Phone Verification - Custom Verification Code

[us...@dahmakan.com]

Hey,

We would like to generate the phone verification code on our backend and then send it to RingCaptcha to be used in the Phone Verification. It seems to work by sending an additional field 'code' to the endpoint, however there is no mention of this in the documentation. So before we start using this on production I'd like to check if this feature will stay and if so if it can be added to the documentation.

Example:

curl -X POST \

  https://api.ringcaptcha.com/app_key/code \

  -F 'phone=+123456' \

  -F code=1234 \

  -F api_key=api_key

Thanks!

[SoonHin Khor]

Hey Usiel,

Yes, this is a 100% supported feature!

How did you discover it?

Can you share with us your plans for setting the code yourself?

The reason why we still have not documented this is, some customers stop calling our '/verify' endpoint once they set the code on their backend as they can track the code they sent to each user and they can determine whether the user input the correct code on their own.

However if customers don't call '/verify', this puts the onus of maintaining the expiration of the OTP on their backend, which gets messy quickly.

Also it prevents us from tracking OTP usage/conversion rate of each our of customers, which is very important.

By tracking conversion rate that we can detect attacks such those where bots request for OTPs to rack up the cost of sending OTPs without ever using those OTPs, and also it helps us detect degraded OTP routes.

Once we detect attack scenarios, various mechanisms will trigger to defend against attacks.

Once we detect OTP degradation, various mechanisms will trigger to switch to better OTP routes or send auto-followup OTP through another route or through voice, etc.

Hope this information is useful and insightful on how we always ensure high OTP reliability.

khor

--
You received this message because you are subscribed to the Google Groups "Ringcaptcha" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ringcaptcha...@googlegroups.com.
Visit this group at https://groups.google.com/group/ringcaptcha.
To view this discussion on the web visit https://groups.google.com/d/msgid/ringcaptcha/f19c6722-60b1-4af8-a0ec-a76840642fb9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Real Users, Real Contact

RingCaptcha in 2-minutes

[us...@dahmakan.com]

Hey Khor,

We use OTPs for one of our internal apps. In some urgent cases if the employee does not get the OTP via SMS we need to be able to give her/him the OTP manually in order to allow them to login. I understand that this will affect the conversion rate, making it look better than it actually is, but can't think of any other easy solution. Let me know if you have any other approach that would work.

Usiel