Documentation
Log InRequest Live Demo

Creating OTP Configurations

Learn how to create and manage OTP configurations in TextPeak, including channel setup, rate limits, failover order, and recording themes.

This article walks you through creating an OTP configuration in TextPeak.

To create a new configuration:

  1. Log in to TextPeak in your browser.
  2. Click OTP Service in the main menu on the left.
  3. Click Create configuration in the top-right corner.
  1. The Untitled configuration page opens with four tabs: General, Security, Channels, and Failover chain.
📘

NOTE

A warning badge on a tab means it has required fields to fill in. Complete each tab and click Save to save all tabs as a single configuration.

General tab

The General tab covers identity and code-generation behavior.

Identity

  • Name: enter a meaningful name (for example, Login OTP).
  • Key: enter a unique key used to address this configuration in API requests (for example, login).
  • Set as default configuration: select this checkbox to use this configuration when API requests don't specify a key.

Optionally, check the corresponding checkbox to set the identity as a default configuration.

IP ACL

Optionally, restrict API access by entering a comma-separated list of IP ranges in CIDR notation (for example, 0.0.0.0/0, 10.0.0.0/8).

Code generation

Choose who generates the OTP code and how it's substituted into templates:

  • Generate on our side: TextPeak creates the code and substitutes [code] into your templates. (Note: "Generate on our side" is the exact in-product label. Flag to product team for future rename to "Generate on TextPeak's side".)
  • Customer provides code: you pass the code in template_variables.code per the OTP contract.
  • Customer provides full text: no code template substitution; you provide the full message body.

When Generate on our side is selected, configure the following:

  • Code length: number of digits in the OTP code (default: 5).
  • TTL: code time-to-live in seconds (default: 300).
  • Max failures: number of incorrect verification attempts allowed before the code is disabled (default: 5).
  • Include generated code in the API response: select this checkbox to return the generated code in your API response. Use with caution; the code shouldn't leave a trusted server boundary.

Click Next to continue.

Security tab

The Security tab caps re-send attempts to prevent abuse of the send endpoint.

Configure the rate limits:

  • Max per phone number: maximum requests allowed per phone number within the rate-limit window (for example, 10).
  • Max per client IP: maximum requests allowed per client IP within the rate-limit window (for example, 30).
  • Max per MCC/MNC: maximum requests allowed per Mobile Country Code or Mobile Network Code within the rate-limit window. Use this to throttle abuse from specific countries or carriers.
  • Rate-limit window: the time frame, in minutes, in which requests are counted (for example, 30).

Click Next to continue.

Channels tab

The Channels tab provides three channel cards: SMS, WhatsApp Business, and Voice, each with its own toggle.

Turn on the channels you want to use and configure each one. A channel card shows Incomplete until all its required fields are filled, at which point it switches to Complete.

SMS channel

Turn on the SMS toggle and configure:

  • Stream: select your transactional SMS stream. To create one, see [Creating Transactional Streams](doc: creating-transactional-streams).

  • Default sender: select the sender used for outbound messages.

  • Templates: click + Add template and, for each template, enter:

    a. A template name (for example, otp_register).

    b. The message body. Each template body must contain [code] as a placeholder for the OTP code. The form shows a live character count and SMS segment count below the body.

Select the radio button on the template you want as the default for this channel.

👍

TIP

Use the green/blue tag icons next to the body field to insert dynamic placeholders.

WhatsApp Business channel

Turn on the WhatsApp Business toggle and configure:

  • Stream: select your WhatsApp stream.
  • Default sender: select the WhatsApp sender used for outbound messages.
  • Templates: pick from your Meta-approved authentication templates. Use the search field to filter by name. Selected templates show a checkmark. Non-selected templates appear under OTHER TEMPLATES.
  • Default template: select the template to use as the default for this channel.
❗️

IMPORTANT

WhatsApp OTPs require authentication-type templates. If you don't have one yet, create one in your Meta Business account before configuring this channel. For details, see Managing WhatsApp Templates .

Voice channel

Turn on the Voice toggle and configure:

  • Stream: select your voice stream. To create one, see Creating Voice Streams .
  • Audio replay attempts: set the number of times the message is replayed if the recipient doesn't respond (for example, 3). Use this to reduce bot pickups.
  • Collect DTMF for verification: turn on to require the recipient to type the OTP back on their keypad to confirm. DTMF (dual-tone multi-frequency) is the touch-tone signal a phone keypad makes.

Recording themes

A recording theme bundles a language, a voice, and recorded prompt slots. Every voice channel has a default theme, and you can add more languages or voices with + Add theme.

Each theme has four prompt slots:

  • Welcome: played when the call connects.
  • DTMF: asks the caller to enter the code on the keypad.
  • DTMF failed: played when the entered code is incorrect.
  • Replay: offers to repeat the code.

For each slot, choose between TTS (text-to-speech) and Upload (your own audio file):

  • TTS: enter the prompt text in the field. Use the Generate button to render the audio, then Preview to play it.
  • Upload: upload your own recording.

Click Next to continue.

Failover chain tab

The Failover chain tab defines the delivery order across enabled channels. TextPeak attempts delivery top-to-bottom until one channel succeeds or the chain is exhausted.

Drag each channel up or down to set its priority. Each row shows the channel name, the configured stream, and a summary (number of templates for SMS and WhatsApp, number of recording themes for Voice).

When every tab shows no warning badge, click Save to create the configuration. The new configuration appears at the top of the Omnichannel OTP Configurations table.


👍

TIP

You can override the failover chain on a per-request basis by specifying a channel directly in your API call.

Managing OTP configurations

To edit, deactivate, or delete a configuration:

  1. On the Omnichannel OTP Configurations page, find your configuration in the table.
  2. Use the Active toggle in the row to enable or disable the configuration without deleting it.
  3. Click the three-dot icon in the Actions column to show and copy or reset the token for configuration, edit, or delete it.
  • To show and copy or reset the configuration token, select Show token, then click to copy it.
  • To edit the configuration, click the three-dot menu icon and select Edit. Then, make the needed changes and save them.
  • To reset the token for this configuration, click Reset token. In the popup window click to confirm the action and click Copy token to save your new token.
  • To remove the configuration from your account, click the three-dot menu icon and select Delete; then confirm the operation.

Updated 6 days ago