Give every user a virtual phone identity. Replace SMS OTP with secure, carrier-free authentication that works entirely over HTTPS.
SMS-based OTP was designed for a world with no internet. Cobinar Phone is designed for the internet from the ground up.
No phone carriers involved at any point.
A clean, versioned REST API with JSON responses. No SDKs required — though we're building them.
x-api-key header
# POST /v1/otp/send curl -X POST \ https://api.phone.cobinar.com/v1/otp/send \ -H "x-client-id: ph_live_client_..." \ -H "x-client-secret: ph_live_secret_..." \ -H "x-api-key: ph_live_api_..." \ -H "Content-Type: application/json" \ -d '{ "phone": "+999 482 918 102" }' # 201 Created { "data": { "requestId": "a4b8c2d1...", "phone": "+999 482 918 102", "status": "pending", "expiresAt": "2025-01-15T12:05:00Z" } }
# POST /v1/otp/verify curl -X POST \ https://api.phone.cobinar.com/v1/otp/verify \ -H "x-client-id: ph_live_client_..." \ -H "x-client-secret: ph_live_secret_..." \ -H "x-api-key: ph_live_api_..." \ -H "Content-Type: application/json" \ -d '{ "requestId": "a4b8c2d1...", "code": "847291" }' # 200 OK { "data": { "requestId": "a4b8c2d1...", "status": "verified", "phone": "+999 482 918 102", "verifiedAt": "2025-01-15T12:03:42Z" } }
# Incoming webhook — verify the signature first const crypto = require('crypto'); function verify(payload, sig, secret) { const expected = crypto .createHmac('sha256', secret) .update(JSON.stringify(payload)) .digest('hex'); return `sha256=${expected}` === sig; } app.post('/webhooks/auth', (req, res) => { const sig = req.headers['x-cobinar-signature']; if (!verify(req.body, sig, WEBHOOK_SECRET)) return res.sendStatus(401); if (req.body.event === 'otp.verified') { // Grant access, issue session token, etc. } res.sendStatus(200); });
| Feature | Cobinar Phone | SMS OTP |
|---|---|---|
| Per-message fee | ✓ None | ✗ $0.005 – $0.09 each |
| SS7 / SIM-swap risk | ✓ Zero attack surface | ✗ Inherent vulnerability |
| Delivery reliability | ✓ HTTPS (99.9% SLA) | ✗ Carrier-dependent |
| Delivery speed | ✓ <100ms | ✗ 1 – 30+ seconds |
| Works offline | ✓ App-controlled | ✗ Requires mobile signal |
| Signed webhook events | ✓ Built-in | ✗ Not available |
| Analytics dashboard | ✓ Included | ✗ Vendor-specific / extra cost |
Create a free account and send your first virtual OTP in under five minutes.