Developer Pages

# About Email OTP

Signicat's Email OTP is an authentication method based on one-time passwords (OTP) sent by email.

# Use cases

A typical scenario may be:

Scenario 1

  • An end-user wants to access your application that requires authentication.
  • Your application backend (via Signicat Email OTP) sends an email with an OTP code to the end-user.
  • The end-user enters the code and successfully authenticates.
  • You receive the end-user's email address as part of the response from Signicat.

In cases when you already know the user's email address, the scenario would be:

Scenario 2

  • You already know the email address of an end-user.
  • An end-user wants to access your application that requires authentication.
  • Your application backend (via Signicat Email OTP) sends an email with an OTP code to the end-user.
  • The end-user enters the code and successfully authenticates.
  • You receive a confirmation (true or false) in the response from Signicat.

Although Email OTP alone does not provide a high level of security, from a technical standpoint there is nothing that prevents a customer from using it as a standalone authentication method. However, it is more common and recommended to use Email OTP to boost an existing login process. Email OTP integrated with any username/password login solution will form a two-factor authentication method.

# Technical details

Here are some technical details about Email OTP:

  • An OTP code is 6 characters long. The code is a string of numerical digits. For example, 012345.
  • An OTP code is valid for three minutes. After that time, the OTP code expires and the end-user must request a new one.
  • The end-user can request up to three OTP codes within an authentication session. The authentication session window lasts for five minutes. After that, the end-user needs to start over.
  • An end-user has three attempts to enter the correct code. If authentication fails, the end-user needs to start over.
  • User authentication expires after 24 hours. After that time, the end-user receives a new OTP code when they try to access the service. Authentication expiration ensures additional security.

# User journey

When authenticating with Email OTP, the user journey looks like this:

Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide

Ready to see it in action? Follow the steps in the Setup guide to configure Email OTP in the Dashboard.

Last updated: 11/04/2024 07:47 UTC

Setup of Email OTP