The OTP (One-Time Password) Free Service is a Node.js-based service that allows you to generate and verify one-time passwords (OTP) via email. This service is useful for adding an extra layer of security to your applications by enabling two-factor authentication (2FA) or passwordless login.
| Feature | Description |
|---|---|
| Generate numeric, alphanumeric, or alphabet based OTPs | Generate one-time passwords with various character types: numeric, alphanumeric, or alphabet based. |
| Send OTPs via email | Send OTPs to users via email for authentication or verification. |
| Verify OTPs for user authentication | Verify OTPs provided by users for secure authentication. |
| Automatic cleanup of expired OTPs | Automatically remove expired OTPs from the database based on a configured cron schedule. |
| Spam detection | Detect spam requests and block them from being processed. |
| Customizable OTP validity period and size | Adjust the validity period and size (length) of OTPs to match your security requirements. |
| Rate limiting for OTP generation | Implement rate limiting to prevent abuse and ensure the service is used responsibly. |
| Multiple email service providers supported | Choose from multiple email service providers (e.g., Gmail, Outlook) to send OTP emails. |
| Flexible configuration via environment variables | Customize the service's behavior by configuring environment variables. |
| Easy-to-use API with JSON input/output | Interact with the service through a user-friendly JSON API for OTP generation and verification. |
Before you begin, ensure you have met the following requirements:
| Prerequisite | Description |
|---|---|
| Node.js and npm | Install Node.js and npm on your development machine. |
| MongoDB database | Set up a MongoDB database (local or cloud-hosted, e.g., MongoDB Atlas) for storing OTP data. |
-
Clone the repository:
git clone https://github.com/sauravhathi/otp-service.git
-
Navigate to the project directory:
cd otp-service -
Install the dependencies:
npm install
-
Configure your environment variables by creating a
.envfile in the project root directory. You can use the provided.env.exampleas a template. -
Start the service:
npm start
The service should now be running on the specified port (default is 3000).
To generate an OTP for a user, make a POST request to the /api/otp/generate endpoint with the user's email address in the request body. You can also specify the OTP type, organization name, and email subject.
Example request:
POST /api/otp/generate
{
"email": "user@example.com",
"type": "numeric",
"organization": "MyApp",
"subject": "OTP Verification"
}The service will send an email containing the OTP to the user's email address.
To verify an OTP for user authentication, make a POST request to the /api/otp/verify endpoint with the user's email address and the OTP in the request body.
Example request:
POST /api/otp/verify
{
"email": "user@example.com",
"otp": "123456"
}The service will respond with a success message if the OTP is valid.
You can customize the OTP service by modifying the environment variables in the .env file. Here are some key configuration options:
| Variable | Description |
|---|---|
PORT |
The port on which the service listens. |
MONGODB_URI |
The MongoDB connection string. |
OTP_VALIDITY_PERIOD_MINUTES |
The validity period of OTPs in minutes. |
OTP_SIZE |
The size (length) of OTPs. |
CRON_SCHEDULE |
The cron schedule for OTP cleanup. |
ALLOWED_DOMAINS |
Comma-separated list of allowed email domains. |
GMAIL_USER |
Gmail username (used for sending emails). |
GMAIL_PASS |
Gmail password (used for sending emails). |
BLOCK_KEYWORDS_RULES |
Comma-separated list of blocked keywords. |
The service automatically clears expired OTPs based on the configured cron schedule. By default, it runs daily at midnight to remove expired OTPs.
The service uses a spam detection mechanism to prevent abuse. It checks the request body for spam keywords and blocks the request if any are found. You can configure the spam keywords by setting the SPAM_WORDS environment variable.
If you find this project useful and want to support its development, consider buying us a coffee! Your support is greatly appreciated.
Donate: saurav.34@paytm
This project is licensed under the MIT License. See the LICENSE file for details.