \
-d { ... }
如果用户尚未提供凭据,请在生成 API 调用前询问其 devkey 和 devsecret。
快速参考 — 所有端点
| 操作 | 方法 | 路径 |
|---|
| 发送 OTP(平台生成) | POST | /v1/messages |
| 发送 OTP(自定义码) |
POST | /v1/codes |
| 验证 OTP | POST | /v1/verifications |
| 发送自定义消息 | POST | /v1/custom-messages |
| 列出模板 | GET | /v1/template-configs |
| 获取模板详情 | GET | /v1/template-configs/:templateId |
| 创建模板 | POST | /v1/template-configs |
| 删除模板 | DELETE | /v1/template-configs/:templateId |
OTP 发送(平台生成码)
当您希望 EngageLab 生成 验证码并根据模板的渠道策略(短信、WhatsApp、电子邮件、语音)投递时使用此功能。
端点:POST /v1/messages
请求体
json
{
to: +6591234567,
template: {
id: test-template-1,
language: default,
params: {
key1: value1
}
}
}
参数
| 字段 | 类型 | 必填 | 描述 |
|---|
| to | string | 是 | 电话号码(含国家代码,例如 +6581234567)或电子邮件地址 |
| template.id |
string | 是 | 模板 ID |
| template.language | string | 否 | 语言:default、zh
CN、zhHK、en、ja、th、es。默认为 default |
| template.params | object | 否 | 自定义模板变量值,键值对形式 |
关于 params 的说明
- - 预设变量(如 {{brandname}}、{{ttl}}、{{pwaurl}})会自动从模板设置中填充 — 无需传递。
- 对于模板中的自定义变量(例如 Hi {{name}}, your code is {{code}}),通过 params 传递值:{name: Bob}。
- 如果模板的 fromid 字段已预设,且您传递了 {fromid: 12345},则预设值会被覆盖。
响应
成功:
json
{
message_id: 1725407449772531712,
send_channel: sms
}
| 字段 | 类型 | 描述 |
|---|
| messageid | string | 唯一消息 ID,用于验证和跟踪 |
| sendchannel |
string | 当前投递渠道:whatsapp、sms、email 或 voice |
send_channel 表示初始渠道 — 如果配置了回退(例如 WhatsApp → SMS),最终投递渠道可能不同。
有关错误码,请阅读 references/error-codes.md。
自定义 OTP 发送(用户生成码)
当您希望 自行生成验证码 并由 EngageLab 投递时使用此功能。此 API 不生成码,之后也无需调用验证 API。
端点:POST /v1/codes
请求体
json
{
to: +6591234567,
code: 398210,
template: {
id: test-template-1,
language: default,
params: {
key1: value1
}
}
}
参数
| 字段 | 类型 | 必填 | 描述 |
|---|
| to | string | 是 | 电话号码或电子邮件地址 |
| code |
string | 是 | 您的自定义验证码 |
| template.id | string | 是 | 模板 ID |
| template.language | string | 否 | 语言(与 OTP 发送选项相同)。默认为 default |
| template.params | object | 否 | 自定义模板变量值 |
响应
与 OTP 发送格式相同 — 返回 messageid 和 sendchannel。
OTP 验证
验证通过 OTP 发送 API(/v1/messages)发送的验证码。仅适用于平台生成的码 — 自定义 OTP 发送无需此操作。
端点:POST /v1/verifications
请求体
json
{
message_id: 1725407449772531712,
verify_code: 667090
}
参数
| 字段 | 类型 | 必填 | 描述 |
|---|
| messageid | string | 是 | /v1/messages 返回的 messageid |
| verify_code |
string | 是 | 用户输入的码 |
响应
成功:
json
{
message_id: 1725407449772531712,
verify_code: 667090,
verified: true
}
| 字段 | 类型 | 描述 |
|---|
| messageid | string | 消息 ID |
| verifycode |
string | 提交的码 |
| verified | boolean | true = 有效,false = 无效 |
重要提示:成功验证的码无法再次验证 — 后续尝试将失败。过期的码返回错误 3003。
自定义消息发送
使用在 OTP 平台上创建的模板发送自定义模板内容(验证码、通知或营销消息)。
端点:POST /v1/custom-m
