GetOTP Documentation

Multi-Channel OTP

The Multi-Channel OTP allows you to perform multiple OTP via a combination of Email OTP, SMS OTP, or Voice OTP.

Request for Multi-Channel OTP API

To request for Multi-Channel OTP, make a POST request to our OTP endpoint. Take note that our OTP endpoint ends with a trailing slash:

https://otp.dev/api/verify/

With the following Basic HTTP verification method:

Description Required Data Type Example
Your API Key Yes String mtbi2w4hlendfpxa1igthcu5p6mzxf7k
Your API Token Yes String mpktanoshzf4c81e3bydjl76ixr9wugv

Note

  • Grab your API key and API token from this page
  • You can create maximum 3 counts of API keys
  • Your API call counts will be limited depending on your active subscription

With the following parameters:

Name Description Required Data Type Option Example
channel Channel for delivering OTP. Can be multiple, seperated by comma Yes String email,sms,voice
email The user email address No String ali@getotp.test
phone_sms The user mobile phone number (with country code) No String +60123456789
phone_voice The user mobile phone number (with country code) No String +60123456789
success_redirect_url Where to redirect a user after OTP success Yes URL https://mysite.test/payments/qHgZiJQ8YF/otp-complete/
fail_redirect_url Where to redirect a user after OTP failed Yes URL https://mysite.test/payments/qHgZiJQ8YF/otp-fail/
callback_url Your site callback URL when OTP success No URL https://mysite.test/payments/otp-callback/
metadata Additional info that you want to pass. No String
For JSON object, convert into JSON string.
{\"order_id\":\"xfdu48sfdjsdf\", \"agent_id\":2258}
captcha Recaptcha feature at OTP form. Enabled by default. No String true / false false
hide Obfuscate email / phone_sms / phone_voice value. Disabled by default. No String true / false true
lang Change the OTP UI language (Pro Plan only feature). No String en / ja / ko / es / fr ja

Note

Notes on the channel parameter:

  • You can mix and match between available channels. For example Multi OTP with email and voice channel email,voice

Notes on the email, phone_sms, and phone_voice parameter:

  • Since the parameter is optional, if omitted the OTP form will have a blank field by default
  • If the parameter is present, the OTP form will automatically prefill the field with the provided value
  • For phone_sms and phone_voice, you must provide a phone number with country code, and start with plus (+) symbol as per example

Notes on the captcha parameter:

  • ReCaptcha is enabled by default. Please read our Privacy Policy for more information on reCaptcha.

Examples

Below is an example request using cURL:

curl -L -X POST 'http://localhost:8090/api/' \
-u 'mTbI2W4hleNdFPxA1iGtHcu5p6MZXf7K:mpktanoshzf4c81e3bydjl76ixr9wugv' \
-F 'channel="email,sms,voice"' \
-F 'email="ali@getotp.test"' \
-F 'phone_sms="+60123456789"' \
-F 'phone_voice="+60123456789"' \
-F 'callback_url="https://mysite.com/payments/otp-callback/"' \
-F 'success_redirect_url="https://mysite.com/payments/qHgZiJQ8YF/otp-complete/"' \
-F 'fail_redirect_url="https://mysite.com/payments/qHgZiJQ8YF/otp-fail/"' \
-F 'metadata="{\"order_id\":\"xfdu48sfdjsdf\", \"agent_id\":2258}"' \
-F 'captcha="true"' \
-F 'hide="true"' \
-F 'lang="ja"'

The response would be a JSON structure, returned with HTTP 200 Code status code:

{
  "otp_id": "3zphnqslxc0n96utnjxz",
  "link": "https://getotp.com/authenticate/3YOikMm9TP/multi/",
  "otp_secret": "etloxfhrg11zkebcpqks"
}

Response data details:

Name Description Data Type Example
otp_id The unique OTP ID for this request String 3zphnqslxc0n96utnjxz
link URL to redirect your user to fill OTP code String https://getotp.com/authenticate/3YOikMm9TP/multi/
otp_secret The unique OTP secret for this request String etloxfhrg11zkebcpqks

If there is an error with the API call, please refer to this table for details:

Error Code Description HTTP Code Response
N/A Invalid API Key / API Token 403
{
  "detail": "Verification credentials were not provided."
}
INV-01 Invalid channel specified 400
{
  "code": "INV-01",
  "message": "Invalid channel specified"
}
INV-02 Invalid channel 400
{
  "code": "INV-02",
  "message": "Invalid channel"
}
INV-03 Email specified but appropriate channel not chosen 400
{
  "code": "INV-03",
  "message": "Email specified but appropriate channel not chosen"
}
INV-04 Phone number specified but appropriate channel not chosen 400
{
  "code": "INV-04",
  "message": "Phone number specified but appropriate channel not chosen"
}
INV-05 Invalid language 400
{
  "code": "INV-05",
  "message": "Invalid language"
}
INV-06 Invalid embed mode 400
{
  "code": "INV-06",
  "message": "Invalid embed mode"
}
INV-07 Callback URL doesn't match API user domain 400
{
  "code": "INV-07",
  "message": "Callback URL doesn't match API user domain"
}
INV-08 Success URL doesn't match API user domain 400
{ 
  "code": "INV-08",
  "message": "Success URL doesn't match API user domain"
}
INV-09 Fail URL doesn't match API user domain 400
{
  "code": "INV-09",
  "message": "Fail URL doesn't match API user domain"
}
SUB-01 API request quota depleted 400
{
  "code": "SUB-01",
  "message": "Request quota exhausted for current plan"
}
SUB-02 Channel quota exceeded for current plan 400
{
  "code": "SUB-02",
  "message": "Channel quota exceeded for current plan"
}
SUB-03 Subscription expired 400
{
  "code": "SUB-03",
  "message": "Validity of subscription expired"
}
SUB-04 Channel not supported 400
{
  "code": "SUB-04",
  "message": "Invalid channel requested for current plan"
}
SUB-05 Invalid lang for plan subscribed 400
{
  "code": "SUB-05",
  "message": "Invalid lang for plan subscribed. Allowed lang:"
}

OTP form

You need to redirect a user to the link included in the response.

https://getotp.com/authenticate/3YOikMm9TP/multi/

The user needs to complete each OTP form to proceed.

Multi channels OTP form

OTP Callback

Every time the user completes the OTP process for a specific channel, a POST request to the callback_url will be made.

For example, if you are using multi-channel email, SMS and voice, 3 callbacks will be made to the callback_url.

https://mysite.test/payments/otp-callback/

Note

Please refer to the link below for the details of each channel callback.

Success Redirect

Upon successful OTP, our server will redirect your user to the URL that was defined in success_redirect_url. This is useful to show success confirmation to the user.

https://mysite.test/payments/qHgZiJQ8YF/otp-complete/?otp_id=m1zBsh2L0c

Note that we include the otp_id in the redirect URL for your convenience. You can use the value to update your application data, but we suggest performing it during the OTP callback.

Failed Redirect

Upon failed OTP, our server will redirect your user to the URL that was defined in fail_redirect_url. This is useful to show fail confirmation to the user.

https://mysite.test/payments/qHgZiJQ8YF/otp-fail/?otp_id=m1zBsh2L0c

Note that we include the otp_id in the redirect URL for your convenience. You can use the value to update your application data, but we suggest performing it during the OTP callback.

OTP Flow Summary

To summarize the explanation above here is the OTP flow diagram

GetOTP OTP flow