Magento 2 OTP extension is a string of numeric or alphanumeric characters that generates automatically. And it is the most reliable authentication process.
With the help of this module, the admin can integrate OTP (One Time Password) verification feature on the Adobe Commerce store.
Thus, OTP verification can use for the new customer while they are registering on the store, during sign-in, when they want to reset their password, and during the checkout process.
Watch the below video tutorial to understand the extension workflow:
OTP (One Time Password) Extension Features
- Admin can configure to enable/disable the OTP module.
- Admin can set OTP Expiry duration.
- One Time Password verification of the customers at the time of registration.
- Admin can enable/disable OTP verification of the customers at the time of checkout.
- The admin can select the payment option, for which the customers will verify OTP.
- Admin can set email templates for OTP verification notifications.
- This module supports all Payment Methods.
- The customer cannot reuse the expiration/use OTP.
- The customer receives the Mobile OTP (SMS) on the registered mobile if Twilio Mobile Verification enables otherwise customer receives the OTP on the email address.
- OTP string supports numeric digits only.
- The One Time Password can be resent to the customer.
- The customer can’t use the OTP for cross-customer accounts.
- Need OTP validation on Customer Forget Password
- OTP validation while login as a customer
- Send OTP in an Email in case of mobile OTP failure.
OTP Extension Installation
Customers will get a zip folder then they have to extract the contents of this zip folder on their system.
Once you extract the file you will find an src folder, inside the src folder you have the app folder.
You need to transfer this app folder into the Adobe Commerce root directory on the server as shown below.
After the successful installation, you have to run these commands in the Adobe Commerce Cloud root directory:
composer require twilio/sdk
php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento setup:static-content:deploy
php bin/magento indexer:reindex
php bin/magento cache:flush
Configuration For Multi-Lingual Support
Language Translation
For module translation, navigate to the following path in your system app/code/Webkul/Otp/i18n/en_US.csv.
Open the file named en_US.CSV for editing as shown in the below screenshot.
Then replace the words after the comma(,) on the right in the file with your translated words.
After editing and translating the CSV file, you need to save the translated file name according to your region language and country code such as – de_DE.CSV.
Henceforth by uploading the translated file to the same folder from where you have obtained it. Now your module translation is complete.
OTP Module configuration
To do the module configuration in the admin panel, please navigate through Stores>Configuration>Webkul>One Time Password(OTP).
Thus, the following options will appear for doing module configuration:
One time password
- Enable Module on Frontend – Select the “YES” option to enable the module on the front end or else select “NO“.
- OTP Validation On New Customer Registration – Select the “YES” option to enable OTP verification for the new customer at the time of registration or else select “NO“.
- Need Otp Validation On Customer Login – Select the “Yes” option to enable Otp validation on customer login or else select “No“.
- Need OTP Validation On Customer Forget Password – Select the “YES” option to enable OTP verification for the customer at the time of the customer forgetting a password or else select “NO“.
- Need OTP Validation On Checkout – Select the “YES” option for enabling OTP validation during the checkout or else select “NO“.
- Add Payment methods for OTP Validations – Admin can select for which payment method, he/she wants to enable the OTP verification.
- OTP Expiry – Admin can set expiry time in seconds and between range [60 – 300] else automatically 60 will be taken.
- Resend OTP Time: The admin can set a OTP resend time here between the 30-60 range. If the field is left empty, 30 seconds will be set automatically.
- Dial Code Cache Time: This field is to set the time to cache the api response for dial codes.
Also, if you want to provide OTP authentication before a customer logs in or signs up in your store then check the Magento 2 Firebase OTP Login extension for the Magento 2 store.
OTP email settings
- Select OTP Notification Template – Select the OTP notification template that will be sent to the new customer during REGISTRATION.
- Select OTP Notification Template – Select the OTP notification template that will be sent to the customer at the time of CHECKOUT.
Twilio Auth
“Twilio” is a communications platform for sending and receiving text messages using it’s web service APIs.
The admin can signup for the Twilio services and register to the Twilio. To register, the admin can visit Twilio then click on the signup button.
Here, the admin can fill the required feild as shown in the image below-
Now, from the Twilio account, the admin can access the information which will be required in the admin dashboard.
So, using the Twilio, the admin can enable the Mobile OTP. To enable this, the admin has to enter the Auth Id, Token, and message. The store owner can generate these login credentials from Twilio.
- Enable Mobile Verification – Select the “YES” option to send the Mobile OTP (SMS) or else select “NO” to send the OTP through the email.
- Send OTP Email in Failure – When selected “Yes” OTP will be sent via email in the failure of the SMS.
- Auth ID – The admin has to enter Auth ID from Twilio
- Token – The admin has to enter the Token generated from the Twilio.
- Message – In the message section the admin can enter the message format for the OTP
- Sender number – Here admin has to enter his Twilio auth registration number.
- Send OTP Via– Here admin can select the means of sending OTP.
Now, Admin can click Save Config to apply your changes.
Thus, there are three scenarios to receive OTP-
- Through E-mail
- On Mobile Number (SMS)
- Both
One Time Password Generation (new registration)- Through E-mail
OTP will be sent via email only if, In the Twilio auth section in the OTP module, the admin disables the Mobile Verification.
So, if the admin enables the module and “Need OTP Validation On New Customer Registration” is set to “YES”, the customer will receive the OTP in the email.
