CloudSMS includes an "Advanced Mode" OTP generation and validation API that is extremely robust and in use by some of the largest OTP users in Singapore in terms of volume.
The "Advanced Mode" OTP message workflow mimics that of a traditional RADIUS authentication system. Additional parameter options for sending OTP SMS are available to configure OTP length, expiry time, etc, and OTP validation is provided by the CloudSMS API.
The CommzGate CloudSMS API will look for the placeholder ##OTP## in your message content, and replace this with the generated OTP code.
The following describes how an advanced mode OTP is triggered and subsequently validated.
Customer System (eg. Web Portal) validates initial user login credentials (eg. via local LDAP or Active Directory node)
If credentials are validated, Customer System sends OTP request via HTTPS to “CloudSMS”, which in turn generates and delivers OTP SMS to user.
User enters OTP value into Customer System, the Customer System in turn validates the OTP value entered against “CloudSMS” via a HTTPS request. See Section 3 for the ‘OTP Validation’ API.
“CloudSMS” replies with the OTP validation result. (e.g. ACCEPT or REJECT)
Customer System responses to User Login request, based on OTP validation result returned by “CloudSMS”.
See here for sample source code in C# for implementing OTP "Advanced Mode"
You can also use use our OTP default mode for implementing your OTP workflow in a simpler and faster way.