Skip to main content

notes

OTP Verification Process

  1. Code Validation: Verifies the OTP code format and validity
  2. User Lookup: Searches for existing customer with the mobile number
  3. Auto-Registration: If no customer exists, creates a new customer account automatically with:
    • Auto-generated username (format: customer_XXXXXX)
    • Mobile number from OTP request
    • Default active status based on system configuration
  4. Token Generation: Creates or retrieves authentication token
  5. Session Management: Handles multiple session settings
  6. Code Cleanup: Removes used OTP code from system

Validation Rules

  • Code Format: Must match the configured OTP code length
  • Code Validity: Must be unexpired and unused
  • Auto-Registration: New customers are automatically created if they don't exist
  • Username Generation: Auto-generated usernames use "customer_" prefix with unique identifier

Authentication Flow Overview

Traditional Username/Password Flow

  1. Signup: Create account with username and password
  2. Signin: Authenticate using credentials to receive token

OTP-Based Flow

  1. Request OTP: Submit mobile number to receive verification code
  2. Verify OTP: Submit code to authenticate and receive token
  3. Auto-Registration: New users are automatically registered during verification

Token Usage

Once authenticated, include the token in subsequent API requests:

Authorization: Token <your_api_token>

Security Features

  • Password Validation: Enforced during signup
  • Account Status Check: Only active accounts can authenticate
  • Token Management: Automatic token generation and session handling
  • OTP Expiration: Time-limited verification codes
  • Multiple Session Control: Configurable session management