Overview

Overview

Protect your customers from unauthorized users with our Vodacom OTP API

One-time password or OTP codes provide a mechanism for logging on to a network or service using a unique string of numeric characters that can only be used once

What is it?

What is it

One-time passwords (OTP) are a form of two-factor authentication (2FA) and automatically generates a string of numeric characters that authenticates a user for a single transaction or login session. Once a customer has logged in with an OTP, it expires and cannot be used for the next login session.

Through implementing the OTP API, your customers will be able to securely login to sensitive information without the concern of any cyber security threats.

Why use it?


Why use it
Benefits for your business:
  • Difficult to guess: OTPs are generated with algorithms that make use of a random string of numeric characters, which makes it difficult for attackers to guess and use them.
  • Ease of use: OTPs are easy to integrate into an organisation’s authentication strategy.
  • Two-factor authentication system (2FA): Requires two forms of validation for a user’s access to be granted – Thereby reducing the risk to the business for any possible customer data breaches.

How does it work?

How does it work

Send and verify one-time passwords (OTPs) your customers receive with our Vodacom OTP API


The OTP API is implemented in three easy steps:

Step 1

Set up your A2P
application

Implement the OTP API into your application and the user will automatically receive an OTP.

Step 2

OTP
authentication

Once the user has entered the code, it will be automatically authenticated.

Step 3

Access granted

If the user has entered the code correctly then access to your system will be granted. If the code was incorrectly entered, the OTP API will resend a new code.

Get Notified When We Launch

This API product is going through the final stages of development.
Submit your email address to be notified when the product is available for use in your application.

Test API Operations in Postman

View the steps required to test the API operations in Postman using the Postman Collections

Download Postman Collection
  1. Download the Postman Collection
  2. Open the file in Postman
  3. Generate an Access Token
  4. Enable Authorisation in Postman
  5. Start Testing the APIs

1. Download the Postman Collection

Click the Download Postman button at the top of the Documentation page of the relevant product to download the Postman Collection.

A zipped JSON file will be downloaded on to your computer that contains the Postman Collection. Unzip the file and save the contents in a convenient location.

2. Open the file in Postman

Open Postman on your computer and import the JSON file by following these steps:

  1. In Postman, click File > Import
  2. Remaining in the File tab, click Upload Files
  3. Navigate to where you saved the Postman Collection. Select the file and click Open
  4. You will now see a new Collection has been created in your left menu. Click the dropdown arrow to view all the available operations. The Headers, Body and URL will be prepopulated with the required information.

    3. Generate an Access Token

    OAuth 2.0 is an open standard for authorisation and it is used to provide your applications with secure delegated access. OAuth 2.0 works over HTTP and authorises devices, APIs, servers and applications with access tokens rather than credentials.

    Before testing the API you will need to set the authorisation by following these steps:

    1. In Postman, select the OAuth method in the left panel
    2. All necessary fields should be populated for you
    3. Click Send and you should receive a 200 success response
    4. You will see your access token in the access_token key of the JSON object received in the response, as seen in the image below
    5. Copy the access token to authorise your requests

    Please note, the access tokens in the sandbox environments are valid for 24 hours, after which you will have to generate a new access token below to continue testing.

    4. Enable Authorisation in Postman

    You can now use the access token to authorise your requests by following these steps:

    1. In Postman, select the API method you want to test in the left panel
    2. Click the Authorization tab
    3. Paste the copied access token you generated in step 3 in the Token field
    4. Your request will now be authorised

    5. Start Testing the APIs

    You are now ready to begin testing the API methods.

    View the response error details below to understand potential reasons why your request may be failing.

    HTTP Code Description
    401 Invalid or Expired Excess Token
    404 Unauthorized, Failed to Resolve the Request
    429 Rate Limit has been exhausted
    500 Failed to establish the backend connectivity