Business Messaging Wholesale Messaging Enterprise Voice Identity

One-Time Password

Authenticate users and transactions with OTP and 2FA.


Use One-Time Passwords (OTP) in Two-Factor Authentication (2FA) to ensure a user is who they claim to be when they login or perform transactions.

Categories: Enterprise Communications 

Accessing accounts and performing transactions requires strong user authentication. In the context of customers, it is strong customer authentication (SCA) that is required and often mandated. One-Time Passwords (OTP), along with Two-Factor Authentication (2FA), provide a means to verify that a person is who they claim to be.

OTP Use Cases:

  • User login as part of 2FA
  • Transaction authentication
  • Customer onboarding - verify mobile number and/or email address

Ways to use One-Time Password

The Melrose Labs One-Time Password service provides the means to process One-Time Passwords using one of two ways. OTPs are generated by the service and sent to users, or generated by an application on the user's device (e.g. Google Authenticator).

Sending OTPs to Users

Sending One-Time Passwords to users can be done with a REST call to our OTP API, and delivered via SMS text message, voice call or email.

When using the Melrose Labs One-Time Password service, we don't let you know the actual One-Time Password that has been sent to your user, therefore preventing potential leakage of this critical information at the source.

OTP and Google Authenticator

Users can quickly be enrolled with the One-Time Password service and use the Google Authenticator mobile app on their mobile to generate OTPs. The user provides the OTP that was generated on their mobile and the service then verifies this.

Use of this method may be preferable in some scenarios.

Integrate with the One-Time Password service

Integrate OTP into your application using our OTP API. For simple integration, use one OTP API call to send an OTP to a user and another API call to verify what the user provided.

Sending OTP codes and verifying code from user

To send an OTP, you specify the message content and the recipient. You can also specify the complexity of the OTP (e.g. length, digits-only, letters-only or letters and digits) and its expiry. Delivery of the OTP will take place in a few seconds when using SMS text.

Verify code from user when using Google Authenticator

Make a call to the OTP service API and provide the code from the user and the user's OTP service user ID.

Service snapshot

  • Part of strong customer authentication
  • Simple OTP service API
  • OTP delivery to device or device generated OTP (TOTP)
  • OTP delivered via SMS, voice or email

Find out more...

Please provide your name.
Please provide a valid company name.
Please type your message.
Please provide a valid email address.