Use cases

What is Octotp?

Octotp is an API for one-time verification codes. You generate a code, send it to your user, and validate it when they enter it. Use it for any flow where you need to verify a user with a short-lived code.

Use cases

Email verification

Verify that a user owns the email address they signed up with.

1. User enters their email.
2. Your backend calls Octotp to create a token for that email.
3. You send the code to the user (via your email service).
4. User enters the code in your app.
5. Your backend validates the code with Octotp.
6. Mark the email as verified.

Two-factor authentication (2FA)

Add a second factor to login or sensitive actions.

1. User enables 2FA and provides their phone number.
2. On login, create a token for that phone.
3. Send the code via SMS (using your SMS provider).
4. User enters the code.
5. Validate with Octotp before granting access.

Password reset

Verify identity before allowing a password change.

1. User requests a password reset.
2. Create a token for their email.
3. Include the code in your reset email.
4. User enters the code on the reset page.
5. Validate with Octotp, then allow the password change.

Phone number verification

Confirm that a user owns a phone number (e.g. for account recovery or notifications).

1. User adds a phone number.
2. Create a token for that number.
3. Send the code via SMS.
4. User enters the code.
5. Validate and mark the phone as verified.

Benefits across use cases

• One API for email and phone verification
• Same flow regardless of channel – create, deliver, validate
• Rate limiting built in to protect your usage
• Secure – codes are hashed; plain code returned only at creation

Get started

See how it works for the step-by-step flow, or the API integration guide for code examples.