← Back to Skills Marketplace
rosasalberto

Didit Phone Verification

by Didit · GitHub ↗ · v1.3.0
cross-platform ✓ Security Clean
689
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install didit-phone-verification
Description
Integrate Didit Phone Verification standalone API to verify phone numbers via OTP. Use when the user wants to verify phones, send SMS or WhatsApp or Telegram...
README (SKILL.md)

Didit Phone Verification API

Overview

Two-step phone verification via one-time code:

  1. Send a verification code to a phone number
  2. Check the code the user provides

Key constraints:

  • Code expires after 5 minutes
  • Maximum 3 verification attempts per code (then must resend)
  • Maximum 2 resend requests within 24 hours
  • Rate limit: 4 sends per hour per phone number
  • Phone must be in E.164 format (e.g. +14155552671)
  • You must call Send before Check

Delivery channels: SMS (default fallback), WhatsApp, Telegram, voice call. Falls back to SMS if preferred channel unavailable.

Capabilities: Detects disposable/temporary numbers, VoIP numbers, carrier info, and duplicate numbers. Supports fraud signals for risk scoring.

API Reference: Send Code | Check Code Feature Guide: https://docs.didit.me/core-technology/phone-verification/overview

Authentication

All requests require an API key via the x-api-key header.

How to obtain: Didit Business Console → API & Webhooks → Copy API key, or via programmatic registration (see below).

x-api-key: your_api_key_here

Getting Started (No Account Yet?)

If you don't have a Didit API key, create one in 2 API calls:

  1. Register: POST https://apx.didit.me/auth/v2/programmatic/register/ with {"email": "[email protected]", "password": "MyStr0ng!Pass"}
  2. Check email for a 6-character OTP code
  3. Verify: POST https://apx.didit.me/auth/v2/programmatic/verify-email/ with {"email": "[email protected]", "code": "A3K9F2"} → response includes api_key

To add credits: GET /v3/billing/balance/ to check, POST /v3/billing/top-up/ with {"amount_in_dollars": 50} for a Stripe checkout link.

See the didit-verification-management skill for full platform management (workflows, sessions, users, billing).

Step 1: Send Phone Code

Request

POST https://verification.didit.me/v3/phone/send/

Headers

Header Value Required
x-api-key Your API key Yes
Content-Type application/json Yes

Body (JSON)

Parameter Type Required Default Constraints Description
phone_number string Yes E.164 format Phone number (e.g. +14155552671)
options.code_size integer No 6 Min: 4, Max: 8 Code length
options.locale string No Max 5 chars Locale for message. e.g. en-US
options.preferred_channel string No "whatsapp" See channels "sms", "whatsapp", "telegram", "voice"
signals.ip string No IPv4/IPv6 User's IP for fraud detection
signals.device_id string No Max 255 chars Unique device identifier
signals.device_platform string No Enum "android", "ios", "ipados", "tvos", "web"
signals.device_model string No Max 255 chars e.g. iPhone17,2
signals.os_version string No Max 64 chars e.g. 18.0.1
signals.app_version string No Max 64 chars e.g. 1.2.34
signals.user_agent string No Max 512 chars Browser user agent
vendor_data string No Your identifier for session tracking

Example

import requests

response = requests.post(
    "https://verification.didit.me/v3/phone/send/",
    headers={"x-api-key": "YOUR_API_KEY", "Content-Type": "application/json"},
    json={
        "phone_number": "+14155552671",
        "options": {"preferred_channel": "sms", "code_size": 6},
        "vendor_data": "session-abc-123",
    },
)

const response = await fetch("https://verification.didit.me/v3/phone/send/", {
  method: "POST",
  headers: { "x-api-key": "YOUR_API_KEY", "Content-Type": "application/json" },
  body: JSON.stringify({
    phone_number: "+14155552671",
    options: { preferred_channel: "sms", code_size: 6 },
  }),
});

