nOTP Authentication
nOTP (no-tee-pee) is an authentication method that simplifies the login process for your users. With just a single click, they can log in via WhatsApp, eliminating the need for codes, usernames, and typing. At Descope, we understand that there is a lot of user friction around OTPs (One-Time Passwords), especially if you choose to send them via phone SMS. One-time passwords let you add another layer of authentication (or replace a current one completely) to your application. This layer of authentication, sometimes referred to as 2FA or MFA (two or multi-factor authentication), is crucial for today's authentication and authorization processes - as it indicates that the person who wants to use an account is not a bot or a hacker.
OTP's usually require the company to connect to email servers or SMS providers. Unlike traditional OTP methods, nOTP doesn't require the company to connect to email servers or SMS providers, which can significantly reduce costs as it scales with the number of users. Another example of a downside of OTP's the fact that SMS OTPs relay on cellular data and sometimes may cause issues for people commuting abroad.
With nOTP, we understand that most of the user market uses WhatsApp daily, and there is no reason not to.
Try it by yourself! at https://notp.guru
How does it work?
Here is a chart that explains the authentication process:
User Experience:
Customize
Customize your nOTP authentication from the Descope console (Authentication Methods > nOTP).
A one-time password (OTP) is an automatically generated string sent to the user during the onboarding (sign-up or sign-in) process to authenticate that user. The WhatsApp account will be waiting for the user to insert his OTP to continue the authentication process.
Setting | Variable | Details |
---|---|---|
Enable method in API and SDK | This toggle switch enables or disables the authentication method from being available for use within API and SDK | |
Expiration time | {{expirationTime}} | length of time after which link or code expires |
Templates
To create your templates, you need to use your WhatsApp business account for this process; the details are mentioned in the section below.
WhatsApp connector setup
Add your own WhatsApp business account for nOTP authentication from the Descope console (Connectors > WhatsApp Chat). This will allow you to customize the messages (verification approval, error) if needed.
Prerequisites
Connector Setup
- Connector name: Custom name for your connector. This will come in handy when creating multiple connectors from the same connector template.
- Connector description: Describe what your connector is used for.
- Phone Number ID: The WhatsApp unique phone number ID for the account phone number. See WhatsApp documentation above for more details
- Phone Number: The WhatsApp account phone number. See WhatsApp documentation for more details
- Token: The authentication token associated with the phone number Id.
- App Secret: The app secret associated with the WhatsApp Web Application.
- Webhook Verify Token: The webhook verify token associated with the WhatsApp Web Application.
Additional Steps
You need to configure the webhook in the WhatsApp Web Application:
- Callback URL: set
https://api.descope.com/v1/whatsapp/webhook/<your-project-id>
- Verify Token: set the webhook verify token associated with the WhatsApp Web Application. Read more about setting up webhooks in the WhatsApp Business API settings on the Developer Facebook Docs.
Important Note
In order to save the callback URL in WhatsApp app, you need to set the connector in the nOTP authentication page.