Introduction

nOTP (no-tee-pee) is an authentication method that simplifies the login process for your users. With just a single click, they can log in via WhatsApp, eliminating the need for codes, usernames, and typing. At Descope, we understand that there is a lot of user friction around OTPs (One-Time Passwords), especially if you choose to send them via phone SMS.

One-time passwords let you add another layer of authentication (or replace a current one completely) to your application. This layer of authentication, sometimes referred to as 2FA or MFA (two or multi-factor authentication), is crucial for today's authentication and authorization processes

  • as it indicates that the person who wants to use an account is not a bot or a hacker.

OTP's usually require the company to connect to email servers or SMS providers. Unlike traditional OTP methods, nOTP doesn't require the company to connect to email servers or SMS providers, which can significantly reduce costs as it scales with the number of users.

Another example of a downside of OTP's the fact that SMS OTPs relay on cellular data and sometimes may cause issues for people commuting abroad.

With nOTP, we understand that most of the user market uses WhatsApp daily, and there is no reason not to.

Try it by yourself! at https://notp.guru

How does it work?

Here is a chart that explains the authentication process:

Descope nOTP process explination


User Experience:

Descope nOTP User Experience

Customize

Customize your nOTP authentication from the Descope console (Authentication Methods > nOTP).

A one-time password (OTP) is an automatically generated string sent to the user during the onboarding (sign-up or sign-in) process to authenticate that user. The WhatsApp account will be waiting for the user to insert his OTP to continue the authentication process.

To create your templates, you need to use your WhatsApp business account for this process; the details are mentioned in the section below.

Descope nOTP customize messages

WhatsApp connector setup

Add your own WhatsApp business account for nOTP authentication from the Descope console (Connectors > WhatsApp Chat). This will allow you to customize the messages (verification approval, error) if needed.

Prerequisites

  1. WhatsApp business account
  2. Set up Webhooks

Connector Setup

  • Connector name: Custom name for your connector. This will come in handy when creating multiple connectors from the same connector template.
  • Connector description: Describe what your connector is used for.
  • Phone Number ID: The WhatsApp unique phone number ID for the account phone number. See WhatsApp documentation above for more details
  • Phone Number: The WhatsApp account phone number. See WhatsApp documentation for more details
  • Token: The authentication token associated with the phone number Id.
  • App Secret: The app secret associated with the WhatsApp Web Application.
  • Webhook Verify Token: The webhook verify token associated with the WhatsApp Web Application.

Additional Steps

You need to configure the webhook in the WhatsApp Web Application:

  • Callback URL: set https://api.descope.com/v1/whatsapp/webhook/<your-project-id>
  • Verify Token: set the webhook verify token associated with the WhatsApp Web Application. Read more about setting up webhooks in the WhatsApp Business API settings here.

Important note: * In order to save the callback URL in whatsapp app, you need to set the connector in the nOTP authentication page.

Flows

After setting up nOTP, we can use it inside flows.

Screen Component

In the screen builder, you can search and find the Login With WhatsApp component:

Descope nOTP screen component

Action

Now, after having the screen ready, we can use the action for signing in/up with nOTP:

Descope nOTP flow

Additional information

  • The link that is being sent is not an authetnication link.
  • The nOTP verification should be the last step of the flow.