OTP System

curl -X POST https://your-site.netlify.app/api/v1/otp \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"phone": "+905551234567", "purpose": "verification"}'

// Response:
{
  "success": true,
  "otpId": "uuid-of-otp-record"
}

curl -X POST https://your-site.netlify.app/api/v1/otp-verify \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"otp_id": "uuid-from-step-1", "otp": "123456"}'

// Response (valid):
{ "valid": true }

// Response (invalid):
{ "valid": false, "reason": "OTP expired" }

<?php
// WHMCS Hook: Send OTP on client login
add_hook('ClientLogin', 1, function($vars) {
  $phone  = $vars['client']['phonenumber'];
  $apiKey = 'YOUR_WABEK_API_KEY';

  $ch = curl_init('https://your-site.netlify.app/api/v1/otp');
  curl_setopt_array($ch, [
    CURLOPT_POST       => 1,
    CURLOPT_POSTFIELDS => json_encode(['phone' => $phone, 'purpose' => 'login']),
    CURLOPT_HTTPHEADER => ['Content-Type: application/json', 'X-API-Key: '.$apiKey],
    CURLOPT_RETURNTRANSFER => true,
  ]);
  $res = json_decode(curl_exec($ch), true);
  curl_close($ch);

  // Save OTP ID to verify later
  $_SESSION['wabek_otp_id'] = $res['otpId'] ?? '';
});

// WHMCS Hook: Send OTP on invoice creation
add_hook('InvoiceCreated', 1, function($vars) {
  // Notify client via WHMCS webhook (handled automatically)
  $apiKey  = 'YOUR_WABEK_API_KEY';
  $payload = [
    'action'    => 'InvoiceCreated',
    'invoiceid' => $vars['invoiceid'],
    'userid'    => $vars['userid'],
  ];
  $ch = curl_init('https://your-site.netlify.app/api/v1/whmcs-webhook');
  curl_setopt_array($ch, [
    CURLOPT_POST       => 1,
    CURLOPT_POSTFIELDS => json_encode($payload),
    CURLOPT_HTTPHEADER => ['Content-Type: application/json', 'X-API-Key: '.$apiKey],
    CURLOPT_RETURNTRANSFER => true,
  ]);
  curl_exec($ch);
  curl_close($ch);
});