Recently we had a change to show advantages of our Javascript based telephony engine by implementing SMS based one time password generation system to secure a mobile app. The operator wanted to verify the user by its phone number, i. e. send a short 6-digit passcode which user would enter in the app or website to verify their identity. The concept, known as 2 factor authentication, is not new, but provides much higher level of security compared to traditional username and password systems. Many online banking systems widely use it nowadays, however, ready made, out of the box solutions are rare. Partially that is due to the fact that technical details vary from case to case, API details, localization, etc.
We saw a great opportunity here to try out or script engine. And while it was originally developed for IVR and Voice, it was not difficult to add more functions to since the platform it runs on, SAARA, already supports Voice and SMS. The steps how the process would work was following:
- Use RESTful API to receive request from application. The request would contain a phone number which needs to receive an OTP, and optionally a locale to use.
- Generate a random, 6 digit code, and reply it back via same API call.
- Create a message, respecting locale, and include the generated code.
- Send an SMS, by means of external carrier
Technically, these were the main additions we made:
1. The ability to receive and parse API requests. In this case, our API received a JSON representing a request to generate a passcode:
2. A random number generator. Standard Javascript is perfect here, and following peace of code generates a string of 6 randomly generated digits from 0 to 9. We had to introduce some string functions we didn't have before:
3. And finally, sending result by SMS:
I omitted language localization part, however, the above should give an idea how Script based Telehony engine can be used not only for IVR, but also text messaging.
