Skip to main content

SendOTP API

If you want to send a one-time password (mobile confirmation code) to your users, you can use this api. Under normal circumstances, you can send OTP to your users using the SendMessage api, but if you use this api, otp messages that you send are logged in a separate databases and they can be analused when requested by admin users.

Another advantage of sending otp messages with this api instead of SendMessage api is in the processing of the otp message in the mobile clients. DLG Mobile SDK will process the otp message and fire otp value to main application that use itself. By this way, main application can use otp value automatically without need of any intervention by user.

OTP messages can consist of text, images and buttons. If you want you can send otp message that has only text, or text and image or text, buttons or text, image and buttons

Request URI#

https://<DIYALOG-SERVER-API-ENDPOINT>/v1/bots/sendmok/<YOUR-BOT-ACCESS-TOKEN>

Example Request#

curl -X POST -H "Content-Type: application/json" -d '{
"customerNo": "123456789",
"messageId": "messageId-74",
"mokMessage": "Your one time password is \"123456\" ",
"mokValue": "33",
"imageUrl" : "https://dlgmessenger.com/otp.jpg",
"txCode": "LOG2",
"deviceId": "628FAF5A-B690-4E1A-A0EC-1518A6334F0B",
"buttonsV2" :
[
{
"type" :"postback",
"title" : "Approve",
"payload" : "123456",
"payloadHidden" : true,
"payloadSeenByUser": "Onaylıyorum"
},
{
"type" :"postback",
"title" : "Dismiss",
"payload" : "cancelled",
"payloadSeenByUser": "İptal Edildi"
}
]
}' "https://<DIYALOG-SERVER-API-ENDPOINT>/v1/bots/sendmok/<YOUR-BOT-ACCESS-TOKEN>"

Request Details#

PropertyTypeDescriptionMandatory
customerNoStringIt is the customer id that you want to send otp message.Yes
messageIdStringIt is message id that received from the request of your message. When a button pressed in the Button Template message by user, this id will return to your application with the payload of the button. By this way, you will have an additional data that will help you find which button pressed.Yes
mokMessageStringIt is the otp message text.Yes
mokValueStringIt is the value of the otp. This property will be used to fire otp value as event to the main mobile application that use DLG mobile SDK.Optional
imageUrlStringIf you want to add an image to your otp message, you can give the uri address of your image to this field.Optional
txCodeStringThis property is helpfull for logging the otp messages according to transaction code that otp send for. This property is only used for analysis.Optional
deviceIdStringThis property is helpfull for logging the otp messages according to users's mobile device id that otp send for. This property is only used for analysis.Optional
buttonsV2Array<buttonV2>You can add buttons like confirm or cancel to your OTP message by this property. With these buttons, the user can automatically receive confirmation to your otp messages.Optional

buttonV2#

PropertyTypeDescriptionMandatory
typeStringDetermines the behavior of the button when the button is pressed. There are two types, "postback" and "web_url".Yes
titleStringTitle of the button.Yes
payloadStringIt is the payload of the button. If button type is "postback", the value of this property will return to your application via webhook when pressed the button by the user. If button type is "web_url", the value of it should be a valid uri address. Because when pressed the button, this uri will be open in the user's device.Yes
payloadHiddenBooleanThis property is applicable for postback type of button. If it is set as true, the payload of the button signed with your company's secret keys in the user's device, return to your application via webhook when user pressed the button.Optional
payloadSeenByUserStringThe value of this property will be displayed in the chat screen of the user when pressed the button. If it does not set, the value of the payload will be displayed in the chat screen.Optional
Important Note :

When user pressed a button in a message, the value of the payload property will return to your application via webhook mechanism.

If the value of the payloadHidden is true, the payload of the button signed with your company's secret keys in the user's device, return to your application via webhook when user pressed the button. By this way, you can be sure about the payload return from a valid device. Sure, your application can decrypt and validate the signed payload.

Another critical information is messageId in the payload object. It is important, because it is returned to your application together with payload when user pressed the button. By this way, you can determine which button pressed in which messsage.

Message id will return with payload of the button to your application in the following format.
"[<messageId>]:<payload>" ( when payloadHidden is false)
"[<messageId>]:<signed payload>" ( when payloadHidden is true)

Response#

Successful API requests return the json object with the answer code http-2XX.

Sample response

{
"recipient_id": "2074022437",
"message_id": "-7523925115459309081"
}