Skip to main content

Overview

This guide shows how to use a voice one-time password (OTP) to verify a mobile number. We first make a call to the phone number to be verified and use text-to-speech to read a random sequence of digits to the call recipients. The user then confirms the digits by entering them using dialpad keypresses. Voice OTP is commonly used to verify new user registrations for an app or website. You can send a voice OTP either by using our PHLO visual workflow builder or our APIs and XML documents. Follow the instructions in one of the tabs below.
Here’s how to use Plivo APIs and XML to implement voice OTPs.

Prerequisites

To get started, you need a Plivo account — sign up with your work email address if you don’t have one already. If this is your first time using Plivo APIs, follow our instructions to set up a .NET development environment.

Create a voice OTP application

In Visual Studio, create a controller named otp.cs and paste into it this code.
using System;
using System.Collections.Generic;
using Plivo;
using StackExchange.Redis;
using Microsoft.AspNetCore.Mvc;
using Newtonsoft.Json;

namespace otp.Controllers {
  public class otp: Controller {
    public object dispatch_otp(String destination_number) {
      ConnectionMultiplexer redis = ConnectionMultiplexer.Connect("localhost: 6379");
      IDatabase conn = redis.GetDatabase();

      Random r = new Random();
      var code = r.Next(999999);
      var api = new PlivoApi("<auth_id>", "<auth_token>");
      var response = api.Call.Create(
        to: new List < String > {
          destination_number
        },
        from: "<caller_id>",
        answerMethod: "POST",
        answerUrl: "https://<yourdomain>.com/answer_url/" + code);
      var key = string.Format("number:{0}:code", destination_number);
      conn.StringSet(key, code, TimeSpan.FromSeconds(60));
    
      Verification verification = new Verification();
      verification.status = "success";
      verification.message = "verification initiated";
      string output = JsonConvert.SerializeObject(verification);
      return output;
    }
    
    public string verify_otp(String destination_number, String otp) {
      ConnectionMultiplexer redis = ConnectionMultiplexer.Connect("localhost: 6379");
      IDatabase conn = redis.GetDatabase();
    
      string key = $ "number:{destination_number}:code";
      var compare_code = (string) conn.StringGet(key);
    
      if (compare_code == otp) {
        conn.KeyDelete(key);
        Verification verification = new Verification();
        verification.status = "success";
        verification.message = "Number verified";
        string output = JsonConvert.SerializeObject(verification);
        return output;
      } else if (compare_code != otp) {
        Verification verification = new Verification();
        verification.status = "failure";
        verification.message = "Number not verified";
        string output = JsonConvert.SerializeObject(verification);
        return output;
      } else {
        Verification verification = new Verification();
        verification.status = "failure";
        verification.message = "Number not found";
        string output = JsonConvert.SerializeObject(verification);
        return output;
      }
    
    }
    
    private class Verification {
      public string status {
        get;
        internal set;
      }
      public string message {
        get;
        internal set;
      }
    }
  }
}
Replace the auth placeholders with your authentication credentials from the Plivo console. Replace the phone number placeholder with an actual phone number in E.164 format (for example, +12025551234).
Note: We recommend that you store your credentials in the auth_id and auth_token environment variables, to avoid the possibility of accidentally committing them to source control. If you do this, you can initialize the client with no arguments and Plivo will automatically fetch the values from the environment variables. You can use process.env to store environment variables and fetch them while initializing the client. You can store environment variables using <a href="https://docs.microsoft.com/en-us/dotnet/api/system.environment.setenvironmentvariable?view=netcore-3.1" rel="nofollow">Environment.SetEnvironmentVariable Method</a> and fetch them using <a href="https://docs.microsoft.com/en-us/dotnet/api/system.environment.getenvironmentvariable?view=netcore-3.1" rel="nofollow">Environment.GetEnvironmentVariable Method</a> when initializing the client.

Test

Save the file and run it, and start Redis.
$ redis-server
You should see your basic server application in action as below:
https://localhost:5001/dispatch_otp/?destination_number=<destination_number>
https://localhost:5001/verify_otp/?destination_number=<destination_number>&otp=<otp>