OTP API for
Web3 Wallets and dApps
Add phone-based 2FA to your Web3 wallet without forcing users through KYC. NEXO ROUTE plugs in via one HTTP call, bills in the same stablecoins your wallet already handles.
Pain points web3-wallet teams hit
Self-custody users hate KYC sign-ups
Forcing your wallet users to verify with a CPaaS that requires business KYC defeats the privacy promise. You become the regulated middleman by proxy.
Wallet activation OTPs are bursty and unpredictable
Mainnet activity spikes (airdrops, NFT mints) → 10x normal 2FA volume in minutes. CPaaS providers throttle bursts without warning. Our wallet-funded model scales linearly without ops contact.
Stablecoin treasury management
Web3 teams hold treasury in USDT/USDC. Wire-transferring fiat to fund a SMS provider creates 2-3 day onboarding lag. Top up in the same stables you already custody.
Why NEXO ROUTE fits
- On-chain stablecoin top-up — fund the wallet from your treasury multisig
- No corporate KYC, no privacy footprint compromise
- HMAC-signed webhooks for delivery-state machine in your wallet UI
- Single endpoint, one secret — fits into any backend stack
- Voice fallback when SMS is silenced on user device
Integration approach
Tie OTP to wallet-level actions (export private key, change recovery email, large transaction sign). Use the delivery webhook to update the user-facing 2FA state machine in real time.
Sample · TypeScript
// In your wallet API
import crypto from 'node:crypto';
export async function sendWalletOtp(userId: string, phone: string) {
const code = crypto.randomInt(100000, 999999).toString();
await db.otpChallenge.create({
userId,
codeHash: crypto.createHash('sha256').update(code).digest('hex'),
expiresAt: new Date(Date.now() + 5 * 60_000)
});
const res = await fetch('https://nexoroute.dev/api/v1/send-otp', {
method: 'POST',
headers: {
'Authorization': `Bearer ${process.env.NEXO_KEY}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({ phone, code })
});
return res.json();
}FAQ
Why phone 2FA on a Web3 wallet — isn't that contradictory?
Self-custody removes the bank as intermediary, but users still want recovery and account-takeover protection. Phone OTP is a pragmatic second factor that does not require centralized identity.
Do you store the wallet address or any chain data?
No. We only see phone + OTP code + delivery status. No address, no balance, no transaction context — your wallet sends us those fields and they never leave your server.
Can I use this for non-VN wallets?
Today, no — we are Vietnamese-carrier specialist. If your user base is global, route VN users through us and keep your existing provider for other geographies.
Is the API rate-limited like Infura / Alchemy?
No per-key rate limit on our side. Upstream TKC limits 1 call / 30s per unique phone — same as every SMS provider for anti-spam.
Built for web3 wallets and dapps
5 free test OTPs on signup. No card, no KYC, no vertical review.