How to Send Voice OTP on a Phone Call in Node.js Using Express and Plivo

You can authenticate a phone number by delivering a one-time password (OTP) via a phone call. To do this, you call the number and read a sequence of digits to the recipient via text-to-speech. To verify the number, the user needs to confirm the digits by entering them using the phone’s keypad.

Developers commonly use voice OTP to verify new user registrations, online transactions, and login sessions in an app or website. In this blog post, we walk you through a sample implementation of sending a voice OTP using the Plivo Voice platform and PHLO, our visual workflow builder. Plivo’s direct carrier connectivity and intelligent routing engine guarantee the best call connectivity and quality.

Prerequisites

Before you get started, you’ll need:

  • A Plivo account — sign up for one for free if you don’t have one already.
  • A voice-enabled Plivo phone number if you want to receive incoming calls. To search for and buy a number, go to Phone Numbers > Buy Numbers on the Plivo console. Buy a New Plivo Number
  • Express and Plivo Node packages — run npm install plivo express to install them.
  • ngrok — a utility that exposes your local development server to the internet over secure tunnels.

Create a PHLO to send OTP via phone call

PHLO lets you construct your entire use case and build and deploy workflows visually. With PHLO, you pay only for calls you make and receive, and building with PHLO is free.

To get started, visit PHLO in the Plivo console and click on Create New PHLO. Click Create New PHLO to build a new PHLO. On the Choose your use-case window, click Build my own. The PHLO canvas will appear with the Start node. Click on the Start Node, under API request, fill in the Keys as from, to, and otp and then click on Validate. From the list of components, on the left-hand side, drag and drop the Initial Call component onto the canvas and connect the Start node with the Initiate Call node, using the API Request trigger state.

Configure the Initiate Call node with the using the From field. in the To field. Once you have configured a node, click Validate to save the configurations. Similarly, create a node for the Play Audio component and connect it to the Initiate Call node using the Answered trigger state. Next, configure the Play Audio node to play a specific message to the user — in this case, “Your verification code is <otp>.” Under Speak Text, click on Amazon Polly and paste the following:

<Speak voice="Polly.Amy">
    <prosody rate="medium">
        Your verification code is
    <break/>
    <break/>
    <say-as interpret-as="spell-out">{{Start.http.params.otp}}</say-as>
    </prosody>
</Speak>

and click on Validate to save.

Connect the Initiate Call node with the Play Audio node, using the Answered trigger state. After you complete the configurations, provide a friendly name for your PHLO and click Save.

Create a PHLO for Voice OTP

Use the PHLO in a Express application

Now you can use the PHLO in a Node.js express application by following the below steps:

  • Create a project directory, run the following command:
      $ mkdir mynodeapp
    
  • Change the directory to our project directory in the command line:
      $ cd mynodeapp
    
  • Install the Plivo SDK using npm
      $ npm install plivo
    
  • Install other modules
      $ brew install redis
      $ npm install redis
      $ npm install express
    

Run the PHLO to send OTP via phone call

Now you can trigger the PHLO and test it out. Copy the PHLO ID from the end of the URL of the workflow you just created. You’re also going to need your Auth ID and Auth Token. Create a Node.js source code file — let’s call it trigger_phlo.js — and paste this code into it:

const express = require('express');
const app = express();
const redis = require('redis');
const redisClient = redis.createClient();
var plivo = require('plivo');

// Make call to the destination number with OTP.
app.get('/dispatch_otp/:number', function(req, res) {
    const number = (req.params.number);
    const code = Math.floor(100000 + Math.random() * 900000);

    var client = new plivo.Client("<auth_id>", "<auth_token>");
    var response = client.calls.create(
        "+14151234567", // from
        number, // to
        "https://twofa-answerurl.herokuapp.com/answer_url/" + code, // answer url
        {
            answerMethod: "GET",
        },
    )
    console.log(response)
    redisClient.set(`number:${number}:code`, code, 'EX', 60);
    res.send(JSON.stringify({
        'status': 'success',
        'message': 'verification initiated'
    }));
});

// Validate the OTP entered by the user.
app.get('/verify_otp/:number/:code', function(req, res) {
    const number = (req.params.number);
    const code = (req.params.code);
    redisClient.get(`number:${number}:code`, function(err, OriginalCode) {
        if (OriginalCode == code) {
            redisClient.del(`number:${number}:code`);
            res.send(JSON.stringify({
                'status': 'success',
                'message': 'codes match! number verified'
            }));
        } else if (OriginalCode != code) {
            res.send(JSON.stringify({
                'status': 'failure',
                'message': 'codes do not match! number not verified'
            }));
        } else {
            res.send(JSON.stringify({
                'status': 'failure',
                'message': 'number not found!'
            }));
        }
    });
});

app.listen(5000);

Substitute actual values for <auth_id>, <auth_token>, and <PHLO_ID>. Save the file and run it with the command

$ node trigger_phlo.js

Boom — you’ve made an outbound call with the OTP as a text-to-speech message.

Simple and reliable

And that’s all there is to send OTP via a phone call using Plivo’s Node.js SDK. Our simple APIs work in tandem with our comprehensive global network. You can also use Plivo’s premium direct routes that guarantee the highest possible delivery rates and the shortest possible delivery times for your 2FA SMS and voice messages. See for yourself — sign up for a free trial account.

comments powered by Disqus

By submitting this form, you agree we may contact you in the manner described in our Privacy Policy