Pair an Android phone
On Android you forward SMS with a free SMS-forwarder app instead of a built-in shortcut. You pair the phone once to get a device token, then point the app's webhook at the OTPBase ingest endpoint.
Pair the phone
Pairing exchanges a short code for a device token (dvt_) that the forwarder uses to push codes in.
-
Sign in and open
/devices, then click Pair new device. You get an 8-character code (characters A–Z and 2–9 only), valid for 5 minutes. -
The phone POSTs that code to the pairing endpoint (no auth):
POST https://otpbase.com/api/mobile/pair Content-Type: application/json {"code": "<8-char code>", "name": "Android"}The response includes a one-time
device_tokenlikedvt_.... Save it — you will not see it again. -
The forwarder then POSTs each incoming SMS to the ingest endpoint with that token, and OTPBase returns
202 Accepted. The code shows up on/codeswithin a few seconds.
Configure the forwarder's webhook
Install a free SMS forwarder — SMS Forwarder works well, and Tasker or MacroDroid are capable alternatives if you want more control. Point its webhook at OTPBase:
- URL:
https://otpbase.com/api/mobile/ingest - Method:
POST - Header:
Authorization: Bearer dvt_...(the token from pairing) - Body:
JSON, mapping the app's placeholders to OTPBase fields
Most forwarders expose placeholders like {sender} and {message}. Map them like this:
{"sender": "{sender}", "body": "{message}"}
Adjust the placeholder names to whatever your app uses — the keys OTPBase reads are sender and body.
Forward only the codes
You do not want every text hitting OTPBase. Most forwarders let you filter by message content with a regex. An OTP-only filter keeps the noise out:
\b\d{4,8}\b
That forwards messages containing a 4–8 digit run, which covers most verification codes. Optionally add a sender filter to skip banking and other sensitive senders so those never leave the phone.
Send a test
Trigger a code from any service, or text yourself a short numeric code. It should appear on /codes within a few seconds.
Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
401 Unauthorized |
Wrong or blank token | Re-check the header reads Bearer dvt_... with the exact token from pairing |
Nothing on /codes |
Filter too strict, or wrong URL | Loosen the OTP regex; confirm the URL is https://otpbase.com/api/mobile/ingest |
| Code not parsed | Only the number was forwarded | Map body to the full {message}, not a trimmed fragment |