The phone number provided by a new user during sign up can be verified by sending a verification code (a.k.a OTP = One Time Password) to that phone number as a SMS text message and asking the user to key in that verification code.
NOTE : Having an SMS account with positive SMS credits is a pre-requisite for OTP verification. If either SMS account is not configured or SMS credits are 0, your users will not be able to verify themselves and consequently not be able to do any transaction.
There a few rules around the OTP verification and expiration. This article lists down those to aid in troubleshooting any OTP related issue that a user could be facing.
- OTP is a 6 digit number. This is not configurable.
- During the sign up process, a request for an OTP is made. At this point an OTP is generated and sent as a SMS text message.
- The time at which the OTP was created and sent are recorded.
- Once an OTP is created, it is valid for a specific period of time (Ex : 30 minutes), beyond which user cannot use it.
- This period is configurable.
- This expiration is based on the creation time.
- An OTP verification request sent after this expiry time has passed will result in an error and the user will not be verified.
- An user can request for the OTP to be sent again (Resend OTP). There is a limit on the maximum number of re-sends for a single OTP.
- The number of re-sends is configurable.
- When an user reaches the resend limit, further requests to send an OTP will result in an error.
- This limit exists to prevent mischievous users from consuming a lot of SMS credits of the merchant.
- Once the resend limit has been reached, the user has to wait for the current OTP to expire and then request a new one.
- Until the current OTP expires, any attempts by the user to request an OTP will result in an error asking the user to wait.
Here is a flowchart depicting this flow :
