Skip to content
/ otp-verification-api Public

A serverless AWS Lambda API for sending and verifying one-time passwords (OTPs) via SMS and Email, using Amazon SNS, SES, and MongoDB for secure 5-minute OTP management and verification.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MyGovHub-Goodbye-World/otp-verification-api

BranchesTags

Repository files navigation

OTP Verification API

This serverless API provides a complete solution for sending and verifying one-time passwords (OTPs) via both SMS and email. It is built to be deployed on AWS and leverages AWS Lambda, API Gateway, SNS for SMS, and SES for email notifications. OTP records are stored and managed in a MongoDB database.

© 2025

Features

  • Dual Channel OTP: Send OTPs to users via SMS or Email.
  • Secure Verification: OTPs are stored with a 5-minute expiration time.
  • Serverless Architecture: Built with the Serverless Framework for easy deployment and scalability on AWS.
  • MongoDB Integration: Uses MongoDB to store and manage OTP codes and their expiration.

API Endpoints

The API is handled by a single Lambda function that routes requests based on the endpoint path.

1. Send OTP

This endpoint generates and sends a 6-digit OTP to the user's specified contact method (phone or email).

  • Endpoint: POST /send-otp/{type}
  • URL Parameter:
    • type: The delivery method. Must be either phone or email.

Send to Phone

  • Endpoint: POST /send-otp/phone

  • Request Body:

    {
    "phoneNumber": "+11234567890"
}

  • Successful Response (200):

    {
    "message": "OTP sent successfully"
}

Send to Email

  • Endpoint: POST /send-otp/email

  • Request Body:

    {
    "email": "[email protected]"
}

  • Successful Response (200):

    {
    "message": "OTP sent successfully via email"
}

2. Verify OTP

This endpoint validates the OTP submitted by the user against the stored record.

  • Endpoint: POST /verify-otp

  • Request Body:

    {
    "identifier": "+11234567890", // Or "[email protected]"
    "otp": "123456"
}

  • Successful Response (200):

    {
    "message": "OTP verified successfully"
}

  • Error Responses (400):

    • {"error": "Invalid OTP"}
    • {"error": "OTP expired"}
    • {"error": "OTP not found"}

Prerequisites

  1. AWS Account: With credentials configured for use with the Serverless Framework.
  2. Node.js & npm: Required for the Serverless Framework and its plugins.
  3. Python 3.10: As specified in the serverless.yml.
  4. MongoDB Database: A MongoDB cluster (e.g., on MongoDB Atlas) accessible from AWS.
  5. AWS SES: Your "From" email address (SES_SOURCE_EMAIL) must be verified in AWS Simple Email Service (SES).
  6. AWS SNS: Your account must have permissions and spending limits configured for sending SMS messages.

Environment Variables

You need to create a .env file in the root of the project with the following variables:

# MongoDB Configuration
MONGODB_MCP_URL=<your_mongodb_connection_string>
DB_NAME=verification
COLLECTION_NAME=otp

# AWS SES Configuration
SES_SOURCE_EMAIL=<[email protected]>

About

A serverless AWS Lambda API for sending and verifying one-time passwords (OTPs) via SMS and Email, using Amazon SNS, SES, and MongoDB for secure 5-minute OTP management and verification.

Topics

api otp mongodb authentication aws-lambda serverless email sms verification sns

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages