Open in app

Sign in

Write

Sign in

AuthEasy — Passwordless with OTPs

Akhil Mantripragada
AuthEasy
Published in
3 min readNov 2, 2021

With AuthEasy, teams can set up password-less login/sign-up. A One Time Passcode or OTP sent via SMS is one of the easiest ways to implement passwordless authentication for users. This blog will look at what OTPs are and how to use them for your app with AuthEasy.

What are OTPs?

OTPs are One Time Passcodes that are generated at the time of login and sent to the users via SMS. If an app uses OTPs for authentication, the user is asked to enter their phone; a OTP is sent to their phone number via SMS. The user then enters the OTP to login. That’s it! This process eliminates the need for a password.

Advantages of OTPs include:

  • Making the user onboarding process seamless
  • Increasing user adoption
  • Reducing attacks associated with weak/compromised passwords

OTPs via SMS with AuthEasy

Here is a guide to setup SMS based authentication using AuthEasy (Note this guide is developer-friendly, we will do another blog for no-coders):

Step 1: Create a new app on AuthEasy

Step 2: Enable the Phone Auth method.

Step 3: Set the redirect URL. This is the URL that the user gets redirected to the app after successful authentication. AuthEasy sends a SessionId in a query parameter when sending the user back to the redirect URL.

Step 4: Set the session expiration time. OTPs expire after the expiration time, and the users will no longer be able to use the passcode.

Step 5: Enable/Disable IP Address match. When turned on, AuthEasy checks if the auth request origin and auth verification are from the same IP address or not.

Step 6: Choose between building your own login/sign-up page or using AuthEasy’s login/sign-up page.

If you use AuthEasy’s login/sign-up pages, customize the theme, logo, and text.

Step 7:

If you use AuthEasy’s login/sign-up pages, add the login/sign-up links to your website. You can find the links in the recipes tab.

If you are building your own login/sign-up pages: create a page with a form collecting the user’s phone. Call the APIs illustrated below to send a OTP to the user’s phone via SMS.

Step 8: The user is redirected back to the app after successfully authenticating to the URL specified Step 3. The session ID is passed as a query parameter (?sessionId=XXXX) to this URL. Use the Session ID, APP Key, APP Secret and make an API call to get more information about the user. Store the Session ID in local storage for future API calls.

That’s it! AuthEasy takes care of the authentication and verification of the user data. Teams can monitor sessions by logging in to AuthEasy.

Here is a link to all our API documentation (https://autheasy.readme.io) if you need more information about the APIs. Feel free to reach out to developer@autheasy.app if you have any questions.

Follow us on Twitter @autheasy to receive updates about our product.

Passwordless
Otp Verification
Otp Sms Service
Otp Sms
Developer

--

--

Akhil Mantripragada
AuthEasy

Written by Akhil Mantripragada

16 Followers
Editor for

Building @edveyHQ, @ZeoApp, @Autheasy. 🎉 Previously Founded Edulinc (Acquired by Pragya)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams