GetOTP Documentation
Multi-Channel OTP
The Multi-Channel OTP allows you to perform multiple OTP via a combination of Email OTP, SMS OTP, or Voice OTP.
Request for Multi-Channel OTP API
To request for Multi-Channel OTP, make a POST request to our OTP endpoint. Take note that our OTP endpoint ends with a trailing slash:
https://otp.dev/api/verify/
With the following Basic HTTP verification method:
Description | Required | Data Type | Example |
---|---|---|---|
Your API Key | Yes | String | mtbi2w4hlendfpxa1igthcu5p6mzxf7k |
Your API Token | Yes | String | mpktanoshzf4c81e3bydjl76ixr9wugv |
Note
- Grab your API key and API token from this page
- You can create maximum 3 counts of API keys
- Your API call counts will be limited depending on your active subscription
With the following parameters:
Name | Description | Required | Data Type | Option | Example |
---|---|---|---|---|---|
channel | Channel for delivering OTP. Can be multiple, seperated by comma | Yes | String | email,sms,voice | |
The user email address | No | String | ali@getotp.test | ||
phone_sms | The user mobile phone number (with country code) | No | String | +60123456789 | |
phone_voice | The user mobile phone number (with country code) | No | String | +60123456789 | |
success_redirect_url | Where to redirect a user after OTP success | Yes | URL | https://mysite.test/payments/qHgZiJQ8YF/otp-complete/ | |
fail_redirect_url | Where to redirect a user after OTP failed | Yes | URL | https://mysite.test/payments/qHgZiJQ8YF/otp-fail/ | |
callback_url | Your site callback URL when OTP success | No | URL | https://mysite.test/payments/otp-callback/ | |
metadata | Additional info that you want to pass. | No | String For JSON object, convert into JSON string. |
{\"order_id\":\"xfdu48sfdjsdf\", \"agent_id\":2258}
|
|
captcha | Recaptcha feature at OTP form. Enabled by default. | No | String | true / false | false |
hide | Obfuscate email / phone_sms / phone_voice value. Disabled by default. | No | String | true / false | true |
lang | Change the OTP UI language (Pro Plan only feature). | No | String | en / ja / ko / es / fr | ja |
Note
Notes on the channel parameter:
-
You can mix and match between available channels. For example Multi OTP with email and voice channel
email,voice
Notes on the email, phone_sms, and phone_voice parameter:
- Since the parameter is optional, if omitted the OTP form will have a blank field by default
- If the parameter is present, the OTP form will automatically prefill the field with the provided value
- For phone_sms and phone_voice, you must provide a phone number with country code, and start with plus (+) symbol as per example
Notes on the captcha parameter:
- ReCaptcha is enabled by default. Please read our Privacy Policy for more information on reCaptcha.
Examples
Below is an example request using cURL:
curl -L -X POST 'http://localhost:8090/api/' \
-u 'mTbI2W4hleNdFPxA1iGtHcu5p6MZXf7K:mpktanoshzf4c81e3bydjl76ixr9wugv' \
-F 'channel="email,sms,voice"' \
-F 'email="ali@getotp.test"' \
-F 'phone_sms="+60123456789"' \
-F 'phone_voice="+60123456789"' \
-F 'callback_url="https://mysite.com/payments/otp-callback/"' \
-F 'success_redirect_url="https://mysite.com/payments/qHgZiJQ8YF/otp-complete/"' \
-F 'fail_redirect_url="https://mysite.com/payments/qHgZiJQ8YF/otp-fail/"' \
-F 'metadata="{\"order_id\":\"xfdu48sfdjsdf\", \"agent_id\":2258}"' \
-F 'captcha="true"' \
-F 'hide="true"' \
-F 'lang="ja"'
The response would be a JSON structure, returned with HTTP 200 Code
status code:
{
"otp_id": "3zphnqslxc0n96utnjxz",
"link": "https://getotp.com/authenticate/3YOikMm9TP/multi/",
"otp_secret": "etloxfhrg11zkebcpqks"
}
Response data details:
Name | Description | Data Type | Example |
---|---|---|---|
otp_id | The unique OTP ID for this request | String | 3zphnqslxc0n96utnjxz |
link | URL to redirect your user to fill OTP code | String | https://getotp.com/authenticate/3YOikMm9TP/multi/ |
otp_secret | The unique OTP secret for this request | String | etloxfhrg11zkebcpqks |
If there is an error with the API call, please refer to this table for details:
Error Code | Description | HTTP Code | Response |
---|---|---|---|
N/A | Invalid API Key / API Token | 403 |
|
INV-01 | Invalid channel specified | 400 |
|
INV-02 | Invalid channel | 400 |
|
INV-03 | Email specified but appropriate channel not chosen | 400 |
|
INV-04 | Phone number specified but appropriate channel not chosen | 400 |
|
INV-05 | Invalid language | 400 |
|
INV-06 | Invalid embed mode | 400 |
|
INV-07 | Callback URL doesn't match API user domain | 400 |
|
INV-08 | Success URL doesn't match API user domain | 400 |
|
INV-09 | Fail URL doesn't match API user domain | 400 |
|
SUB-01 | API request quota depleted | 400 |
|
SUB-02 | Channel quota exceeded for current plan | 400 |
|
SUB-03 | Subscription expired | 400 |
|
SUB-04 | Channel not supported | 400 |
|
SUB-05 | Invalid lang for plan subscribed | 400 |
|
OTP form
You need to redirect a user to the link
included in the response.
https://getotp.com/authenticate/3YOikMm9TP/multi/
The user needs to complete each OTP form to proceed.
OTP Callback
Every time the user completes the OTP process for a specific channel, a POST request to the callback_url
will be made.
For example, if you are using multi-channel email, SMS and voice, 3 callbacks will be made to the callback_url
.
https://mysite.test/payments/otp-callback/
Note
Please refer to the link below for the details of each channel callback.
Success Redirect
Upon successful OTP, our server will redirect your user to the URL that was defined in success_redirect_url
. This is useful to show success confirmation to the user.
https://mysite.test/payments/qHgZiJQ8YF/otp-complete/?otp_id=m1zBsh2L0c
Note that we include the otp_id
in the redirect URL for your convenience. You can use the value to update your application data, but we suggest performing it during the OTP callback.
Failed Redirect
Upon failed OTP, our server will redirect your user to the URL that was defined in fail_redirect_url
. This is useful to show fail confirmation to the user.
https://mysite.test/payments/qHgZiJQ8YF/otp-fail/?otp_id=m1zBsh2L0c
Note that we include the otp_id
in the redirect URL for your convenience. You can use the value to update your application data, but we suggest performing it during the OTP callback.
OTP Flow Summary
To summarize the explanation above here is the OTP flow diagram