OTP SMS
Last updated
Last updated
Using OTP's (One Time Passwords) for Sign-up, Sign-in, and 2FA (Two Factor Authentication) has become quite mainstream. You know how it works. You send a code to the mobile number of your end user. They enter that code in your app. You verify whether it is the correct code and let the user sign-in or sign-up or do whatever.
The whole process involves a few steps in case you wish to roll it on your own. It's not very complicated, but you still need to wrangle some code.
Random Code Generator: A small script that generates a random 'time bound one time password (OTP)'.
Send Script: To trigger an OTP SMS based on user input. (Pro Tip: The OTP SMS needs to be delivered on the 'Transactional Route')
Verify Script: When a user sends you back the OTP, you need to verify it's correctness and expiry time bound (say 5 minutes).
Database: A DB table where you store the OTP sent along with the timestamp for later verification.
Rate Limiting: So that a rouge agent does not request too many SMS's that shoot up your bill.
The SMS module in Send With SES now comes with a 'OTP SMS Template' to handle all the above for you. You edit the template to suit your requirement ...
... and then trigger the Send API ...
... followed by the Verify API.
Starting 1-Nov-2021, this feature has been enabled for all users. There are no extra charges for using the OTP SMS feature. You only pay the SMS cost that is charged directly by AWS to you.