One Time Password

One Time Password as a Service

Secure online data and accounts with our OTP API. Generate, send, monitor and manage all OTPs via one convenient connection.

Speak to an expert To our developer docs

Trusted by brands globally

Don't become the next security breach headliner

Securing online interactions is a necessity, if you don't want to end up as the next security breach headliner. Implementing a bunch of loose apps and services can actually make you vulnerable for fraud, and it is often cost-inefficient. That's why we now offer our all-in-one OTP API.

All-in-one OTP solution via one single API

Our API handles the generation and validation of OTP codes, along with the setup and maintenance of selected channels. All you need to do is activate your channels and choose your routing preference.

Speak to an expert

Onboarding

Remove risk and friction from the onboarding process by verifying users before creating new accounts

Login

Grant access to users in a smooth and secure way by authenticating logins

Transaction authorisation

Protect data or monetary transactions from fraudsters by adding an additional security layer

Account management

Monitor login and changes to online accounts and other data to prevent unauthorised activities

Multiple channels, one connection

Pick and choose the best channels for your use cases and destinations, all available via one easy API connection. Leverage the top qualities of each channel to your benefit.

Ensure reach and deliverability with SMS or Voice
Increase security with WhatsApp, Viber or RCS
Reduce costs with email OTPs

Pick your preferred OTP channel

SMS

SMS' worldwide reach engages customers everywhere

WhatsApp's end-to-end encryption make it a secure choice for OTPs

Push

Did customers adopt your native app? Use push notification from within the app

Voice

Reach users with limited sight or who live in difficult to reach places

Email requires less personal information from customers, making it accessible

CM.com as your OTP provider

99.99% up-time of messaging platform
Direct global carrier connections
Secure, ISO-certified and redundant
24/7 traffic monitoring via our NOC
Fast delivery guaranteed

Protect your business and customers from fraud

With cybercrime on the rise, it's more important than ever to make sure your online accounts and data are protected. Because nobody wants to see their brand name in the papers as the new security breach headline. Authenticating and monitoring logins, sign-ups and transactions will put an additional layer of security onto your online services, giving fraudsters fewer chances to do harm.

one-time-password-api

Our other verification and security solutions

Verification API

One API for the most secure and user friendly verification services including OTPs and Number Verify. Only pay per successful verification.

Build your own verification

Build and configure your own tailored verification and security solution with nine available channels to perfectly fit existing processes.

Safeguard

CM Safeguard contains extensive tools to help protect accounts from fraudulent activity. From Destination Management to Recipient Limits and Alerts.

What is a One Time Password?

A One Time Password or OTP is a security code designed to be used for a single login attempt, to minimise the risk of fraudulent login attempts and maintain high security. It’s a string of characters or numbers automatically generated and sent to the user’s phone via SMS, Voice or Push message.

The OTP has become the standard method worldwide of enabling a login when special circumstances apply, such as validating a new account or confirming a transaction is legitimate.

How to send One Time Passwords?

Providers like CM.com offer OTPs as a service, with a secure platform for receiving or initiating OTP requests, sending the OTP as a text or other channel, and verifying the OTP was entered correctly, so the transaction can go ahead.

The infrastructure for making use of one-time passwords integrates with your website or application using an API. This is how a site “knows” whether an entered OTP is correct or not, with safeguards like checking it’s within the time window.

What are One Time Password channels?

There are several ways to send an OTP. Some give the option of receiving OTPs by email, although this tends to be less secure. Other providers even enable OTPs as voicemails, stating the PIN aloud when the customer checks the mailbox.

But by far the most common way to send OTPs is by Push or text messaging, typically an SMS or even WhatsApp message to the customer’s mobile phone.

How does a One Time Password work?

An OTP is generated automatically as a semi-random number or string of characters. There is no way to predict what the OTP will be ahead of time. OTPs are valid for a single login session or transaction, enhancing security by reducing the risk of unauthorised access even if the password is intercepted. Once used, the OTP expires, ensuring it cannot be reused for future logins or transactions.

Latest articles

Choose Your Region

Select a region to show relevant information. This may change the language.

Is this region a better fit for you?

One Time Password as a Service

Secure online data and accounts with our OTP API. Generate, send, monitor and manage all OTPs via one convenient connection.

Trusted by brands globally

Don't become the next security breach headliner