OTP Controls
🔢 otp Controls – Configuration for OTP-Based Notifications
otp Controls – Configuration for OTP-Based NotificationsWhen the msg_type is set to "OTP" in the generateRVN API, the controls.otp section allows you to customize how the OTP (One-Time Password) is generated, secured, and validated.
This section defines the OTP's format, maximum entry attempts, and hashing mechanism.
⚙️ Sample Structure
"controls": {
"otp": {
"attempts": 3,
"hash_spec": "sha256",
"otp_spec": "N-6"
}
}🔍 Field Descriptions
| Field | Type | Description |
|---|---|---|
attempts | integer | (Optional) Maximum allowed attempts for OTP entry. Default is 3. |
hash_spec | string | (Optional) Algorithm to hash the generated OTP for storage. Default is Base64. Options include sha256, sha384, sha512, hex-sha256, etc. |
otp_spec | string | (Optional) Defines the format and length of the OTP. Default is N-6. |
🔐 otp_spec Formats
otp_spec FormatsEach spec is a combination of a character set and length:
| Format | Characters Used | Description |
|---|---|---|
N-x | Numbers | Numeric OTP of length x |
L-x | Lowercase letters | Alphabetic (lowercase) OTP |
U-x | Uppercase letters | Alphabetic (uppercase) OTP |
M-x | Mixed case letters | Mixed uppercase/lowercase |
LN-x | Lowercase + numbers | Alphanumeric OTP |
UN-x | Uppercase + numbers | Alphanumeric OTP |
MN-x | Mixed case + numbers | Stronger alphanumeric OTP |
Where x is the OTP length (must be between 4 and 9).
otp_specdefines the allowed characters but does not guarantee that each type of character appears in the final OTP.
🔐 hash_spec Options
hash_spec Options| Value | Description |
|---|---|
sha256 | OTP is hashed with SHA-256 |
sha384 | OTP is hashed with SHA-384 |
sha512 | OTP is hashed with SHA-512 |
hex-sha256 | Same as above but encoded in hex |
| (empty) or base64 | Default behavior – base64 encoded string |
REL-ID server hashes the OTP before storing and compares using the same logic when
validateOTPis called.
🧠 Best Practices
- Set
attemptsbased on security sensitivity (e.g., 3-5). - Use
N-6for standard numeric OTPs. - Prefer
sha256or stronger for hashing. - Handle OTP expiry using the main
expires_inparameter.
Use theotpsection to tightly control how one-time passwords are created, hashed, and validated for secure transaction flows.
Updated 3 months ago