[FastAPI] Implementing SMS Authentication for AI Service MVPs in 5 Minutes (No Paperwork)

Introduction: The Frustration of SMS Auth in the MVP Stage

Are you building an AI Service MVP using generative AI APIs? To prevent API abuse and identify unique users, implementing mobile SMS authentication is practically mandatory.

However, when you try to integrate traditional SMS API services, you immediately hit a wall:
> "Please submit your business registration and proof of telecom service."
> "You must pre-register your sender ID, which takes 3-5 business days for approval."

What if you are a solo developer on a side project without a registered business yet? Or what if you are at a hackathon and need to launch this weekend?
To solve this massive headache for developers, let's explore how to implement SMS authentication in FastAPI using EasyAuth (이지어스)—an API service that requires ZERO paperwork and can be fully integrated in just 5 minutes.

Solution Overview: FastAPI + EasyAuth

In this practical tutorial, we will use FastAPI, a high-performance Python web framework, along with EasyAuth to create just two straightforward API endpoints:

1. POST /send: Dispatches a 6-digit verification code (OTP) to the user's phone.
2. POST /verify: Verifies the code entered by the user.

Step-by-Step Implementation

1. Project Setup and Package Installation

First, install FastAPI and httpx for making asynchronous HTTP requests.

pip install fastapi uvicorn httpx pydantic

2. Basic FastAPI Skeleton

Create a main.py file and initialize the basic app settings.

from fastapi import FastAPI, HTTPException
from pydantic import BaseModel
import httpx
import os

app = FastAPI(title="AI MVP SMS Auth")

# Load your EasyAuth API key from environment variables
EASYAUTH_API_KEY = os.getenv("EASYAUTH_API_KEY", "your_test_key")
EASYAUTH_BASE_URL = "https://api.easyauth.co.kr"

3. Implementing the Send SMS API (/send)

Receive the user's phone number and call the EasyAuth API. Since EasyAuth provides auto-sender IDs (no pre-registration needed) and handles OTP generation and state management internally, you don't even need a database to store the codes!

class SendRequest(BaseModel):
    phone_number: str

@app.post("/api/auth/send")
async def send_sms(req: SendRequest):
    async with httpx.AsyncClient() as client:
        response = await client.post(
            f"{EASYAUTH_BASE_URL}/send",
            json={"phone": req.phone_number},
            headers={"Authorization": f"Bearer {EASYAUTH_API_KEY}"}
        )
        
        if response.status_code != 200:
            raise HTTPException(status_code=400, detail="Failed to send SMS.")
            
        return {"message": "Verification code sent successfully."}

4. Implementing the Verify SMS API (/verify)

Pass the phone number and the user-inputted code to EasyAuth for verification.

class VerifyRequest(BaseModel):
    phone_number: str
    code: str

@app.post("/api/auth/verify")
async def verify_sms(req: VerifyRequest):
    async with httpx.AsyncClient() as client:
        response = await client.post(
            f"{EASYAUTH_BASE_URL}/verify",
            json={"phone": req.phone_number, "code": req.code},
            headers={"Authorization": f"Bearer {EASYAUTH_API_KEY}"}
        )
        
        if response.status_code != 200:
            raise HTTPException(status_code=400, detail="Invalid or expired code.")
            
        return {"message": "Verification successful."}

Complete Working Code

Here is the fully assembled main.py. You can literally copy, paste, and run it (uvicorn main:app --reload).

# main.py
from fastapi import FastAPI, HTTPException
from pydantic import BaseModel
import httpx
import os

app = FastAPI(title="AI Service SMS Auth MVP")

EASYAUTH_API_KEY = os.getenv("EASYAUTH_API_KEY", "your_api_key_here")
EASYAUTH_BASE_URL = "https://api.easyauth.co.kr"

class SendRequest(BaseModel):
    phone_number: str

class VerifyRequest(BaseModel):
    phone_number: str
    code: str

@app.post("/api/auth/send")
async def send_sms(req: SendRequest):
    async with httpx.AsyncClient() as client:
        response = await client.post(
            f"{EASYAUTH_BASE_URL}/send",
            json={"phone": req.phone_number},
            headers={"Authorization": f"Bearer {EASYAUTH_API_KEY}"}
        )
        if response.status_code != 200:
            raise HTTPException(status_code=400, detail="Failed to send SMS")
        return {"message": "SMS sent successfully"}

@app.post("/api/auth/verify")
async def verify_sms(req: VerifyRequest):
    async with httpx.AsyncClient() as client:
        response = await client.post(
            f"{EASYAUTH_BASE_URL}/verify",
            json={"phone": req.phone_number, "code": req.code},
            headers={"Authorization": f"Bearer {EASYAUTH_API_KEY}"}
        )
        if response.status_code != 200:
            raise HTTPException(status_code=400, detail="Verification failed")
        return {"message": "Verification successful"}

Tips & Best Practices

1. Rate Limiting: Malicious users might abuse your /send endpoint, causing unexpected costs. Use a FastAPI library like slowapi to limit requests (e.g., 1 request per minute per IP).
2. Environment Variables: Never hardcode your API keys. Always use .env files or secure secret managers for production.

Conclusion

We just implemented a fully functional SMS authentication system using FastAPI with merely two endpoints. As you can see, the code is incredibly clean because you don't have to manage sessions or OTP expiry timers manually in your database.

No business registration needed, and no waiting days for sender ID approvals. Instead of paying the traditional 30-50 KRW per message, accelerate your AI MVP launch with EasyAuth, offering immediate setup in 5 minutes at a highly reasonable cost of 15-25 KRW per message.

> 💡 Tip: Sign up now to get 10 free trial messages instantly and test your code right away!