There are two processes. You can choose either,
1. OTP verification at SendOTP server
Once you call the OTP API we generate OTP and save it in the secured database for defined seconds and then send the SMS to the user. If the user does not receive the SMS, they can ask for resending.
Once you call the same API with the same mobile number, we automatically generate voice call and read OTP.
- We match the code and verify
- On success, we give a refresh token
- You take this token from the user and call refresh token, verify API from your
- server to our SendOTP server
2. OTP verification on your server
In this process, once you call the OTP API from your server, we give you OTP in response and you can save it on your server. You can use it for the verification process on your server only.
Both the processes are secure from our end, but process number 2 is dependent on your security protocols.