Knowledge Center
Explore our library of informations about our products and services
OTP SMS (One-time PIN) workflow and statuses
SMS OTP, also called "one-time pin" or "one-time password", is a reliable way to verify the user's phone number. There are a few ways that SMS OTP API can be used:
- Verification of the phone number: In these kind of services, users can provide their phone number and an SMS OTP to verify their identity
- Two-factor authentication: Along with the username and password, the SMS OTP can be a strong indicator that the account belongs to the person who got the SMS OTP
- Restoring an account: If a user loses access to their account, they should be able to get it back. Common account recovery techniques include sending an email or SMS OTP to their registered email or phone number
- Payment verification: For security reasons, some banks or credit card companies ask the person making the payment for more proof of identity.SMS OTP is usually used for this purpose
Regardless of the scenario you deploy OTP, we handle all the steps of mobile identity verification: generate a one-time password, send it to the phone via SMS and use the user's input to verify the code that was sent.
Workflow of OTP SMS
- Your user submits the form and your application sends a POST request to our OTP API
- The API generates a one-time PIN and sends it to the users's mobile phone
- The API responds to your application with the otpId
- The user enters the PIN in your application form
- Your application makes an API call with the otpId and the PIN provided by the user
- The API checks if the PIN provided by the user is the same as the one sent to his phone at step 2), and returns response to your application with the status of the OTP (VERIFIED, FAILED, etc.)
- The API sends the status of the SMS OTP verification to your webhook URL (if one was set in the OTP settings or during the API request)
Statuses of OTP SMS
Status | Description |
---|---|
PENDING | The OTP is pending validation by user |
VERIFIED | The OTP was validated by user |
EXPIRED | The validity of OTP has expired |
CANCELLED | The OTP was cancelled by the user |
FAILED | The OTP failed because too many unsuccessful attempts |
Transitions between OTP statuses
The diagram below shows how the OTP statuses change from one to another.
Last updated: Dec 11, 2022