Trending +138% · 170 searches/mo

Send one-time passwords by SMS

Add SMS-based OTP to your app in minutes. A real UK number, a simple REST API, and delivery receipts — everything you need for 2FA, phone verification, and secure login flows.

OTP demo

Enter a mobile number and we'll show you what a real OTP SMS looks like — no account needed.

Demo only · No real SMS sent

From £1.70/mo · 1p per SMS · No contracts

How to send OTP by SMS

Integrate SMS OTP into your app in three steps.

1

Get a UK number and API key

Sign up, choose a UK mobile number, and grab your API key from the dashboard. Active in under 3 minutes — no provisioning queue.

2

Generate and send the OTP

In your backend, generate a cryptographically random 6-digit code, store it with an expiry, then POST to the Line API to send it as an SMS.

3

Verify on your server

When the user submits the code, compare it to the stored value server-side. Invalidate on first use. Handle retries and expiry in your logic.

OTP security best practices

Follow these guidelines to build a secure SMS OTP implementation.

Use cryptographically random codes

Generate codes using a CSPRNG (e.g. crypto.randomInt in Node.js or secrets.randbelow in Python). Never use Math.random() — it is not cryptographically secure and can be predicted.

Set a short expiry (5–10 minutes)

Store the code server-side with an expiry timestamp. Reject codes submitted after expiry. A 10-minute window is standard for login flows; use 5 minutes for high-security transactions.

Invalidate on first use

Mark the code as used the moment it is successfully verified. Prevent replay attacks by refusing any subsequent verification of the same code, even if still within the expiry window.

Rate-limit submission attempts

Lock the verification flow after 3–5 failed attempts per code. Without rate limiting, short numeric codes are vulnerable to brute-force — 1,000,000 combinations is low for automated tooling.

OTP SMS use cases for web apps, mobile apps, and SaaS.

Any user action that requires identity confirmation is a candidate for SMS OTP.

Two-factor authentication

Add SMS-based 2FA to your web app or mobile app. Users enter their number at login and receive an OTP to verify their identity.

Phone number verification

Verify phone numbers at sign-up by sending an OTP. Reduces fake accounts and ensures your user database contains real, reachable numbers.

Transaction confirmation

Require OTP confirmation for high-value actions — bank transfers, large purchases, account changes — adding a second layer of security.

Password reset

Offer SMS-based password reset as an alternative to email. An OTP to the registered mobile confirms identity before allowing a reset.

Everything included in your OTP SMS service

A complete OTP delivery stack — real UK numbers, fast delivery, and delivery confirmation.

Instant delivery
OTP codes reach the handset in seconds. Low latency delivery keeps your login flows fast and reduces user drop-off.
Delivery receipts
Know whether the OTP was delivered before prompting the user to re-enter. Delivery status webhooks fire the moment a carrier confirms receipt.
Real UK numbers
Send OTP from a dedicated UK mobile number. Recognised UK numbers have higher open rates than shared short codes or unknown sender IDs.
Secure by design
No logs of OTP values stored by Line. Your code generation logic stays in your system — Line handles the delivery layer only.
Simple REST API
A single POST request to send an OTP. Works with any language or framework. Full SDK support for Node.js, Python, PHP, and Ruby.
Virtual number for OTP
Use a virtual UK number dedicated to OTP flows — no SIM card, no hardware, fully programmable via API.

OTP SMS FAQ

Common questions about one-time passwords via text message.

What is OTP SMS?

OTP SMS (one-time password via text) is the practice of sending a short, time-limited numeric code to a user's mobile phone as a second factor of authentication. The user enters the code to prove they have access to the registered number. It's also called SMS 2FA or text OTP.

How do I send a one-time password via SMS?

With Line: generate a random 6-digit code in your backend, store it with an expiry timestamp, then POST to the Line /v1/sms endpoint with the recipient's number and the code as the message body. When the user submits the code, verify it server-side and invalidate it on first use.

Can I use a virtual number for OTP?

Yes. A virtual UK number from Line works perfectly for OTP delivery. It behaves like a regular UK mobile number — messages arrive on any handset — with no SIM card or hardware required. You control it entirely via API.

Is SMS OTP secure?

SMS OTP is significantly more secure than no second factor. It protects against password breaches by requiring physical access to the registered phone. For high-security applications, consider SIM-swap risks — for most UK SMB use cases, SMS OTP offers an excellent security/usability tradeoff.

Does Line store my OTP codes?

No. Line delivers the message body you send — it does not store or log OTP values. Your code generation and validation logic stays entirely within your application.

How much does OTP SMS cost?

Outbound SMS costs 1p per message. A dedicated UK number costs from £1.70/month. Most OTP flows average one SMS per login — for 1,000 logins/month, that's £10 in message costs plus the number fee.

Add SMS OTP to your app today

Get a UK number, grab your API key, and send your first OTP in under 5 minutes. From £1.70/month — no contracts, no minimum spend.

  • Real UK mobile number for OTP delivery
  • REST API — any language or framework
  • Delivery receipts via webhook
  • 1p per outbound OTP message
  • No OTP values stored by Line
  • Virtual number — no SIM card needed
  • No contracts — cancel anytime
  • Set up in under 5 minutes
Get Started Free

From £1.70/mo. Prices exclude VAT. Full pricing

Also useful: SMS Gateway UK · Virtual SMS number · SMS integrations

OTP SMS | One-Time Password via Text | Line | Line