Usecase: One time password generator for application security
Back to Articles
News SMS SMPP API Javascript IVR Security OTP

Usecase: One time password generator for application security

February 28, 2018 2 min
Aivis Olsteins

Aivis Olsteins

Recently we had a change to show advantages of our Javascript based telephony engine by implementing SMS based one time password generation system to secure a mobile app. The operator wanted to verify the user by its phone number, i. e. send a short 6-digit passcode which user would enter in the app or website to verify their identity. The concept, known as 2 factor authentication, is not new, but provides much higher level of security compared to traditional username and password systems. Many online banking systems widely use it nowadays, however, ready made, out of the box solutions are rare. Partially that is due to the fact that technical details vary from case to case, API details, localization, etc.

We saw a great opportunity here to try out or script engine. And while it was originally developed for IVR and Voice, it was not difficult to add more functions to since the platform it runs on, SAARA, already supports Voice and SMS. The steps how the process would work was following:

  1. Use RESTful API to receive request from application. The request would contain a phone number which needs to receive an OTP, and optionally a locale to use.
  2. Generate a random, 6 digit code, and reply it back via same API call.
  3. Create a message, respecting locale, and include the generated code.
  4. Send an SMS, by means of external carrier

Technically, these were the main additions we made:

1. The ability to receive and parse API requests. In this case, our API received a JSON representing a request to generate a passcode:

{
"number": "12125551212",
"language": "en"
}

2. A random number generator. Standard Javascript is perfect here, and following peace of code generates a string of 6 randomly generated digits from 0 to 9. We had to introduce some string functions we didn't have before:

var passcode = '';
i = 0;
while(i < 6) {
passcode += Math.floor(Math.random() * 9);
i = i+1;
}

3. And finally, sending result by SMS:

sendSms({
to: dest_number,
from: source_number
text : "Your application code is: " + passcode,
});

I omitted language localization part, however, the above should give an idea how Script based Telehony engine can be used not only for IVR, but also text messaging.

Share this article

Aivis Olsteins

Aivis Olsteins

An experienced telecommunications professional with expertise in network architecture, cloud communications, and emerging technologies. Passionate about helping businesses leverage modern telecom solutions to drive growth and innovation.

Related Articles

Case Study: Global Communications Company

Case Study: Global Communications Company

A leading communications company used our cloud Voice platform to send 30 million OTP calls per month to their customers, resulting in cost reduction and incrased conversion

Read Article
Bridging The Delay Gap in Conversational AI: The Backpressure Analogy

Bridging The Delay Gap in Conversational AI: The Backpressure Analogy

Conversational AI struggles with the time gap between text generation and speech synthesis. A “backpressure” mechanism, akin to network data flow control, could slow text generation to match speech synthesis speed, improving user interaction.

Read Article
How Voice AI Agents Can Automate Outbound Calls and Unlock New Opportunities for Businesses: A Deeper Dive

How Voice AI Agents Can Automate Outbound Calls and Unlock New Opportunities for Businesses: A Deeper Dive

AI voice agents transform healthcare scheduling by reducing costs, administrative tasks, and no-shows. They offer 24/7 service, multilingual support, proactive reminders, and valuable insights, improving efficiency and patient experiences.

Read Article
How to Fix Your Context: Mitigating and Avoiding Context Failures in LLMs

How to Fix Your Context: Mitigating and Avoiding Context Failures in LLMs

Larger context windows in LLMs cause poisoning, distraction, confusion, and clash. Effective context management (RAG, pruning, quarantine, summarization, tool loadouts, offloading) remains essential for high-quality outputs.

Read Article

SUBSCRIBE TO OUR NEWSLETTER

Stay up to date with the latest news and updates from our telecom experts