one-time-password
One Time Password API

One Time Password (OTP) as a Service

Secure online data and accounts with our OTP API. Generate, send, monitor and manage all OTPs via one convenient connection.

hero-one-time-password-otp-as-a-service

Trusted by brands globally

DigiD
Telegram
Aegon
Tantan

Don't become the next security breach headliner

Securing online interactions is a necessity, if you don't want to end up as the next security breach headliner. Implementing a bunch of loose apps and services can actually make you vulnerable for fraud, and it is often cost-inefficient. That's why we now offer our all-in-one OTP API.

one-time-password

All-in-one OTP solution via one single API

Our API handles the generation and validation of OTP codes, along with the setup and maintenance of selected channels. All you need to do is activate your channels and choose your routing preference.

Speak to an expert

Onboarding

Remove risk and friction from the onboarding process by verifying users before creating new accounts

Login

Grant access to users in a smooth and secure way by authenticating logins

Transaction authorisation

Protect data or monetary transactions from fraudsters by adding an additional security layer

Account management

Monitor login and changes to online accounts and other data to prevent unauthorised activities

Multiple channels, one connection

Pick and choose the best channels for your use cases and destinations, all available via one easy API connection. Leverage the top qualities of each channel to your benefit.

  1. Ensure reach and deliverability with SMS or Voice

  2. Increase security with WhatsApp, Viber or RCS

  3. Reduce costs with email OTPs

Pick your preferred OTP channel

sms-icon

SMS' worldwide reach engages customers everywhere

whatsapp-channel logo

WhatsApp's end-to-end encryption make it a secure choice for OTPs

push messaging

Did customers adopt your native app? Use push notification from within the app

voice channel

Reach users with limited sight or who live in difficult to reach places

email channel

Email requires less personal information from customers, making it accessible

CM.com as your OTP provider

  1. 99.99% up-time of messaging platform
  2. Direct global carrier connections
  3. Secure, ISO-certified and redundant
  4. 24/7 traffic monitoring via our NOC
  5. Fast delivery guaranteed

Protect your business and customers from fraud

With cybercrime on the rise, it's more important than ever to make sure your online accounts and data are protected. Because nobody wants to see their brand name in the papers as the new security breach headline. Authenticating and monitoring logins, sign-ups and transactions will put an additional layer of security onto your online services, giving fraudsters fewer chances to do harm.

one-time-password-api

Frequently Asked Questions

What is a One Time Password?

open vertical icon

A One Time Password or OTP is a security code designed to be used for a single login attempt, to minimise the risk of fraudulent login attempts and maintain high security. It’s a string of characters or numbers automatically generated and sent to the user’s phone via SMS, Voice or Push message.

The OTP has become the standard method worldwide of enabling a login when special circumstances apply, such as validating a new account or confirming a transaction is legitimate.

How to send One Time Passwords?

open vertical icon

Providers like CM.com offer OTPs as a service, with a secure platform for receiving or initiating OTP requests, sending the OTP as a text or other channel, and verifying the OTP was entered correctly, so the transaction can go ahead.

The infrastructure for making use of one-time passwords integrates with your website or application using an API. This is how a site “knows” whether an entered OTP is correct or not, with safeguards like checking it’s within the time window.

What are One Time Password channels?

open vertical icon

There are several ways to send an OTP. Some give the option of receiving OTPs by email, although this tends to be less secure. Other providers even enable OTPs as voicemails, stating the PIN aloud when the customer checks the mailbox.

But by far the most common way to send OTPs is by Push or text messaging, typically an SMS or even WhatsApp message to the customer’s mobile phone.

How does a One Time Password work?

open vertical icon

An OTP is generated automatically as a semi-random number or string of characters. There is no way to predict what the OTP will be ahead of time. OTPs are valid for a single login session or transaction, enhancing security by reducing the risk of unauthorised access even if the password is intercepted. Once used, the OTP expires, ensuring it cannot be reused for future logins or transactions.

Related articles

mobile-identity-service-hero
Dec 02, 2024 • Security

Leveraging Mobile Identity Services to know your customers

With cybercrime on the rise and rules and regulations rightfully getting stricter each year, you as a business must keep up with the pace of online security. Traditionally, a lot of organisations apply Multi- or Two-Factor Authentication (MFA or 2FA) to secure accounts and protect sensitive data. And for a lot of cases, it works well. But, to truly know your customers, Mobile Identity Services can help.

verification-services
Nov 04, 2024 • Security

Your one-stop-shop for verification services

Securing online accounts, data and users is a must in business today. At least, if you don't want to end up as the next security breach headline in the papers. But simply implementing a few, disconnected security measures isn't always enough. Loose apps and services become vulnerable to fraud and are often cost-inefficient. That's why CM.com now offers a one-stop-shop to safely secure your business: Verification API.

fraud-and-simplify-verification-processes-hero
Oct 21, 2024 • Security

Prevent fraud and simplify verification processes with Number Verify

Customer communication via SMS has become an integral part of the modern business landscape. In recent years, however, criminals have used SMS to steal data and money from both businesses and customers. But, to combat this, there's a new convenient, fast verification method to help businesses secure online accounts: Number Verify.

Protect Your Customers from Fraud With RCS Sender Verification
Jun 10, 2024 • Security

Protect your customers from fraud with RCS Sender Verification

Cybercrime is on the rise. Criminals attempt to impersonate trusted businesses to extract personal details, login credentials and even banking information from customers. As a result, the trust between customers and businesses is damaged. So, how can you help your customers know which messages are legitimate? RCS Business offers verified sender profiles, helping customers identify official business accounts and engage with businesses with confidence.

SMS Security
Apr 22, 2024 • Security

Secure your business with SMS OTPs and alerts

In the current digital era, technological and online advances are rapidly growing, creating new ways for businesses to engage their customers. Unfortunately, where there is growth, there will be criminals trying to steal some of the profits. Protecting business data, customer information and online accounts is a priority for every modern business. SMS security can help protect your business and your customers from online fraud and cybercrime.

blog-image-2fa-best-practices
Jan 08, 2024 • Security

Best practices for Two-Factor Authentication (2FA)

Enhancing platform security and implementing Two-Factor Authentication (2FA) processes are crucial for organisations to protect business and customer data. However, these security measures only work when employees and customers are willing to adopt and adhere to them. So, how can your business ensure employee and customer adoption? In this blog, we'll dive into Two-Factor Authentication (2FA), its benefits and best practices to ensure adoption.

customer lifetime value touch points in the journey blog explain
Oct 20, 2023 • Security

What is DMARC and how do you implement it?

In our digital age, email threats loom large, with phishing and spoofing becoming increasingly sophisticated. DMARC is the powerful shield that businesses and individuals need. This authentication protocol ensures email integrity, safeguarding against domain impersonation and cyberattacks. In this article, we demystify DMARC, explaining its significance in bolstering email security.

whatsapp-otp-security
Aug 28, 2023 • Security

How to use WhatsApp Business One Time Passwords

Chances are that you've received One Time Passwords (OTPs) before, often via SMS or email. But did you know there might be an even better platform to send OTPs on? WhatsApp Business Platform allows you to send One Time Passwords on your customers' favourite messaging channel, enhancing the customer experience and improving customer relations.

Is this region a better fit for you?
Go
close icon