OTP (One Time Password) is a string of numeric or alphanumeric characters that generates automatically. And it is the most reliable authentication process.
With the help of this module, the admin can integrate OTP (One Time Password) verification feature on the Magento2 store.
Thus, OTP verification can be used for the new customer while they are registering on the store and during the checkout process.
OTP (One Time Password) Extension Features
- Admin can configure to enable/disable the OTP module.
- Admin can set OTP Expiry duration.
- OTP verification of the customers at the time of registration.
- Admin can enable/disable OTP verification of the customers at the time of checkout.
- Payment options can be chosen by the admin, for which the customers will verify OTP.
- Admin can set email templates for OTP verification notification.
- This module supports all Payment Methods.
- The customer cannot reuse the expire/use OTP.
- The customer receives the Mobile OTP (SMS) on the registered mobile if Twilio Mobile Verification is enabled otherwise customer receives the OTP on the email address.
- The OTP string supports numeric digits only.
- The One Time Password can resent to the customer.
- OTP for an account cannot be used for cross customer accounts.
OTP Extension – Use Case
In the default web store, the admin can’t control the customer registration and placing of false orders by customer.
These things may sometimes lead to fraud account creation and wrong order of the product.
Hence, for managing these things, the admin should have a feature to control or check whether the user is an authenticated one or not.
The One Time Password extension places an authentication check on the customer while the registration and while placing an order on the webstore.
Thus, the customer would not be able to register or place an order until the authentication process completes.
OTP Generation (New Registration) – Through Email
OTP Generation (while check out) – Through Email
Received OTP (SMS) – On Email
OTP Generation (New Registration) – Through Mobile
OTP Generation (while check out) – Through Mobile
Received OTP (SMS) – On Mobile
Offers the store owner an additional layer of security to prevent false order placement and prevents false customer registration over the online store. Hence, it offers a unique OTP code for specific duration for each validation process.
The OTP strings are auto-generated and mailed to the customers over the registered mail address or send through the SMS on their mobile.
OTP Extension Installation
Customers will get a zip folder and they have to extract the contents of this zip folder on their system.
So, the extracted folder has an src folder, inside the src folder you have the app folder.
You need to transfer this app folder into the Magento2 root directory on the server as shown below.
After the successful installation, you have to run these commands in the Magento2 root directory:
composer require twilio/sdk
php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento setup:static-content:deploy
After running the commands, you have to flush the cache from the Magento admin panel by navigating through->System->Cache management as shown below.
Configuration For Multi-Lingual Support
For module translation, navigate to the following path in your system app/code/Webkul/OneTimePassword/i18n/en_US.csv.
Open the file named en_US.CSV for editing as shown in the below screenshot.
Then replace the words after the comma(,) on the right in the file with your translated words.
After editing and translating the CSV file, you need to save the translated file name according to your region language and country code such as – de_DE.CSV.
Henceforth by uploading the translated file to the same folder from where you have obtained it. Now your module translation is complete.
OTP(One Time Password) Module configuration
To do the module configuration in the admin panel, please navigate through Stores>Configuration>Webkul>One Time Password(OTP).
Thus, following options will appear for doing module configuration:
One time password
- Enable Module on Frontend – Select the “YES” option to enable the module on the front end or else select “NO“.
- Need OTP Validation On New Customer Registration – Select the “YES” option to enable OTP verification for the new customer at the time of registration or else select “NO“.
- Need OTP Validation On Checkout – Select the “YES” option for enabling OTP validation during the checkout or else select “NO“.
- Add Payment methods for OTP Validations – Admin can select for which payment method, he/she wants to enable the OTP verification.
- OTP Expiry – Admin can set expiry time in seconds and between range [60 – 300] else automatically 60 will be taken.
OTP email settings
- Select OTP Notification Template – Select the OTP notification template that will be sent to the new customer during REGISTRATION.
