Features How It Works Use Cases Security Integration Get API Key →
Live & Ready — Powered by SendiGoPro

Enterprise-Grade SMS Verification.
Two API Calls.

BarbaVerify is a plug-and-play OTP service that handles the entire SMS verification flow — code generation, delivery, hashing, and validation — in two simple HTTP requests. No SDK, no database changes required.

Get API Key View Documentation
2
API calls needed
0
DB changes required
5+
Balkan countries covered
barbaverify-demo.sh
# ── STEP 1: Send OTP ────────────────────── POST /verify/send curl -X POST https://barbaverify.barbasolution.com/api/verify/send \ -H "Authorization: Bearer YOUR_API_KEY" \ -d { "phone": "+38761234567" }   # ← Response { "status": "sent", "token": "v_tok_a1b2c3d4e5f6", "expires_in": 300 }
# ── STEP 2: Verify Code ─────────────────── POST /verify/check curl -X POST https://barbaverify.barbasolution.com/api/verify/check \ -H "Authorization: Bearer YOUR_API_KEY" \ -d { "token": "v_tok_a1b2c3d4e5f6", "code": "482913" }   # ← Response { "verified": true, "phone": "+38761234567", "message": "Verification successful" }   User verified. Done.
Powered by
SendiGoPro SMS Gateway

BarbaVerify runs on SendiGoPro — one of the most trusted and reliable SMS gateway platforms in the region, with proven delivery infrastructure across Bosnia & Herzegovina, Croatia, Serbia, Montenegro, and the broader Balkans region.

Simple by Design

How It Works

The entire verification flow is just three conceptual steps — and only two HTTP requests from your application.

1
Send the OTP
POST /verify/send
Your app sends the user's phone number to BarbaVerify. We generate a secure 6-digit code, store a SHA-256 hash, and deliver the SMS via SendiGoPro instantly.
2
User Enters the Code
💬
The user receives the SMS on their phone and types the 6-digit code into your interface. No action required from your backend at this point.
User-facing step
3
Validate & Get Result
POST /verify/check
Your app submits the token and the code. BarbaVerify validates, returns verified: true, and auto-deletes the token. Clean, stateless, done.
✓ verified: true
Capabilities

Everything You Need.
Nothing You Don't.

Designed for developers who value clean APIs and zero operational overhead.

2 API Calls
Full phone verification in just two simple HTTP requests. No SDK to install, no complex authentication flows, no webhook configuration required.
🔒
Zero Database Changes
No schema modifications needed on your end. We handle all OTP state, expiry, attempt tracking, and cleanup. Your database stays clean.
🌍
Regional Coverage
Full SMS delivery across Bosnia & Herzegovina, Croatia, Serbia, Montenegro, North Macedonia and beyond, with high delivery rates via SendiGoPro.
🛡️
Secure by Design
All OTP codes stored as SHA-256 hashes — never in plaintext. API keys are hashed at rest. Tokens auto-invalidate after 5 failed verification attempts.
⏱️
Configurable TTL
Set code validity from 60 seconds to 1 hour — whatever your use case demands. You define the expiry window per request.
📊
Full Audit Logs
Every verification attempt is logged with its status, timestamp, and client attribution. Full visibility for compliance and debugging.
Use Cases

Built for Every Industry

BarbaVerify is a drop-in OTP layer for any platform that needs to verify real users via SMS.

🏦
Banking & Finance
  • Account opening
  • Transaction confirmation
  • Wire transfer approval
📱
Mobile Apps
  • User registration
  • Device activation
  • Account recovery
🛒
E-commerce
  • Order confirmation
  • Checkout protection
  • Returns verification
🏥
Healthcare
  • Patient portal access
  • Appointment confirmation
  • Prescription verification
🎓
Education
  • Student enrollment
  • Exam access control
  • Certificate issuance
🏢
Enterprise
  • Employee onboarding
  • VPN access
  • Internal system 2FA
🚗
Mobility & Transport
  • Driver verification
  • Booking confirmation
  • Fleet access control
🔐
Any App Needing 2FA
  • Drop-in OTP for web apps
  • Mobile authentication
  • Any login that needs SMS
Security Architecture

Security Is Not an Afterthought

Every layer of BarbaVerify is designed with security-first principles. Here's how we protect your users and your data.

