OTP SMS (One-time PIN) workflow and statuses

SMS OTP, also called "one-time pin" or "one-time password", is a reliable way to verify the user's phone number. There are a few ways that SMS OTP API can be used:

  • Verification of the phone number: In these kind of services, users can provide their phone number and an SMS OTP to verify their identity
  • Two-factor authentication: Along with the username and password, the SMS OTP can be a strong indicator that the account belongs to the person who got the SMS OTP
  • Restoring an account: If a user loses access to their account, they should be able to get it back. Common account recovery techniques include sending an email or SMS OTP to their registered email or phone number
  • Payment verification: For security reasons, some banks or credit card companies ask the person making the payment for more proof of identity.SMS OTP is usually used for this purpose

Regardless of the scenario you deploy OTP, we handle all the steps of mobile identity verification: generate a one-time password, send it to the phone via SMS and use the user's input to verify the code that was sent.

Workflow of OTP SMS

Diagram of OTP SMS usage and workflow

  1. Your user submits the form and your application sends a POST request to our OTP API
  2. The API generates a one-time PIN and sends it to the users's mobile phone
  3. The API responds to your application with the otpId
  4. The user enters the PIN in your application form
  5. Your application makes an API call with the otpId and the PIN provided by the user
  6. The API checks if the PIN provided by the user is the same as the one sent to his phone at step 2), and returns response to your application with the status of the OTP (VERIFIED, FAILED, etc.)
  7. The API sends the status of the SMS OTP verification to your webhook URL (if one was set in the OTP settings or during the API request)

Statuses of OTP SMS

Status Description
PENDING The OTP is pending validation by user
VERIFIED The OTP was validated by user
EXPIRED The validity of OTP has expired
CANCELLED The OTP was cancelled by the user
FAILED The OTP failed because too many unsuccessful attempts

Transitions between OTP statuses

The diagram below shows how the OTP statuses change from one to another.

Diagram of OTP SMS statuses and changes between them

Was this page helpful?