Voice OTP
Call your customers to provide a one-time-password instead of an SMS
End users can choose to receive the one-time password (OTP) by receiving a phone call instead of an SMS message. This feature is especially useful in regions that have high levels of undelivered SMS messages. This functionality adds an option to the standard SMS OTP, since phone calls generally are more practical and reliable.
The Voice OTP option is available when after an SMS is sent to the end user. Once users are on the verification screen they will see a link letting them know that if they did not receive the SMS message, they can receive an automated voice call instead. If they choose this option, they will receive a voice call with the OTP.
This method will call the user and a virtual speaker will dictate a one-time password to the user. The user is responsible for hearing the PIN and entering it into the authentication screen. The voice will repeat twice.
User Journeys
Voice OTP is supported in both Hosted Journeys and Journeys API integrations.
Hosted Journeys
Once the OTP is sent via SMS, if there is an issue receiving, the consumer can choose to receive the OTP via voice or SMS. Refer to the screens below:
Journeys API
An application directly integrating with the Next Identity API will call the otp/send
endpoint with the voice_with_otp
attribute in the method
parameter. This will create an outbound call to the consumer with an OTP. The application will accept the value of the OTP with the call to the otp/verify
endpoint .
- The application calls the
otp/send
endpoint with thevoice_with_otp
parameter. (See Send OTP). - The user receives a call with the OTP and enters that into the OTP field in the screen.
- The application calls the
otp/verify
endpoint (see Verify OTP). - The OTP is successfully verified.
The application can also display the resend link (see mockup for reference).
Sample call:
POST /idp/v1/otp/send
{
"auth_type": "sms",
"client_id": "c8462jyq9dnupu2q4j7sfjzvn6c87j92",
"redirect_uri": "https://localhost.com",
"user_id": "+15223450987",
"locale": "en-US",
"message": "This is your code: %code%",
"method": "voice_with_otp"
}
Localization
Supported locales are used by passing the ISO locale value into the locale
parameter.
The voice message received by the customer is:
“Dear Customer, your verification code is ###. Do not share the code with anyone.“
This message is set in the message
parameter of the call to the otp/send
endpoint.
Note on using default translated message
Alternatively, the flow can be configured to have the default translated message so that the application does not need to pass in the value to the API call. If the translation key in the flow is available, the
message
parameter can be omitted
The message
parameter will be translated by the application and passed in. The locale
parameter must be set to correspond with the language being sent in.
For example, in German, the message is "Sehr geehrter Kunde, ihre PIN ist %code%".
You must set the locale
parameter value to de-DE
for the automated speaker to properly read the message.
Note on the message for Voice OTP
Punctuations help with the cadence of the voice of the automated speaker. For example, a period indicates a long pause, while a comma, a short pause. The PIN will be indicated with %code%.
Sample call with German voice OTP message
POST /idp/v1/otp/send
{
"auth_type": "sms",
"client_id": "c8462jyq9dnupu2q4j7sfjzvn6c87j92",
"redirect_uri": "https://localhost.com",
"user_id": "+4930291930276",
"locale": "de-DE",
"message": "Sehr geehrter, Kunde Ihre pin ist %code%",
"method": "voice_with_otp"
}
Unsupported locales with Voice OTP
The following locales are not supported:
ar-SA
,bg-BG
,cs-CZ
,el-GR
,fi-FI
,gu-IN
,hr-HR
,hu-HU
,id-ID
,it-IT
,kn-IN
,mr-IN
,ms-MY
,sk-SK
,sl-SI
,sq-AL
,sr-RS
,ta-IN
,th-TH
,uk-UA
,zh-CN
,zh-HK
,zh-MO
For unsupported locales, the Voice OTP functionality will not be available to the user, even if the option is selected.
Dependencies
Voice OTP is supported by Next Identity Connect's TeleSign integration and TeleSign's Voice Verify service.
Regions
Telesign enables businesses to send and receive text messages from customers in 84 countries around the globe in order to provide support and engage them in the most ubiquitous method available.
Performance and Availability
TeleSign API Availability 99.99%
TeleSign's Service Level Metrics state that the company will make commercially reasonable efforts to uphold a performance that meets or exceeds the Service Level Metric Target.
Rate limiting
The current limit for transactions per second (TPS) is set at 50, but it can be raised if necessary.
Retry Mechanism
The consumer will be able to receive a voice call every 2 minutes, and the PIN is valid for 15 minutes.
Updated 11 months ago