Automate OTP verification via email

Updated by Aishwarya Rai

An application may require the user to authenticate their identity via a One-Time Password (OTP) received on their email. This is often used when the application needs to authenticate a user for a single transaction or login session, for example.

Sofy can help you test & automate the OTP verification process for your application and capture information from an email using Sofy’s API feature. Via Sofy, you can not just fetch the exact email which contains your OTP but using the Regex feature of the API step, you can extract the precise OTP too, and thereby automate the entire verification process.

Here's how you can automate the OTP verification from an email via Sofy:

  1. Start recording a test scenario & click on the API icon towards the bottom of the Action Bar:
  2. For demonstrative purposes, we will use the Mailinator APIs here to extract information from an email which contains the OTP via a two-step process. You may have your own set of APIs that return the OTP for your App.
    • Step 1: Get Message ID from Inbox - We'll use the Mailinator Message API to get the most recent messages from the inbox.  
    • Step 2: Get Email using Message ID - We’ll use the Mailinator Fetch Message API to retrieve the specific email and extract the OTP from it.
  3. After clicking on the API Step icon, you will see the following modal where you can ask Sofy to send a GET request at the URL of your email client and fetch the latest emails for you.

  1. For example, here, we are sending a GET request at a Mailinator URL for retrieving the most recent email from the mailbox - (Note that, we first sort all the received emails in descending order, and set the limit to 1 to retrieve only the most recent email from the sorted list).
    Once you update the header with the authorization token and click on Send, the response will be populated as shown here:
  1. If you expand the details contained within the Response received, you can locate the id of the email message as shown below:

  1. You can then click on the '+' icon next to the id of the email to create a variable for it (in our case, we call this variable as "message_id") :

  1. After creating the test variable, message_id, and saving its value, click on the API step icon again to retrieve the message and create a test variable for the OTP code. Follow the steps below:
  2. In the API modal which appears, you can send a GET request to retrieve email message body (which contains the OTP) by instructing Sofy to fetch the email message using the message_id variable that was saved earlier. We will add the message_id as a path variable. For example, we first enter the URL ( ):

  1. ... and then click on the Path Variables tab and on the on Add new option:

  1. You can select the name of the test variable containing the email message from the dropdown (in our case, "message_id") and click on the checkmark icon to enable it:

  1. Next, click on the Query Params tab & click on Add new option:

  1. You can then specify the details of the authentication token as shown here and send the GET request:

  1. Upon receiving the response, you can expand the details contained within it to view the body of the email and over this email body, you can click on the '+' sign & declare a test variable for it:

  1. At this step, you can also define a regex over this email body to extract just the OTP from it:

  1. In the end, you can click on the Add API Step button of the modal and will be able to see the 2 API steps working in conjunction to retrieve the latest email (containing the OTP) from your email client and also extract the OTP from it.

How did we do?