One-Time Passwords

A one-time password (OTP) is an auto-generated numeric or alphanumeric string that authenticates a user for a single transaction or login session.

OTPs improve the user experience by allowing users to login without a password. They also act well as a second authentication layer for unverified users to pass before accessing an account.

Here at ReachFive, we offer two ways to implement OTPs:

Setup passwordless email template

To use a passwordless approach with email, you need to configure the passwordless template via the ReachFive Console.

Prerequisites

  • You must have access to the ReachFive Console.

  • You must have a Developer, Manager, or Administrator role.

Instructions

  1. Go to Settings  Passwordless  Email magic link.

  2. Enter the sender email in the From field.

  3. Write a Subject line in Subject field.

    You can use liquid templating language here.

  4. Enter the redirect URL in the Redirect to field.

    This is where users will be taken after clicking the generated magic link in the message.

  5. Specify the Link Lifetime (seconds).

  6. Write your Message.

The following templating variables are available:

{{link}}

This is the generated magic link (hosted by ReachFive that redirects to the specified URL).

{{verification_code}}

This is the generated verification code sent by email.

{{user.email}}

The user’s email address.

{{user.given_name}}

The user’s given name (first name).

example

Nicole Dubois

{{user.family_name}}

The user’s family name (last name, surname).

example

Nicole Dubois

Setup passwordless SMS template

To use a passwordless approach with SMS, you need to configure the passwordless SMS template via the ReachFive Console.

We only activate the passwordless SMS feature if you must have a unique phone number per use as OTP via SMS is a less secure approach.

Prerequisites

  • You must have access to the ReachFive Console.

  • You must have a Developer, Manager, or Administrator role.

Instructions

  1. Go to Settings  Passwordless  SMS verification code.

  2. Enter the Verification Code Lifetime in seconds.

  3. Write your Message.

The following templating variables are available:

{{verification_code}}

This is the generated verification code sent by SMS.

{{user.email}}

The user’s email address.

{{user.phone_number}}

The mobile number of the user receiving the message.

{{user.given_name}}

The user’s given name (first name).

example

Nicole Dubois

{{user.family_name}}

The user’s family name (last name, surname).

example

Nicole Dubois

You can embed magic links where needed using the Management API. With this approach, you create the magic link as needed and embed that link where it suits.

  1. Create the magic link with the /magic-link endpoint.

    Successful responses provide the generated magic link like so:

    {
  "magic_link": "https://MAGIC_LINK?c=c&t=kas£kl0"
}

  2. Embed the magic link where it suits your campaign or project need.