Status Values & Handling

Status Meaning Action
"Success" Code sent Wait for user to provide code, then call Check
"Retry" Temporary issue Wait a few seconds and retry (max 2 retries)
"Undeliverable" Number cannot receive messages Inform user. Try a different number
"Blocked" Number blocked (spam) Use a different number

Error Responses

Code Meaning Action
400 Invalid request body Check phone format (E.164) and parameters
401 Invalid or missing API key Verify x-api-key header
403 Insufficient credits/permissions Check credits in Business Console
429 Rate limited (4/hour/number) Wait for cooldown period

Step 2: Check Phone Code

Must be called after a successful Send. Optionally auto-declines risky numbers.

Request

POST https://verification.didit.me/v3/phone/check/

Body (JSON)

Parameter Type Required Default Values Description
phone_number string Yes E.164 Same phone used in Step 1
code string Yes 4-8 chars The code the user received
duplicated_phone_number_action string No "NO_ACTION" "NO_ACTION" / "DECLINE" Decline if already verified by another user
disposable_number_action string No "NO_ACTION" "NO_ACTION" / "DECLINE" Decline disposable/temporary numbers
voip_number_action string No "NO_ACTION" "NO_ACTION" / "DECLINE" Decline VoIP numbers

Example

response = requests.post(
    "https://verification.didit.me/v3/phone/check/",
    headers={"x-api-key": "YOUR_API_KEY", "Content-Type": "application/json"},
    json={
        "phone_number": "+14155552671",
        "code": "123456",
        "disposable_number_action": "DECLINE",
        "voip_number_action": "DECLINE",
    },
)

Response (200 OK)

{
  "request_id": "e39cb057-...",
  "status": "Approved",
  "message": "The verification code is correct.",
  "phone": {
    "status": "Approved",
    "phone_number_prefix": "+1",
    "phone_number": "4155552671",
    "full_number": "+14155552671",
    "country_code": "US",
    "country_name": "United States",
    "carrier": {"name": "ATT", "type": "mobile"},
    "is_disposable": false,
    "is_virtual": false,
    "verification_method": "sms",
    "verification_attempts": 1,
    "verified_at": "2025-08-24T09:12:39.662232Z",
    "warnings": [],
    "lifecycle": [...]
  }
}

Status Values & Handling

Status Meaning Action
"Approved" Code correct, no policy violations Phone verified — proceed
"Failed" Code incorrect Ask user to retry (up to 3 attempts)
"Declined" Code correct but policy violation Check phone.warnings for reason
"Expired or Not Found" No pending code Resend via Step 1

Response Field Reference

phone Object

Field Type Description
status string "Approved", "Failed", "Declined"
phone_number_prefix string Country prefix (e.g. +1)
full_number string Full E.164 number
country_code string ISO 3166-1 alpha-2
carrier.name string Carrier name
carrier.type string "mobile", "landline", "voip", "unknown"
is_disposable boolean Disposable/temporary number
is_virtual boolean VoIP number
verification_method string "sms", "whatsapp", "telegram", "voice"
verification_attempts integer Check attempts made (max 3)
warnings array {risk, log_type, short_description, long_description}

Warning Tags

Tag Description Auto-Decline
VERIFICATION_CODE_ATTEMPTS_EXCEEDED Max code attempts exceeded Yes
PHONE_NUMBER_IN_BLOCKLIST Phone is in blocklist Yes
HIGH_RISK_PHONE_NUMBER Identified as high risk Yes
DISPOSABLE_NUMBER_DETECTED Temporary/disposable number Configurable
VOIP_NUMBER_DETECTED VoIP number detected Configurable
DUPLICATED_PHONE_NUMBER Already verified by another user Configurable

Common Workflows

Basic Phone Verification

1. POST /v3/phone/send/   → {"phone_number": "+14155552671"}
2. Wait for user to provide the code
3. POST /v3/phone/check/  → {"phone_number": "+14155552671", "code": "123456"}
4. If "Approved"            → phone is verified
   If "Failed"              → retry (up to 3 attempts)
   If "Expired or Not Found"→ resend (step 1)

