Phone-based two-factor authentication - generate a 6-digit OTP, call the user, and read it digit by digit. XML elements used:Documentation Index
Fetch the complete documentation index at: https://docs.vobiz.ai/llms.txt
Use this file to discover all available pages before exploring further.
<Speak>, <Gather inputType=dtmf numDigits=1>, <Redirect>, <Hangup>
View on GitHub
Clone and run the full working example
Getting started
Overview
Your app callsPOST /send-otp with a phone number. The server generates a 6-digit OTP with a 5-minute TTL, triggers an outbound Vobiz call, and reads the code aloud one digit at a time with 1-second pauses. The user can press 1 to hear the code again. Your app then calls POST /verify-otp to check the code.
Call flow
Vobiz webhooks
Set/answer as the Answer URL in your Vobiz application.
| Method | Path | Description |
|---|---|---|
| POST | /answer | Reads OTP digit by digit |
| POST | /otp-choice | Handles press 1 to repeat |
| POST | /hangup | Marks OTP as delivered, cleanup |
App API
| Method | Path | Description |
|---|---|---|
| POST | /send-otp | Generate OTP + trigger outbound call |
| POST | /verify-otp | Verify OTP entered by user |
| GET | /otp-status/{phone} | Check delivery status |
Environment variables
| Variable | Required | Description |
|---|---|---|
VOBIZ_AUTH_ID | Yes | Vobiz account auth ID |
VOBIZ_AUTH_TOKEN | Yes | Vobiz account auth token |
FROM_NUMBER | Yes | Your Vobiz DID (outbound caller ID) |
HTTP_PORT | No | Server port (default: 8000) |
PUBLIC_URL | No | Production URL - skips ngrok if set |
NGROK_AUTH_TOKEN | No | ngrok auth token for local dev |