SHA-256 Hashing
OTP codes are immediately hashed with SHA-256 before storage. Even if the database were breached, plaintext codes are never exposed. API keys follow the same treatment.
Auto-Invalidation
After 5 failed verification attempts, the token is automatically invalidated and permanently deleted. Brute-force attacks against any token are mathematically infeasible.
Rate Limiting
Strict per-client rate limits enforce a maximum of 10 requests/min on the send endpoint and 30 requests/min on the check endpoint, preventing SMS flooding and abuse.
Token Auto-Deletion
Verification tokens are permanently deleted from our system immediately upon successful verification. No stale data, no lingering sensitive records.
No Plaintext Storage
OTP codes are never stored in plaintext — at any point in the lifecycle. The original code exists only in transit during SMS delivery and briefly in the user's device.
Isolated API Keys
Each client receives isolated API credentials. Verification attempts are attributed per-client. A compromised key from one client cannot access another client's data.
Security Summary
SHA-256 hashing for all sensitive data
Max 5 attempts per token
Rate limiting on all endpoints
Token deleted after verification
Zero plaintext code storage
Per-client isolated API keys
Developer First

Integrate in Minutes,
Not Days

BarbaVerify is designed to disappear into your stack. No special client library, no complex auth setup, no vendor lock-in. If your language can make an HTTP request, you're already done.

  • No SDK to install — plain HTTP requests with JSON. Works with curl, fetch, axios, Guzzle, requests, or anything else.
  • Any language — PHP, JavaScript, Python, Ruby, Go, Java, .NET, Kotlin. If it speaks HTTP, it works.
  • Single Authorization header — just pass Bearer YOUR_API_KEY. No OAuth dance, no token rotation.
  • Standard JSON in / JSON out — predictable request and response shapes. Easy to test with Postman or Insomnia in seconds.
  • No database setup needed — no migration scripts, no new tables, no ORM models. Zero impact on your existing data layer.
Request API Access
PHP cURL
Copy
// ── BarbaVerify PHP Integration Example ────── $apiKey = 'bv_live_your_key_here'; $baseUrl = 'https://barbaverify.barbasolution.com/api'; // STEP 1: Send OTP ────────────────────────── $ch = curl_init($baseUrl . '/verify/send'); curl_setopt_array($ch, [ CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ 'Authorization: Bearer ' . $apiKey, 'Content-Type: application/json', ], CURLOPT_POSTFIELDS => json_encode([ 'phone' => '+38761234567', 'ttl' => 300, // optional, seconds ]), ]); $sendResult = json_decode(curl_exec($ch), true); $token = $sendResult['token']; // store this! // STEP 2: Verify Code ─────────────────────── $ch = curl_init($baseUrl . '/verify/check'); curl_setopt_array($ch, [ CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ 'Authorization: Bearer ' . $apiKey, 'Content-Type: application/json', ], CURLOPT_POSTFIELDS => json_encode([ 'token' => $token, 'code' => $_POST['otp_code'], ]), ]); $result = json_decode(curl_exec($ch), true); if ($result['verified'] === true) { // ✓ User is verified — proceed! }
Infrastructure Partner

Built on a
Proven Foundation

BarbaVerify doesn't build its own SMS infrastructure — it leverages SendiGoPro, a battle-tested SMS platform serving thousands of businesses across the region. This means you get enterprise-grade delivery without the enterprise-grade complexity.

SendiGoPro's network has been purpose-built for the Balkans market, with direct operator relationships that deliver consistently high delivery rates even during peak load — something generic global SMS providers often can't match in this region.

99%+
Delivery rate
5+
Countries covered
<3s
Avg delivery
Visit app.sendigopro.com
SendiGoPro
The SMS backbone behind BarbaVerify
Thousands of businesses across the Balkans trust SendiGoPro for critical SMS communications — from OTP delivery to transactional alerts and marketing campaigns. Its robust infrastructure, redundant routing, and local carrier relationships make it the natural choice for a reliability-critical service like BarbaVerify.
🇧🇦 Bosnia & Herzegovina 🇭🇷 Croatia 🇷🇸 Serbia 🇲🇪 Montenegro 🇲🇰 North Macedonia + Regional
Get Started Today

Ready to Add SMS Verification
to Your App?

Get your API key and start verifying users in under 10 minutes. No lengthy onboarding, no complicated setup — just two endpoints and you're live.

Contact Us

No commitment required. Free sandbox environment available.