- Select OTP Notification Template – Select the OTP notification template that will be sent to the customer at the time of CHECKOUT.
“Twilio” is a communications platform for sending and receiving text messages using it’s web service APIs. The admin can signup for the Twilio services and register to the Twilio. To register, the admin can visit Twilio and click on the signup button.
Here, the admin can fill the required filled as shown in the image below-
Now, from the Twilio account, the admin can access the information which will be required in the admin dashboard.
So, using the Twilio, the admin can enable the Mobile OTP. To enable this, the admin has to enter the Auth Id, Token, and message. The store owner can generate these login credentials from Twilio.
- Enable Mobile Verification – Select “YES” option to send the Mobile OTP (SMS) or else select “NO” to send the OTP through the email.
- Auth ID – The admin has to enter Auth ID from twilio
- Token – The admin has to enter the Token generated from the Twilio.
- Message – In the message section the admin can enter the message format for the OTP
- Sender number – Here admin has to enter his twilio auth registration number.
Now, Admin can click Save Config to apply your changes.
Thus, there are two scenarios to receive OTP-
- Through E-mail
- On Mobile Number (SMS)
1. OTP GENERATION (new registration)- Through E-mail
The customer will receive the E-mail OTP only if, In the twilio auth section in the OTP module, Mobile Verification is disabled by the admin.
So, if the admin enables the module and “Need OTP Validation On New Customer Registration” is set to “YES”, the customer will receive the OTP in the email.
The customer’s email id receives the OTP, as shown in the image below.
However, the OTP pop box appears, as shown in the image below.
After entering the correct OTP, customer needs to click on the submit button for completion of the process.
So, in case the OTP is filled incorrect, the following image will be displayed.
OTP GENERATION (during checkout)- through e-mail
The customer will receive the OTP on E-mail only if in Twilio auth section the Mobile Verification is disabled by the admin.
Hence, the “Need OTP Validation On Checkout” is set to “YES”.
When the product is added to the cart and desired payment method is selected and the “Place Order” button is clicked the OTP pop up box will appear on the store, as shown below.
Thus, the registered mail id will get the OTP, as shown in the image below.
After the entering correct OTP, the submit button should be clicked for the completion of the process.
However, entering the invalid OTP will generate the error message.
NOTE: The customer can use the OTP for a single time only.
2. OTP GENERATION (new registration)- Through Mobile
The customer will receive the OTP in form of SMS on Mobile only if in the twilio auth section the Mobile Verification is enabled by the admin.
So, if the admin enables the module and “Need OTP Validation On New Customer Registration” is set to “YES”, the customer will receive the OTP (SMS) in the mobile.
Thus, the customer receives the OTP (SMS) on the mobile, as shown in the image below.
And OTP pop box appears, as shown in the image below.
After entering the correct OTP, the customer needs to click on the submit button for the completion of the process.
So, if in case the OTP is filled incorrect, the following image will be displayed.
OTP GENERATION (during checkout)- through mobile
The customer will receive the OTP in mobile-only if- In the Twilio auth section in the OTP module, the admin enables the Mobile Verification option.
Hence, if the “Need OTP Validation On Checkout” is set to “YES”.
So, the customer will receive the OTP (SMS) when the product is adds to the cart and the customer selects the payment method. Now, click the “Place Order” button.
Henceforth, the registered mobile will receive the OTP via SMS, as shown in the image below.
Hence, the OTP pop up box will appear on the store, as shown below.
After entering the correct OTP, the submit button should be clicked for the completion of the process . However, the customer will be redirected to the thank you page.
Thus, entering the invalid OTP will generate the error message.
NOTE: The customer can use the OTP for a single time only.
So, that’s all for the One Time Password(OTP) Module for Magento 2. Still, if you have any issue, feel free to add a ticket at webkul.uvdesk.com.
Current Product Version - 3.0.0
Supported Framework Version - 2.0.x, 2.1.x, 2.2.x, 2.3.x