Versions Compared

Old Version 11

changes.mady.by.user Rahul Kumar

Saved on

compared with

New Version 12

changes.mady.by.user Manzarul Haque

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejs
titleGenerate OTP
Api details:
URI : v1/otp/generate
Method: POST
header: api key
request body:
 {
 "request":
     {
       "key":"email/phone value",
        "type" : "supported type as of now{email or phone}" 
     }

}

Response:
    Success or failure . (in case of success , user will get OTP either on email or phone) - Response structure will be same as sunbird other api's.

Case 1 : 200
     {
    "id": "api.otp.generate",
    "ver": "v1",
    "ts": "2018-11-28 11:12:31:853+0000",
    "params": {
        "resmsgid": null,
        "msgid": "8e27cbf5-e299-43b0-bca7-8347f7e5abcf",
        "err": "",
        "status": "success",
        "errmsg": ""
    },
    "responseCode": "OK",
    "result": {
         "response":"SUCCESS"
        }
}

 Case 2 : 400
     {
    "id": "api.otp.generate",
    "ver": "v1",
    "ts": "2018-11-28 11:12:31:853+0000",
    "params": {
        "resmsgid": null,
        "msgid": "8e27cbf5-e299-43b0-bca7-8347f7e5abcf",
        "err": "MAX_LIMIT_EXHAUSTED",
        "status": "MAX_LIMIT_EXHAUSTED",
        "errmsg": "Only 4 OTP can be generated with in 24 hours"
    },
    "responseCode": "CLIENT_ERROR",
    "result": {
        }
}

// 400 error code can have : Phone or email is already in used , INVALID_PHONE/EMAIL , PHONE/EMAIL IS BLOCKED.

Case 3 : 500
     {
    "id": "api.otp.generate",
    "ver": "v1",
    "ts": "2018-11-28 11:12:31:853+0000",
    "params": {
        "resmsgid": null,
        "msgid": "8e27cbf5-e299-43b0-bca7-8347f7e5abcf",
        "err": "SERVER_ERROR",
        "status": "SERVER_ERROR",
        "errmsg": "Process failed, please try again."
    },
    "responseCode": "SERVER_ERROR",
    "result": {
        }
}


-- This api will have following validations:

...

3. If requested phone/email is already in otp _ authenticate table and is not expired yet and attempt threshold is less than set value then send same OTP.

...

      https://docs.msg91.com/collection/msg91-api-integration/5/send-otp-message/TZ6HN0YI


ProsCons
  1. No need to manage OTP generation, resend and verification part
  2. Quick Initial setup
  1. Improve cost impact. (one OTP cost is 0.22 and one message cost is 0.18 )
  2. to implement some custom business logic , will take more time
,
  1. .
  2. Phone number will be exposed to third party

Table structure to store OTP:

...

Keydata typepurpose
idtext (primary key)



typetextpossible values are email or phone. Based on type we can identify key having value as email or phone
keytext (encrypted in DB)source against which OTP is generated (key will have value as either email or phone)
OTPtextgenerated OTP
createdOntimestampat which time it was generated
lastUsedOnupdatedOntimestampwhen it was last used
retryCountinthow many time user already retried it
isLockedbooleanif retry count exceed limit then isLocked true
lockedOntimestampwhen it was locked.


Table structure to store invalid/blocked phone number


Structure : 1


keydata typepurpose
phonetextphone number which is marked as invalid or blocked by sms gateway.
createdOntimestampwhen row inserted
blockedOntimestampwhen this user was blocked, if any phone number is blocked due to max hit or some other reason then we can move that row in this table and from OTP table will delete it.




Structure 2:



keydata typepurpose
keytextcan be invalid/blocked phone number or email
typetextAs of now it can be email or phone
createdOntimestampwhen row inserted
blockedOntimestampwhen this user was blocked, if any phone number is blocked due to max hit or some other reason then we can move that row in this table and from OTP table will delete it.



Open questions:

  •   Process to clear expired OTP or blocked OTP (when exactly we need to clear it.)   

...

...