> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# sms.created

> Sent when an SMS OTP needs to be delivered through your own SMS provider.

Triggered when a challenge is created for the SMS OTP authenticator.

This webhook is synchronous, so a non-2xx response fails the challenge.

Open the SMS OTP authenticator in [authenticator settings](https://portal.authsignal.com/organisations/tenants/authenticators) and set the SMS provider to **Webhook**. The URL you enter as part of provider setup is where this event is delivered.

## Payload

<ParamField path="to" type="string" required>
  The phone number the SMS should be delivered to (E.164 format).
</ParamField>

<ParamField path="code" type="string" required>
  The SMS OTP code.
</ParamField>

<ParamField path="userId" type="string" required>
  The ID of the user the challenge is for.
</ParamField>

<ParamField path="idempotencyKey" type="string" required>
  The idempotency key of the request that created the SMS code.
</ParamField>

<ParamField path="actionCode" type="string" required>
  The action code of the track request that created the SMS code.
</ParamField>

<ParamField path="locale" type="string">
  The locale of the user who requested the SMS code.

  <Info>
    Only present if the locale was captured when [tracking an
    action](/api-reference/server-api/track-action#body-locale) or set on the user via [update
    user](/api-reference/server-api/update-user#body-locale).
  </Info>
</ParamField>

<ResponseExample>
  ```json sms.created theme={null}
  {
    "version": 1,
    "id": "ffffffff-ffff-ffff-ffff-ffffffffffff",
    "source": "https://authsignal.com",
    "time": "2024-01-01T01:23:45.678Z",
    "tenantId": "dddddddd-dddd-dddd-dddd-dddddddddddd",
    "type": "sms.created",
    "data": {
      "to": "+123456789",
      "code": "987654",
      "userId": "11111111-1111-1111-1111-111111111111",
      "idempotencyKey": "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
      "actionCode": "sign-in",
      "locale": "en"
    }
  }
  ```
</ResponseExample>
