Question 1

What is Octotp?

Accepted Answer

Octotp is an API service that generates and validates one-time verification codes. You use it when you need to verify a user's email or phone number with a short code, such as for email verification, two-factor authentication, or password reset.

Question 2

How do I integrate Octotp?

Accepted Answer

Sign up, create a project, and get an API key. Call POST /api/tokens to create a code and POST /api/tokens/validate to verify it. Include the X-Api-Key header with your project key. See our API integration guide for full examples.

Question 3

Is there a free plan?

Accepted Answer

Yes. The free tier includes 60 tokens per minute, enough for development and small applications. No credit card required.

Question 4

How long do codes last?

Accepted Answer

Codes expire after 5 minutes by default. You can override this with the expiresInSeconds parameter when creating a token.

Question 5

Can I use Octotp for both email and SMS?

Accepted Answer

Yes. The API accepts either recipientEmail or recipientPhone. You are responsible for delivering the code to the user via your own email or SMS provider.

Question 6

Are codes secure?

Accepted Answer

Codes are hashed before storage. The plain code is returned only once when you create the token. Each token can be validated only once.

Question 7

What are the rate limits?

Accepted Answer

The free tier allows 60 tokens per minute per API key. Paid plans offer higher limits. Rate limiting is enforced per project.

Question 8

How do I deliver the code to my user?

Accepted Answer

Octotp generates the code; you deliver it. Use your existing email service (SendGrid, SES, etc.) or SMS provider (Twilio, etc.) to send the code to the user. The API returns the code in the create response.

Frequently asked questions