How does SendOTP implement the verification process? Is it secure as SendOTP itself generates the code and verifies?
There are two processes. You can choose either,
1. OTP verification at SendOTP server
Once you call the OTP API we generate OTP and save it in the secured database for defined seconds and then send the SMS to the user. If the user does not receive the SMS, they can ask for resending.
Once you call the same API with the same mobile number, we automatically generate voice call and read OTP.
- When the user receives the OTP, they enter in form and submit
- We match the code and verify
- On success, we give a refresh token
- You take this token from the user and call refresh token, verify API from your server to our SendOTP server
2. OTP verification on your server
In this process, once you call the OTP API from your server, user will enter the OTP in the front end and you can save the received OTP from the front end on your server to pass the same for verification. You can use it for verification process on your server only.
Both the processes are secure from our end, but process number 2 is dependent on your security protocols.