[ AUTHENTICATION ]

WhatsApp-native authentication for Indian apps.

One SDK for WhatsApp OTP, auto-read OTP on Android and iOS, and multi-channel routing across SMS, WhatsApp and voice. DLT-aligned, anti-fraud, sub-3s delivery.

99.4%
OTP delivery rate
<3s
avg verify latency
3×
channels, one verify ID
API in private beta · onboarding by application
[ THE STACK ]

Three primitives, one verify ID.

Drop in a single SDK and pick the experience per surface — WhatsApp OTP, auto-read SMS OTP, or smart multi-channel routing.

01 / WHATSAPP

WhatsApp OTP

The verification code is delivered to the user's WhatsApp chat instead of SMS — faster and cheaper in India, and our SDK auto-reads it on Android & iOS.

02 / AUTOFILL

Auto-read OTP

Codes arrive on SMS or WhatsApp and auto-fill the input. Android SMS Retriever, iOS one-time-code, WhatsApp message-format hint — all wired in.

03 / ROUTING

Multi-channel routing

Pick SMS, WhatsApp or voice automatically based on user reachability and cost. Smart fallback if a channel fails — one verification ID, three roads.

step 1 · your app
Sign in to Verde
step 2 · whatsapp
Your Verde login code is 4 8 1 9. Expires in 5 min.
Auto-read on Android & iOS →
step 3 · signed in
Welcome, Aanya
[ WHATSAPP OTP ]

OTP that lands in WhatsApp.

The verification code is delivered to the user’s WhatsApp inbox instead of SMS — and on Android & iOS our SDK auto-reads it, so most users never type a thing.

  • Faster and cheaper than SMS in India — and immune to SMS-pumping fraud.
  • Auto-read on Android & iOS — the code fills itself, no copy-paste.
  • Falls back to SMS automatically if WhatsApp is unreachable on the device.
  • Same QuickAuth verify flow + signed phone-verified token your backend already trusts.
  • Works on the same WABA as your bulk-messaging campaigns — no extra Meta verification.
[ AUTO-READ OTP ]

The OTP fills itself, across both platforms.

Codes arrive on SMS or WhatsApp and snap into the verification field with zero copy-paste. Wired correctly for Android and iOS, with hash-binding and app-bound tokens.

  • Android · SMS Retriever API — signed-hash OTPs auto-fill with no SMS-read permission.
  • iOS · one-time-code autofill — input hint set to UITextContentTypeOneTimeCode; codes surface above the keyboard.
  • WhatsApp · system OTP prompt — authentication-template message hint triggers Android’s OTP detection prompt natively.
  • Hash-binding — every OTP is bound to your app’s package signature so a phished code can’t be redeemed elsewhere.
  • App-bound tokens — verify-side tokens are scoped to the device that requested them.
message arrives
kirana.io
Your code is 4 8 1 9.
@kirana.io #4819
autofill prompt
Verification code
4819
From Messages · 4819
signed in
Verified as
+91 98xxx xx012
[ CHANNEL COVERAGE ]

Three roads to the same verify.

QuickAuth picks the channel automatically based on user reachability and cost. You ship one verify ID — we route SMS, WhatsApp or voice underneath.

SMS

Direct telecom routes across Jio, Airtel, Vi and BSNL. Sub-3s delivery on the principal entity, with DLT registration and TRAI-aligned headers handled by us.

WhatsApp

Authentication-category templates ride a dedicated lane — no marketing-opt-in friction, predictable approval, and the system OTP-detection prompt on Android.

Voice

Optional fallback for unreachable numbers — cold SIMs, low-network regions, accessibility cases. Same verification ID, retried over an automated call.

[ ANTI-FRAUD ]

Block the pumping before the OTP fires.

Four overlapping layers that keep artificial traffic and abuse off your verify line — built into the request step, not bolted on afterwards.

SMS-pumping protection

Heuristics on prefix, velocity and conversion ratio block traffic-pumping attempts before the OTP fires.

IP rate limiting

Per-IP, per-device and per-number quotas with graceful back-off — abusive callers throttle before legitimate users notice.

