User Guides
Home

One-Time Passcode (OTP) Step

Verify user identity in RiskOS™ workflows with the OTP step, which sends and validates one-time passcodes via SMS, voice, or email.


What is a one-time passcode?

A one-time passcode is a unique, system-generated code valid for a single session. It is sent to a user’s phone number or email address, and the user must submit it back to the system for verification. This ensures that the user controls the communication channel being verified.


How it works in RiskOS™

  1. Add the OTP step to your workflow and select the delivery channel (SMS, Email, or Voice).
  2. Configure the status, sub-status, and queue to control how paused cases are tracked.
  3. When the workflow reaches the OTP step:
    • RiskOS™ sends the OTP via the selected channel.
    • The evaluation pauses until the OTP is provided via an API PATCH call (see API docs for details).
  4. The user provides the OTP through your application.
  5. RiskOS™ verifies the OTP received via the PATCH call and updates the evaluation outcome.
📘

Note: OTP is currently not supported for KYB and UBO verification.


Supported channels

  • Email: OTP sent to the user’s email address provided in data.individual.email.
  • SMS: OTP sent via text message to the phone number provided in data.individual.phone_number.
  • Voice (Phone Call): OTP delivered through an automated voice call to the phone number provided in data.individual.phone_number.

See also: OTP Verification

Updated about 1 month ago