Important: Your application should really validate that the callback ask for is approved by checking the HTTP headers (it is possible to define them whenever you subscribe your webhook in the Company Center). Using the WebOTP API, these measures are as simple as 1 tap for that person, as demonstrated http://bulksmsserviceprovider44433.develop-blog.com/17003049/sms-otp-api-an-overview