Nofbox API Documentation
Base URL:
https://connect.nofbox.com/api
All endpoints:
- Use
POSTmethod - Require
Content-Type: application/json - Require
X-Api-Keyheader - Require
user_idproperty in JSON body
Authentication
Every request must include your API key:
X-Api-Key: your_api_key
Example:
curl --header 'x-api-key: your_api_key'
Account Linking
Before sending OTP or notifications, each user must link their Nofbox account to your application.
This process only needs to be done once per user per app.
Without linking, your app cannot:
- Send OTP
- Verify OTP
- Send notifications
1. Link Account
Create or check connection status between your app user and Nofbox.
This endpoint serves two purposes:
- Generate linking URL if account is not linked yet
- Check current linking status
Your app should call this endpoint again after user returns from Nofbox redirect.
Endpoint
POST /link-account
Request
curl --request POST \
--url https://connect.nofbox.com/api/link-account \
--header 'content-type: application/json' \
--header 'x-api-key: rmiqccbiqmse832ozwermiqccbiakjrtt13vzd' \
--data '{
"user_id": "100",
"return_url": "https://your-app.com/nofbox-return/100"
}'
Body Parameters
| Property | Type | Required | Description |
|---|---|---|---|
| user_id | string | Yes | Your internal user ID |
| return_url | string | Yes | Redirect URL after user completes linking |
Response (Not Linked Yet)
{
"linked": false,
"url": "https://portal.nofbox.com/linking/verif-token-here"
}
Your app should redirect the user to the provided URL.
Response (Already Linked)
{
"linked": true,
"email": "7d055ac5b1588ba628851571ddcf39a3-he****@gmail.com",
"phone": "54dcb9a641309112d81709ffa1da605a-9982",
"username": "johndoe"
}
2. Unlink Account
Disconnect a user account from Nofbox.
Endpoint
POST /link-account/unlink
Request
curl --request POST \
--url https://connect.nofbox.com/api/link-account/unlink \
--header 'content-type: application/json' \
--header 'x-api-key: r7iqf2xiqm1gfy0ntyjr7iqf2xiadhb9z9tdne' \
--data '{
"user_id": "100"
}'
Body Parameters
| Property | Type | Required | Description |
|---|---|---|---|
| user_id | string | Yes | Your internal user ID |
Response
{
"success": true
}
3. Send OTP
Send an OTP message to a linked user.
Endpoint
POST /otp
Request
curl --request POST \
--url https://connect.nofbox.com/api/otp \
--header 'content-type: application/json' \
--header 'x-api-key: r7ityaiqx5t0snzxblr7ityaiasesc5mqxho' \
--data '{
"user_id": "100",
"reference": "login",
"message": "Use this OTP code to login to Your-App"
}'
Body Parameters
| Property | Type | Required | Description |
|---|---|---|---|
| user_id | string | Yes | Your internal user ID |
| reference | string | Yes | OTP identifier reference |
| message | string | Yes | OTP information |
Response
{
"success": true
}
4. Verify OTP
Verify OTP code sent to the user.
Endpoint
POST /otp/verify
Request
curl --request POST \
--url https://connect.nofbox.com/api/otp/verify \
--header 'content-type: application/json' \
--header 'x-api-key: r7ityaiqx5t0snzxblr7ityaiasesc5mqxho' \
--data '{
"user_id": "100",
"reference": "login",
"code": "030628"
}'
Body Parameters
| Property | Type | Required | Description |
|---|---|---|---|
| user_id | string | Yes | Your internal user ID |
| reference | string | Yes | OTP reference |
| code | string | Yes | OTP code from user |
Response
{
"success": true
}
5. Send Notification
Send a regular notification message to a linked user.
Endpoint
POST /notification
Request
curl --request POST \
--url https://connect.nofbox.com/api/notification \
--header 'content-type: application/json' \
--header 'x-api-key: r7ityaiqx5t0snzxblr7ityaiasesc5mqxho' \
--data '{
"user_id": "100",
"message": "Deposit $1.0 received successfuly"
}'
Body Parameters
| Property | Type | Required | Description |
|---|---|---|---|
| user_id | string | Yes | Your internal user ID |
| message | string | Yes | Notification message |
Response
{
"success": true
}
Error Response
Example error response:
{
"message": "User not linked"
}
Possible errors:
| Message | Description |
|---|---|
| Invalid API key | API key is invalid |
| User not linked | User has not linked Nofbox account |
| Invalid OTP code | OTP verification failed |
| OTP expired | OTP is no longer valid |
| Missing required field | Required parameter is missing |
Flow Overview
Initial Setup
- Your app calls
/link-account, then redirect user to the provided linking url. - User completes approval process in Nofbox.
- Nofbox redirects the user back to your
return_url. - After user returns to your app, call
/link-accountagain using the sameuser_id. - Save any information you need, e.g hashed email, hashed phone and/or username.
- Your app can now send OTP and notifications
OTP Flow
- Call
/otp - User receives OTP in Nofbox
- User enters code in your app
- Call
/otp/verify - Your app can now execute any action
Notification Flow
- Call
/notification - User receives message instantly in Nofbox
Last update: 13 Jun 2026