Skip to main content
  • Node
  • Ruby
  • Python
  • PHP
  • .NET

Overview

This guide shows how to use a voice one-time password (OTP) to verify a mobile number. We first make a call to the phone number to be verified and use text-to-speech to read a random sequence of digits to the call recipients. The user then confirms the digits by entering them using dialpad keypresses. Voice OTP is commonly used to verify new user registrations for an app or website.You can send a voice OTP either by using our PHLO visual workflow builder or our APIs and XML documents. Follow the instructions in one of the tabs below.
  • Using XML
Here’s how to use Plivo APIs and XML to implement voice OTPs.

Prerequisites

To get started, you need a Plivo account — sign up with your work email address if you don’t have one already. If this is your first time using Plivo APIs, follow our instructions to set up a Node.js development environment.

Create a voice OTP application

Create a file called voiceotp.js and paste into it this code.
const express = require('express');
const app = express();
const redis = require('redis');
const redisClient = redis.createClient();
var plivo = require('plivo');

// Make call to the destination number with OTP
app.get('/dispatch_otp/:number', function(req, res) {
    const number = (req.params.number);
    const code = Math.floor(100000 + Math.random() * 900000);

    var client = new plivo.Client("<auth_id>", "<auth_token>");
    var response = client.calls.create(
        "<caller_id>", // from
        number, // to
        "https://<yourdomain>.com/answer_url/" + code, // answer url
        {
            answerMethod: "GET",
        },
    )
    console.log(response)
    redisClient.set(`number:${number}:code`, code, 'EX', 60);
    res.send(JSON.stringify({
        'status': 'success',
        'message': 'verification initiated'
    }));
});

// Validate the OTP entered by the user
app.get('/verify_otp/:number/:code', function(req, res) {
    const number = (req.params.number);
    const code = (req.params.code);
    redisClient.get(`number:${number}:code`, function(err, OriginalCode) {
        if (OriginalCode == code) {
            redisClient.del(`number:${number}:code`);
            res.send(JSON.stringify({
                'status': 'success',
                'message': 'Codes match — number verified'
            }));
        } else if (OriginalCode != code) {
            res.send(JSON.stringify({
                'status': 'failure',
                'message': 'Codes do not match — number not verified'
            }));
        } else {
            res.send(JSON.stringify({
                'status': 'failure',
                'message': 'Number not found'
            }));
        }
    });
});

app.listen(5000);
Replace the auth placeholders with your authentication credentials from the Plivo console. Replace the phone number placeholder with an actual phone number in E.164 format (for example, +12025551234).
Note: We recommend that you store your credentials in the auth_id and auth_token environment variables, to avoid the possibility of accidentally committing them to source control. If you do this, you can initialize the client with no arguments and Plivo will automatically fetch the values from the environment variables. You can use process.env to store environment variables and fetch them when initializing the client.

Test

Save the file and run it, and start Redis.
$ node voiceotp.js
$ redis-server
You should see your basic server application in action as below:
http://localhost:5000/dispatch_otp/?destination_number=<destination_number>
http://localhost:5000/verify_otp/?destination_number=<destination_number>&otp=<otp>