Skip to main content
One-time passcodes (OTP) let you verify users by sending a short code over SMS or WhatsApp. OTPs are a good fit for passwordless login, phone verification, and step-up authentication when you need an additional factor.
OTPs can be targeted by toll fraud. Review the Toll fraud resources before enabling SMS at scale.

How OTPs work

  1. Collect the user’s phone number and request a passcode.
  2. The user enters the code they receive.
  3. Your app verifies the code and optionally establishes a session.

Next steps

API integration

Send and authenticate OTPs from your backend.

SDK integration

Add OTPs to Stytch Login with the frontend SDK.