Suspicious-prefix blocking

A maintained block-list of high-risk MNC and country prefixes commonly used in artificial-traffic schemes.

Device fingerprinting

Lightweight signals on the verification request let you correlate sign-ups across sessions and flag anomalies on the verify call.

[ ONE PLATFORM · TWO PRODUCTS ]

Auth and bulk messaging, under one roof.

QuickAuth runs your login flows and your bulk WhatsApp business messaging on the same WABA, the same template pipeline and the same dashboard. Categorization, deliverability monitoring and INR billing roll up across both — instead of stitching an OTP vendor, a marketing tool and a BSP together.

[ FAQ ]

Authentication in India, answered.

Do you support one-tap "Login with WhatsApp"?+

Not yet. Today QuickAuth delivers WhatsApp OTP — a numeric verification code sent to the user's WhatsApp chat, auto-read by our SDK on Android & iOS. A one-tap tap-to-verify login flow is on the roadmap. For now, WhatsApp OTP gives you WhatsApp's deliverability with the familiar code-verify flow, plus automatic SMS/voice fallback when WhatsApp isn't reachable.

Does QuickAuth support auto-read OTP on Android and iOS?+

Yes. On Android we sign and format SMS payloads to be consumed by the Google SMS Retriever API, so the OTP fills your verification field with no SMS-read permission. On iOS we set the input hint to UITextContentTypeOneTimeCode, which prompts iOS to surface the latest code from Messages right above the keyboard. For WhatsApp, our authentication templates use the message-format hint that triggers Android's system-level OTP detection prompt. All three are configured for you — you wire the SDK once and the right autofill path is selected per platform.

How does WhatsApp OTP delivery compare to SMS OTP in India?+

WhatsApp OTP delivery uses the authentication template category on the official Meta Cloud API — it is end-to-end encrypted, internet-borne, and not routed via a telco. SMS OTP rides DLT-registered telecom routes and reaches users without internet or app installs. WhatsApp OTPs typically have higher open and read rates among users who have WhatsApp active and online; SMS has broader reach across feature phones and patchy-network regions. QuickAuth defaults to WhatsApp where the user is reachable and falls back to SMS automatically — you do not pick one channel and live with its limits.

Does my app need DLT registration to use WhatsApp OTP?+

WhatsApp itself is exempt from TRAI DLT registration — it is a Meta product, not a telecom service. However, if you use SMS as a primary channel or as a fallback under multi-channel routing, the SMS leg needs DLT. QuickAuth registers your principal entity, sender ID and OTP templates on Jio TrueConnect at no cost, usually within 24 hours of onboarding. So a WhatsApp-only setup needs no DLT; a WhatsApp-plus-SMS setup needs DLT on the SMS leg, which we handle.

How do you prevent SMS-pumping fraud?+

Four overlapping layers. (1) Suspicious-prefix scoring — we maintain a block-list of MNC and country prefixes commonly used for artificial traffic. (2) Velocity and ratio heuristics — abnormal request-to-verify ratios on a number range get throttled. (3) Per-IP and per-device quotas with graceful back-off. (4) Optional device fingerprinting at the request step so you can correlate verify-side anomalies. Customers running auth at production volumes typically see the bulk of pumping attempts blocked at the request step, before any OTP fires and any cost is incurred.

Can I use the same QuickAuth account for both authentication and bulk WhatsApp messaging?+

Yes — that is the point. QuickAuth runs auth (WhatsApp OTP, SMS OTP, multi-channel routing) and bulk WhatsApp business messaging (utility, marketing) on the same WABA, the same dashboard and the same template-categorization pipeline. Customers running both products share deliverability monitoring, template approvals and INR-billing — instead of stitching an OTP vendor, a marketing tool and a WhatsApp BSP into one stack.

[ ★ ★ ★ ★ ★ ]

Ship login that Indian users prefer.

One SDK for WhatsApp & SMS OTP with auto-read and multi-channel routing — wired to a BSP that already runs your bulk messaging. API in private beta. Apply for onboarding and we’ll provision your tenant.