One-Time Password

The One-Time Password (OTP) integration securely generates and delivers time-sensitive codes via SMS, with optional SIM swap checks, to verify user identity and prevent fraud. Below are the steps to set up and customise the integration. For complete details, refer to the One-Time Password Quick Start Guide.

🚧

Prerequisites

• Ensure that the SMS channel is enabled in the project and that the selected gateway supports the geographic region of the recipients to avoid delivery issues.
• Confirm API credentials and whitelisted IP addresses are configured.
• Review OAuth 2.0 configuration documentation for token generation.
• To ensure successful delivery of OTP messages, always provide mobile numbers in the E.164 format (e.g., +353123456789 for Ireland).

If you are unsure if any or all of these things are true please check with [email protected]

Create a Connection

Set up the connection by navigating to Settings > Integrations > Marketplace and selecting the One-Time Password integration. Click Connect New to begin.

Configure Basic Settings & SMS Settings

Basic Settings:
Name: Enter a descriptive name for the integration, e.g., "One-Time Password".
SMS Settings:
Type: Choose between numeric or alphanumeric for the OTP format.
Length: Set the OTP length (e.g., 6 characters).
Lifetime: Define how long the OTP will remain valid (e.g., 1 minute).
Verification Tries: Specify the number of allowed verification attempts.

📘

Considerations

OTP Length: Minimum length: 4 characters.Maximum length: 10 characters.
Length exceeding this range will not be accepted.

Lifetime: The OTP validity duration must be configured in seconds, minutes, hours, or days.
Extremely short durations (e.g., under 30 seconds) may lead to delivery or verification issues due to network delays.

Verification Tries: The maximum retry attempts must be set within a reasonable limit. Allowing too many retries may increase the risk of brute-force attacks.

Configure the SMS Content

Sender Name: Enter a name that will appear as the sender of the SMS (e.g., your company name).

Message Text: Compose the message content, ensuring it includes a placeholder for the OTP {OTP_CODE}.
Maximum length: 160 characters per SMS part (standard messages) or 70 characters for Unicode (e.g., non-English characters or emojis). Messages exceeding this will be split into multiple parts and billed accordingly.

Once you have completed all configurations, click the Connect button to finalise and activate the OTP integration.

History

The History Tab provides a detailed log of OTP activities, including generation, sending, and verification statuses. It displays key information such as profile ID, mobile number, request timestamp, sent status, and any errors encountered. This tab helps track OTP usage and troubleshoot issues effectively. Use the search to quickly filter and locate specific OTP records.

Notify on error

When enabled, in case of high error frequency, such as 50 errors within an hour across multiple users, it sends an email notification to the email addresses provided until the error is resolved. You can add multiple email recipients by simply entering an email address and pressing enter, after that it will be added.

The recipients will receive an email from Xtremepush ( [email protected]) with the title: Abnormal OTP Activity Detected - Project X.
When you click on the link to view the logs, you will be required to log in to view the errors. If you need help troubleshooting, you can contact our support team on [email protected].

Actions

Deactivate: Temporarily disable the OTP integration or specific functionality without permanently removing it.
Use this option to pause OTP-related processes for troubleshooting or updates.
Delete: Permanently remove the selected OTP integration or related record.
This action is irreversible, so ensure it’s only used when the record or integration is no longer needed.