This guide shows how to implement SMS OTP for MFA. You can follow the same approach for step-up auth or adaptive MFA.
Configure SMS OTP in the Authsignal Portal
- Navigate to the Authenticators section and click Manage SMS OTP.
- Choose and set up an SMS Provider you want to use in the next screen. Then click Connect Account.

Grab your Authsignal credentials
Head to Settings and grab your Tenant ID, API URL and API secret key. Add them as environment variables in your project:Implementation
1. Backend - Track an action
When a user performs an action that requires authentication, your backend should track the action. You can use our Server SDK or Server API to track the action. The code snippets in this guide references the SDKs.Learn more about the different action outcomes.
2. Frontend - Challenge the user
If the action state isCHALLENGE_REQUIRED
, proceed with the SMS OTP challenge using either our Web SDK, Mobile SDKs or Client API.
3. Backend - Validate the challenge
After the user completes the challenge, validate the token on your backend:Use WhatsApp as a fallback
WhatsApp can be used as a cost-effective fallback option for SMS delivery, helping reduce messaging costs while maintaining reliable OTP delivery. You can configure it in the Authsignal Portal.- Navigate to the Authenticators section and click Manage SMS OTP.
- Scroll down to WhatsApp for Business and enter your WhatsApp Channel ID and Project ID. Then click Connect WhatsApp.

Next steps
- Adaptive MFA - Set up smart rules to trigger authentication based on risk
- Email OTP - Add email-based OTP codes as an alternative method
- Email magic link - Implement passwordless email authentication
- Passkeys - Offer the most secure and user-friendly passwordless authentication