Documentation
Sign inGet started

Verify overview

Bird Verify confirms that a user controls an email address or phone number: you ask Bird to send a one-time passcode, the user types it back into your app, and you ask Bird whether it matches. Two API calls — POST /v1/verify/verifications to send, POST /v1/verify/verifications/check to confirm — with no sender registration, no templates, and no code storage on your side. Codes are delivered over email and SMS today, under Authifly, Bird's verification brand, so you can verify users before you've set up any sender of your own.

The Verify app in the dashboard

In the dashboard, Verify is one of the workspace's apps. Its pages, and where each one's guide lives:
PageWhat it's for
VerificationsEvery verification your workspace created — status, recipient, channel, and timing — see Sending verifications
CountriesPer-country delivery: which channels are used, in what order, and whether a country is enabled at all — see Country configuration
ConfigureCode lifetime, attempt limits, resend cooldown, and the sender each channel uses — see Sending verifications and Senders & branding

How a verification works

You create a verification with a recipient — an email address, a phone number, or both. Bird generates a numeric passcode, stores only a hash of it, and delivers it over the recipient's channels: an email address gets the code by email, a phone number gets it by SMS, and the order and availability of phone channels follow your country configuration. The user types the code into your app, and you submit it to the check endpoint, which answers success: true or false with a reason.
A verification walks a small lifecycle: it starts pending, and ends verified (a correct code arrived in time), failed (too many wrong attempts), or expired (the window elapsed). The Verifications page shows every verification and its state; each state and reason is covered in Sending verifications.

Defaults

Out of the box, every workspace gets Bird's platform defaults. Each is adjustable — in the dashboard under Configure, or per request where noted:
SettingDefaultRange
Code6 digits, numeric4–8 digits, also settable per request
Code lifetime10 minutes1 minute to 999 minutes
Check attempts5 per verification1–10
Resend cooldown60 seconds0–3600 seconds
On top of these sit abuse guardrails you don't configure: per-recipient and per-workspace send caps and a check-rate limit, listed in Sending verifications.

What the recipient sees

Codes arrive under Authifly, Bird's verification brand, so your users get a consistent, recognizable identity even before you've registered a sender of your own:
  • Email — sent from otp@verify.authifly.com. Swap in an address on your own verified sending domain whenever you're ready.
  • SMS — the code is delivered under the Authifly sender ID, which shows on the handset where the destination country allows alphanumeric sender IDs; the message text itself is brand-neutral. Dedicated SMS senders are coming soon.
More channels are on the way; Senders & branding shows exactly what each message looks like and how to brand it.

Next steps

PageWhat it covers
Sending verificationsThe send and check calls, statuses, settings, and rate limits
Country configurationEnabling countries and setting per-country channel order and senders
Senders & brandingWhat the code messages look like and how to send from your own domain
AuthenticationAPI keys and regional hosts
API reference: create a verificationSend-endpoint schema and error details
API reference: check a codeCheck-endpoint schema and error details