One-Time Password (OTP) is a single use password set up by our system to enhance security during user registration, login, and verification processes. The password typically consists of a six-digit numerical code that our system sends to the user's mobile phone as an SMS or email in order to verify their ownership of the account before granting access to change or view private information. The use of OTPs is time-limited, and once expired, they cannot be reused. OTP functions are divided into two main categories: requesting an OTP code, and verifying or checking an OTP code.
Request OTP
An OTP will be sent to the end-user's contact number or email, depending on the system configuration. There are also a few APIs which are compatible with OTP.
It is important to note that OTPs have an expiration time, which can be configured in the backend system. In the case of resending OTPs, the front-end must handle the remaining times to avoid end-users rapidly requesting OTPs multiple times, which can increase the cost of OTP pricing.
To request an OTP, it is necessary to send an email or mobile phone number, depending on the system configuration. In this case, a mobile phone number is used to Get OTP.
curl --location --request GET 'https://buzzebees-dev.azure-api.net/api/auth/otp?app_id=123456&uuid=xxxxx&contact_number=0111111111&'
--header 'Content-Type: application/x-www-form-urlencoded; charset=utf-8'
--header 'Ocp-Apim-Subscription-Key: {Subscription-Key}'
--header 'Ocp-Apim-Trace: 1 '
--header 'App-Id: {App-Id}'
--header 'Authorization: token {token}' Verifying OTP
Password confirmation or OTP verification is a process of checking whether the code entered by the user is correct. This can be verified using the API Check OTP or according to the example below.
curl --location --request POST 'https://buzzebees-dev.azure-api.net/api/auth/bzbs_authen'
--header 'Content-Type: application/x-www-form-urlencoded; charset=utf-8'
--header 'Ocp-Apim-Subscription-Key: {Subscription-Key}'
--header 'Ocp-Apim-Trace: 1 '
--header 'App-Id: {App-Id}'
--header 'Authorization: token {token}'
--form 'otp="xxxxxx"'
--form 'refcode="xxxxxx"'
--form 'contact_number="0111111111"'Once the OTP verification process is completed successfully, the next step depends on the flow within the app, such as user registration or changing phone numbers, among other possibilities.