Skip to content
POST AI agent ready /v1/otp/generate

OTP Generator API - Create Verification Codes via REST

Generate a cryptographically random numeric one-time password with configurable length (4-8 digits). Each OTP includes a suggested expiration time and a timestamp.

Parameters

number

The number of digits in the OTP (4-8).

string

Optional label describing the OTP use case. Included in the response if provided.

Code examples

curl -X POST https://api.botoi.com/v1/otp/generate \
  -H "Content-Type: application/json" \
  -d '{"length":6,"purpose":"email-verification"}'

When to use this API

Generate verification codes for email or SMS confirmation

When a user signs up or resets their password, generate a 6-digit numeric OTP and send it via email or SMS. Verify it on submission. No need to build your own random number generator with proper entropy.

Create temporary access codes for guest Wi-Fi or kiosks

Generate alphanumeric OTPs as short-lived access codes for guest networks, shared kiosks, or temporary admin access. The built-in expiration window makes cleanup straightforward.

Add a second factor to your login flow

After the user enters their password, generate an OTP and deliver it via a side channel (SMS, email, push notification). Verify the code server-side before granting access.

Frequently asked questions

Are the generated OTPs cryptographically random?
Yes. The OTP is generated using a cryptographically secure random number generator (CSPRNG), not Math.random() or similar weak sources.
Does the API store or track generated OTPs?
No. The OTP is generated, returned in the response, and discarded. You are responsible for storing it temporarily on your end and comparing it when the user submits it.
What does the expiresIn field mean?
It is a suggested TTL (time to live) in seconds. The API does not enforce expiration; it is a recommendation for your application. You should store the OTP with a timestamp and reject it after the window passes.
What is the maximum OTP length?
You can generate OTPs between 4 and 8 digits long. For SMS verification, 6 digits is the standard choice.
How is this different from the TOTP endpoint?
This endpoint generates a random OTP that you store and verify yourself. The TOTP endpoint (/v1/totp/generate) produces time-based codes compatible with authenticator apps like Google Authenticator and Authy. Use OTP for email/SMS codes; use TOTP for authenticator app flows.

Get your API key

Free tier includes 5 requests per minute with no credit card required. Upgrade for higher limits.

Sign up free View full docs