Strict Security Verification

1. POST /v3/phone/send/   → include signals.ip, signals.device_platform, channel: "sms"
2. POST /v3/phone/check/  → set disposable_number_action + voip_number_action to "DECLINE"
3. If "Declined" → check phone.warnings, block or warn user

Utility Scripts

export DIDIT_API_KEY="your_api_key"

python scripts/verify_phone.py send +14155552671 --channel sms
python scripts/verify_phone.py check +14155552671 123456 --decline-voip
Usage Guidance
This skill appears to do what it says: it calls Didit's phone verification APIs and needs only DIDIT_API_KEY. Before installing, verify the Didit endpoints/doc links are legitimate for your organization, keep the DIDIT_API_KEY secret, and confirm any billing implications (sending SMS/WhatsApp costs credits). If you plan to run the included Python script, ensure the runtime has the 'requests' package and that your agent won't accidentally include the API key in logs or transcripts. Be cautious about populating optional fraud signals (IP, device_id, user_agent) because they contain user-sensitive metadata. If you need stronger assurance, ask the publisher for their official homepage/source repository (the registry metadata lists no homepage while SKILL.md references docs.didit.me).
Capability Analysis
Type: OpenClaw Skill Name: didit-phone-verification Version: 1.3.0 The skill bundle integrates with the Didit Phone Verification API for sending and checking OTP codes. The `SKILL.md` provides clear documentation and examples for API usage, including programmatic account registration and billing, which are part of the legitimate service functionality. The `scripts/verify_phone.py` script correctly implements the core API calls, retrieves the API key from environment variables, and makes requests only to the documented Didit API endpoints. There is no evidence of data exfiltration to unauthorized parties, malicious command execution, persistence mechanisms, prompt injection attempts against the agent, or obfuscation. All observed behaviors align with the stated purpose of phone verification.
Capability Assessment
Purpose & Capability
Name/description, required credential (DIDIT_API_KEY), endpoints (verification.didit.me, apx.didit.me), and included helper script all align with a phone verification integration. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md confines actions to Didit endpoints and describes sending optional fraud signals (ip, device_id, user_agent). These signals are optional but could include user-sensitive metadata if populated — the skill does not instruct collecting system files or unrelated secrets. The SKILL.md also documents a programmatic registration flow that requires an email and OTP; exercising that flow would involve external email handling which is outside the skill and should be done carefully.
Install Mechanism
No install spec (instruction-only) which minimizes risk. Included script depends on the Python 'requests' package but no dependency list is declared — callers must ensure runtime has 'requests' available. No downloads from untrusted URLs are present.
Credentials
Only one environment variable (DIDIT_API_KEY) is required and is appropriate for an API integration. No additional unrelated secrets or config paths are requested.
Persistence & Privilege
always:false (default) and no claims of modifying other skills or system-wide settings. The skill does not request elevated or persistent privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install didit-phone-verification
  3. After installation, invoke the skill by name or use /didit-phone-verification
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
Updated API reference URLs to docs.didit.me, added feature guide links
v1.2.0
Initial release
Metadata
Slug didit-phone-verification
Version 1.3.0
License
All-time Installs 1
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Didit Phone Verification?

Integrate Didit Phone Verification standalone API to verify phone numbers via OTP. Use when the user wants to verify phones, send SMS or WhatsApp or Telegram... It is an AI Agent Skill for Claude Code / OpenClaw, with 689 downloads so far.

How do I install Didit Phone Verification?

Run "/install didit-phone-verification" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Didit Phone Verification free?

Yes, Didit Phone Verification is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Didit Phone Verification support?

Didit Phone Verification is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Didit Phone Verification?

It is built and maintained by Didit (@rosasalberto); the current version is v1.3.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments