phone-verif.comHow to Integrate Reverse-OTP in Your Phone Verification Flow
A comprehensive step-by-step guide to implementing Reverse-OTP verification in your mobile application, including API integration, WhatsApp detection, edge case handling, and fallback strategies for seamless user authentication.
Reverse-OTP is an innovative approach to user verification that leverages messaging apps like WhatsApp to streamline the process. Instead of sending an SMS OTP to the user, the app itself sends a pre-filled message, and the server verifies the sender. This reduces fraud risks, improves speed, and can lower costs compared to traditional SMS OTPs.
In this article, we'll walk through how to integrate reverse-OTP into your existing phone verification flow, including API integration, app detection, handling edge cases, and what to do if WhatsApp is unavailable.
Detect WhatsApp on the User's Device
Before initiating verification, your app should check if WhatsApp is installed using canOpenURL.
iOS Implementation:
First register whatsapp:// as a query scheme in your app's Info.plist under LSApplicationQueriesSchemes.
Info.plist Configuration
<key>LSApplicationQueriesSchemes</key>
<array>
<string>whatsapp</string>
</array>Android Implementation:
Use PackageManager to check if the WhatsApp package is present.
Android WhatsApp Detection
try {
PackageManager pm = getPackageManager();
pm.getPackageInfo("com.whatsapp", PackageManager.GET_ACTIVITIES);
// WhatsApp is installed
} catch (PackageManager.NameNotFoundException e) {
// WhatsApp is not installed
}Best Practice: If WhatsApp is available, proceed with reverse-OTP. If not, gracefully fall back to SMS.
Initiate Reverse-OTP
Generate a short unique session code on your backend (this can be an existing identifier, such as the user UUID). Call our start-verification-flow API with it. It will return a unique token that will be used to generate a pre-filled WhatsApp deep link.
WhatsApp Deep Link Format
https:/PHONE_NUMBER?text=VERIFY-12345The generated text will include this verification token in brackets for the backend to detect it and link it to the original session.
The user taps the link, WhatsApp opens, press send, and the user phone number is extracted from the WhatsApp metadata on the backend side.
The user receives a confirmation message directly on WhatsApp with a callback URL to come back to your service.
API Integration Example
const response = await fetch('/api/start-verification', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
session_id: userSessionId,
phone_number: userPhoneNumber
})
});
const { validation_token, whatsapp_url } = await response.json();Query the Result
Once the user re-enters the flow, your backend will query the status of the previously opened session to retrieve the phone number directly. You can save this phone number and mark the verification as successful.
Status Checking Implementation
const checkStatus = async (sessionId) => {
const response = await fetch('/api/check-verification-status', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ session_id: sessionId })
});
const result = await response.json();
if (result.status === 'verified') {
// Save the verified phone number
saveVerifiedPhoneNumber(result.phone_number);
markVerificationComplete();
}
return result;
};Pro Tip: Implement polling to check the verification status every few seconds until completion or timeout.
Handle Edge Cases
Sometimes users open WhatsApp but don't complete the process:
- They refuse a WhatsApp permissions popup
- The app is offloaded or deleted
- The message is stuck in sending due to poor connectivity
How to handle it:
Graceful Timeout:
After a few minutes without receiving the message, prompt the user:
Retry Mechanism:
Provide a "Resend via WhatsApp" button that regenerates a link.
Fallback Options:
Always offer an alternative verification channel to avoid blocking the onboarding.
State Persistence:
If the user comes back later, keep their session alive and re-offer the verification options without forcing a restart of onboarding.
Edge Case Handling Implementation
const handleVerificationTimeout = () => {
showDialog({
title: "Verification Incomplete",
message: "It looks like your verification didn't complete. Would you like to try again or switch to SMS?",
buttons: [
{ label: "Try WhatsApp Again", action: retryWhatsAppVerification },
{ label: "Use SMS Instead", action: fallbackToSMS },
{ label: "Cancel", action: closeDialog }
]
});
};
// Set timeout for 3 minutes
setTimeout(handleVerificationTimeout, 180000);Fallback for Users Without WhatsApp
If canOpenURL (iOS) or PackageManager (Android) detects WhatsApp isn't available, automatically fall back to SMS OTP or email OTP.
Fallback Implementation
const initiateVerification = async () => {
const hasWhatsApp = await checkWhatsAppAvailability();
if (hasWhatsApp) {
// Use Reverse-OTP via WhatsApp
return initiateReverseOTP();
} else {
// Fall back to SMS OTP
return initiateSMSOTP();
}
};
const checkWhatsAppAvailability = async () => {
if (Platform.OS === 'ios') {
return await Linking.canOpenURL('whatsapp://');
} else {
// Android package check
return await isAppInstalled('com.whatsapp');
}
};User Experience Tip: Make the fallback seamless by not requiring users to make the choice themselves. Automatically use the best available method for their device.
Conclusion
Reverse-OTP makes verification faster, more secure, and often cheaper than SMS. But it's critical to design for real-world interruptions - from app permissions to message delivery failures - so that users always have a smooth way forward. A well-thought-out fallback flow ensures you maximize both security and conversion rates.