Onramp Verification is available for Guest Checkout (Headless Onramp) integrations. Both phone number and email must be verified before creating an order. This API is an alternative to self-managed OTP verification — you do not need both approaches.
How it works
Initiate verification
Call POST /v2/onramp/verifications with the channel and the user’s phone number or email. Coinbase sends a 6-digit code and returns a
verificationId. The code is valid for 10 minutes.Submit the OTP code
Collect the code from the user and call POST /v2/onramp/verifications/{verificationId}/submit. On success the verification is marked verified and is valid for 60 days.
Create the order
Pass the returned verification IDs —
smsVerificationId for phone, emailVerificationId for email — to the Create Onramp Order API. Onramp validates the server-side verification records for both channels.Integration flow
1. Initiate verification
channel is sms or email. destination is the phone number (E.164) or email address to send the code to.
Response:
verificationId and prompt the user to enter the code before otpExpiresAt.
2. Submit the OTP code
verificationId is valid for 60 days and must be re-verified afterward.
3. Create the order
After verifying both channels, pass the verification IDs when creating an order. UsesmsVerificationId for the phone verification and emailVerificationId for the email verification.
Sandbox testing
You can exercise the full verification flow in sandbox without being on the allowlist, so you can integrate before production access is granted. Sandbox requests never send a real SMS or email and never touch a real user record.Sandbox values
| Input | Sandbox value |
|---|---|
SMS destination | Any number prefixed with +1000 (e.g. +10005550100) |
Email destination | Any address ending in @sandbox.test (e.g. tester@sandbox.test) |
otpCode (on submit) | 000000 |
Sandbox walkthrough
1. Initiate with a sandbox phone number:verificationId (recognizable by the onramp_verification_00000000- prefix):
000000):
000000 returns an error:
Error reference
| HTTP | Cause | Resolution |
|---|---|---|
| 400 | Invalid channel, destination, or OTP code | Check errorMessage and the request fields. |
| 401 | Missing or invalid API key, or app not allowlisted | Verify your API key. Contact the Onramp team to be allowlisted. |
| 404 | Verification ID not found (submit) | Ensure you are using the verificationId returned by initiate. |
| 429 | Rate limit exceeded | Back off and retry with exponential backoff. |
POST /v2/onramp/verifications
Full API reference for initiating a verification.
POST /v2/onramp/verifications/\{verificationId\}/submit
Full API reference for submitting an OTP code.