This guide shows how to implement email OTP for MFA. You can follow the same approach for step-up auth or adaptive MFA.
Configure email OTP in the Authsignal Portal
- Navigate to the Authenticators section and click Manage Email OTP.
- Choose an email provider you want to use in the next screen. You can choose Authsignal for development purposes, but it’s recommended not to use it in production. Then activate the email OTP.

Grab your Authsignal credentials
Head to Settings and grab your Tenant ID, API URL and API secret key. Add them as environment variables in your project:Implementation
1. Backend - Track an action
When a user performs an action that requires authentication, your backend should track the action. You can use our Server SDK or Server API to track the action. The code snippets in this guide references the SDKs.Learn more about the different action outcomes.
2. Frontend - Challenge the user
If the action state isCHALLENGE_REQUIRED
, proceed with the email OTP challenge using either our Web SDK, Mobile SDKs or Client API.
3. Backend - Validate the challenge
After the user completes the challenge, validate the token on your backend:Next steps
- Adaptive MFA - Set up smart rules to trigger authentication based on risk
- Email magic link - Implement passwordless email authentication
- SMS OTP - Add SMS-based one-time passwords as an alternative method
- Passkeys - Offer the most secure and user-friendly passwordless authentication