No carriers · No SMS fees · Internet-native

Phone authentication
without the phone network

Give every user a virtual phone identity. Replace SMS OTP with secure, carrier-free authentication that works entirely over HTTPS.

+999 482 918 102
verified
+0 184 938 221
active
+999 713 054 827
verified
Why Cobinar Phone

Authentication rebuilt from scratch

SMS-based OTP was designed for a world with no internet. Cobinar Phone is designed for the internet from the ground up.

No telecom dependency
Virtual phone numbers live entirely in software. No SS7 vulnerabilities, SIM-swap attacks, or carrier outages to worry about.
Zero per-message fees
SMS costs fractions of a cent per message, but those fractions add up. Cobinar Phone has no per-OTP charges — pay for the platform, not traffic.
Four-credential security model
Client ID, Client Secret, API Key, and Webhook Secret per application. Every OTP request must present all three active credentials.
Signed webhooks
Every event — OTP created, verified, failed, expired — fires a signed webhook to your endpoint. HMAC-SHA256, retried automatically on failure.
Real-time analytics
Track OTP volume, success rates, and per-application usage in the developer console. No third-party analytics tools required.
Multi-platform ready
OTPs are delivered inside your web app today. Capacitor mobile and desktop delivery are on the roadmap — no changes to your integration needed.
How it works

Authentication in four steps

No phone carriers involved at any point.

1
Your backend sends an OTP
POST /v1/otp/send with credentials + target virtual number
2
User sees the code in-app
Delivered through your Cobinar-integrated web or mobile UI — not SMS
3
Your backend verifies
POST /v1/otp/verify — the platform checks the hashed code
4
Webhook confirms result
Signed otp.verified event POSTed to your registered endpoint
REST API

Integrate in minutes

A clean, versioned REST API with JSON responses. No SDKs required — though we're building them.

  • API key authentication via x-api-key header
  • Consistent error shapes with machine-readable codes
  • Rate limiting headers on every response
  • Cloudflare global edge — low latency everywhere
Full API reference →
Send OTP
Verify
Webhook
# POST /v1/otp/send
curl -X POST \
  https://api.phone.cobinar.com/v1/otp/send \
  -H "x-client-id: ph_live_client_..." \
  -H "x-client-secret: ph_live_secret_..." \
  -H "x-api-key: ph_live_api_..." \
  -H "Content-Type: application/json" \
  -d '{
    "phone": "+999 482 918 102"
  }'

# 201 Created
{
  "data": {
    "requestId": "a4b8c2d1...",
    "phone":     "+999 482 918 102",
    "status":    "pending",
    "expiresAt": "2025-01-15T12:05:00Z"
  }
}
# POST /v1/otp/verify
curl -X POST \
  https://api.phone.cobinar.com/v1/otp/verify \
  -H "x-client-id: ph_live_client_..." \
  -H "x-client-secret: ph_live_secret_..." \
  -H "x-api-key: ph_live_api_..." \
  -H "Content-Type: application/json" \
  -d '{
    "requestId": "a4b8c2d1...",
    "code":      "847291"
  }'

# 200 OK
{
  "data": {
    "requestId":  "a4b8c2d1...",
    "status":     "verified",
    "phone":      "+999 482 918 102",
    "verifiedAt": "2025-01-15T12:03:42Z"
  }
}
# Incoming webhook — verify the signature first
const crypto = require('crypto');

function verify(payload, sig, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(JSON.stringify(payload))
    .digest('hex');
  return `sha256=${expected}` === sig;
}

app.post('/webhooks/auth', (req, res) => {
  const sig = req.headers['x-cobinar-signature'];
  if (!verify(req.body, sig, WEBHOOK_SECRET))
    return res.sendStatus(401);

  if (req.body.event === 'otp.verified') {
    // Grant access, issue session token, etc.
  }
  res.sendStatus(200);
});
Comparison

Cobinar Phone vs SMS

Feature Cobinar Phone SMS OTP
Per-message fee None $0.005 – $0.09 each
SS7 / SIM-swap risk Zero attack surface Inherent vulnerability
Delivery reliability HTTPS (99.9% SLA) Carrier-dependent
Delivery speed <100ms 1 – 30+ seconds
Works offline App-controlled Requires mobile signal
Signed webhook events Built-in Not available
Analytics dashboard Included Vendor-specific / extra cost

Ready to ditch SMS?

Create a free account and send your first virtual OTP in under five minutes.