The customer’s email id receives the OTP, as shown in the image below.
However, the OTP pop box appears, as shown in the image below.
After entering the correct OTP, the customer needs to click on the submit button for the completion of the process.
So, in case the OTP is filled incorrectly, the following image will be displayed.
One Time Password Generation (during checkout)- Through E-mail
The customer will receive the OTP via E-mail only if in the Twilio auth section admin disables the Mobile Verification.
Hence, the “Need OTP Validation On Checkout” is set to “YES”.
When a customer adds the product to the cart and desired payment method selected and the “Place Order” button click the OTP pop-up box will appear on the store, as shown below.
Thus, the registered mail id will get the OTP, as shown in the image below.
After the entering correct OTP, the submit button should be clicked for the completion of the process.
However, entering the invalid OTP will generate an error message.
NOTE: The customer can use the OTP for a single time only.
Also, if you want One Step or Single Page Checkout that can impressively decrease the shopping cart abandonment & checkout time then you must check Magento 2 Checkout Extension.
One Time Password Generation (during sign-in)- Through E-mail
OTP will also be sent when signing in to the account.
It will ask the customer to enter the OTP to sign-in. The customer will receive the OTP to their registered email id or mobile number configures by the admin.
The customer will receive the OTP in their mail and that can use to login to their account.
One Time Password Generation (if forget the password)-Through E-mail
To recover the password using the “forget password” option, the customer can reset the password by verifying the OTP.
The customer will receive the OTP to their registered email or mobile number as per the configuration of the module.
After filling the details like email, captcha code, the customer can click on the “Reset My Password.”
Now the customer will receive the OTP that will be used to verify and get the link to change the password.
Now the customer will receive the OTP in their email address and it can be used to validate and process further to receive the password reset link.
After successfully validating the link the customer will receive the link to reset their password.
One Time Password Generation(new registration)- Through Mobile
The customer will receive the OTP in form of SMS on Mobile only if in the Twilio auth section the Mobile Verification enables by the admin.
So, if the admin enables the module and “Need OTP Validation On New Customer Registration” is set to “YES”, the customer will receive the OTP (SMS) in the mobile.
Thus, the customer receives the OTP (SMS) on the mobile, as shown in the image below.

And OTP pop box appears, as shown in the image below.
After entering the correct OTP, the customer needs to click on the submit button for the completion of the process.
So, if in case the OTP is filled incorrectly, the following image will be displayed.
One Time Password Generation (during checkout)- Through Mobile
If- In the Twilio auth section in the OTP module, the admin enables the Mobile Verification option, the customer will receive the OTP in mobile-only.
Hence, if the “Need OTP Validation On Checkout” is set to “YES”.
So, the customer will receive the OTP (SMS) when the product is added to the cart and the customer selects the payment method. Now, click the “Place Order” button.
Hence, the OTP pop-up box will appear in the store, as shown below.
The registered mobile will receive the OTP via SMS, as shown in the image below.

After entering the correct OTP, the submit button should be clicked for the completion of the process. However, the customer will be redirected to the thank you page.
Thus, entering the invalid OTP will generate the error message.
This Module offers the store owner an additional layer of security to prevent false order placement and prevents false customer registration over the online store.
Hence, it offers a unique OTP code for a specific duration for each validation process.
The OTP strings are auto-generated and mailed to the customers over the registered mail address or send through the SMS on their mobile.
NOTE: The customer can use the OTP for a single time only.
One Time Password Generation (during sign-in)- Through Mobile
The customer can generate the One Time Password through mobile during the sign-in process and can sign in after entering the OTP as shown in the image.
One Time Password Generation(if forget the password)-Through Mobile
As per the configuration, customers can now reset their password after entering the One Time Password that is sent to their mobile.
after entering the OTP customer can reset the password easily.
One Time Password Generation(New-Registration)-Through both
In this scenario, the customer will receive the OTP to their registered email as well as through SMS on their mobile number at the time of their registration.
One Time Password Generation (During Checkout)-Through both
The customer will receive the OTP during checkout to their registered email address and through SMS on their registered mobile number.
One Time Password Generation (During Sign-in)-Through both
At the time of login, customers will receive the OTP through SMS on their mobile number and their registered email address also.
One Time Password Generation (if forget the password)-Through both
In this case, the customer will receive the OTP to their registered email address as well as on their mobile number through SMS if they forget their password.
So, that’s all for the One Time Password(OTP) Module for Magento 2. Still, if you have any issues, feel free to add a ticket at webkul.uvdesk.com.
Current Product Version - 5.0.3-p1
Supported Framework Version - Magento 2.0.x, 2.1.x, 2.2.x,2.3.x, 2.4.x
8 comments
Greetings of the day!
We have created a ticket related to your query 444825. Our support team will contact you soon to assist you with this query.
Thanks & Regards
Team Webkul
Can you please name the telecom company? so that we can assist you in a better way. Also, you can mail us your requirement at [email protected].
Thanks,
Webkul Team.
The customer receives OTP on the registered email address only, but if you wish to have the OTP feature for mobile as well, it can be customized.
Thanks
Greetings for the day!
We have provided an update via which the customer will be able to get the OTP SMS on their registered mobile number if Twilio Mobile Verification is enabled. You can mail us at [email protected] and we will share you the updated module.
Regards
Team Webkul