Thaaigroup Verify
Email OTP Verification
Login Get API Keys

API Reference

Thaaigroup Verify provides two endpoints: Send OTP and Verify OTP. All requests must be made from your backend using your project keys.

Base URL

https://account.thaaigroup.com

Authentication Headers

Include these headers in every request. Do not expose your client secret in frontend JavaScript.

X-Client-Id: YOUR_CLIENT_ID X-Client-Secret: YOUR_CLIENT_SECRET X-Client-Domain: yourdomain.com
X-Client-Domain must match a domain added in your project allowlist.

Send OTP

POST
POST https://account.thaaigroup.com/api/otp/send

Request Body

{ "email": "user@example.com", "purpose": "signup" }
purpose is optional but recommended (examples: signup, login, reset_password).

Success Response (200)

{ "ok": true, "message": "OTP sent", "expires_in": 300, "cooldown": 60 }

Possible Error Responses

RESEND_COOLDOWN (429)
User requested OTP too soon.
{ "ok": false, "error_code": "RESEND_COOLDOWN", "retry_after": 42, "message": "Please wait before requesting another OTP." }
QUOTA_EXCEEDED (429)
Monthly OTP limit reached.
{ "ok": false, "error_code": "QUOTA_EXCEEDED", "message": "Monthly OTP quota exceeded. Upgrade plan to continue.", "quota": 1000, "used": 1000, "reset_at": "2026-02-01T00:00:00Z" }
RATE_LIMITED (429)
Too many requests from this client/email/IP.
{ "ok": false, "error_code": "RATE_LIMITED", "message": "Too many requests. Please try again later." }
DOMAIN_NOT_ALLOWED (403)
Domain header not allowlisted.
{ "ok": false, "error_code": "DOMAIN_NOT_ALLOWED", "message": "This domain is not allowed for this project." }
INVALID_CLIENT (401)
Client ID/Secret is invalid or inactive.
{ "ok": false, "error_code": "INVALID_CLIENT", "message": "Invalid client credentials." }

Verify OTP

POST
POST https://account.thaaigroup.com/api/otp/verify

Request Body

{ "email": "user@example.com", "otp": "123456", "purpose": "signup" }

Success Response (200)

{ "ok": true, "verified": true }

Failure Response (400/422)

{ "ok": false, "error_code": "OTP_INVALID", "message": "Invalid or expired OTP" }
After verification succeeds, create the user in your system (or allow login).

cURL Examples

Send OTP:
curl -X POST "https://account.thaaigroup.com/api/otp/send" \ -H "Content-Type: application/json" \ -H "X-Client-Id: YOUR_CLIENT_ID" \ -H "X-Client-Secret: YOUR_CLIENT_SECRET" \ -H "X-Client-Domain: yourdomain.com" \ -d '{"email":"user@example.com","purpose":"signup"}'
Verify OTP:
curl -X POST "https://account.thaaigroup.com/api/otp/verify" \ -H "Content-Type: application/json" \ -H "X-Client-Id: YOUR_CLIENT_ID" \ -H "X-Client-Secret: YOUR_CLIENT_SECRET" \ -H "X-Client-Domain: yourdomain.com" \ -d '{"email":"user@example.com","otp":"123456","purpose":"signup"}'

Important Notes

  • Call APIs from backend only (do not expose secrets).
  • Use resend cooldown handling to show a timer in UI.
  • Quota and rate-limits protect your project and our service.
  • OTP emails are sent from account@thaaigroup.com.