Automate OTP verification via text message

Updated by Aishwarya Rai

An application may require the user to authenticate their identity via a One-Time Password (OTP) received via a text message / SMS. This is often used when the application needs to authenticate a user for a single transaction or login session, for example.

Sofy can help you test & automate the OTP verification process for your application and capture information from a text message by using Sofy’s API feature. Via Sofy, you can not just fetch the exact text message which contains the OTP but using the Regex feature of the API step, you can extract the precise OTP too, and thereby automate the entire verification process.

Here's how you can automate the OTP verification from a text message via Sofy:

  1. Start recording a test scenario & click on the API icon towards the bottom of the Action Bar:
  1. For demonstrative purposes, we will use the Twilio APIs here to extract information from a text message which contains the OTP. You may have your own set of APIs that return the OTP for your App.
    To extract information from text message, we will use Twilio’s messaging service API
  2. After clicking on the API Step icon, you will see the following modal where you can ask Sofy to send a GET request at the URL of your messaging client and fetch the latest text messages for you.

  1. For example, in this example, we are sending a GET request at a Twilio URL for retrieving the most recent text message from the inbox - https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Messages.json? (Note that, we first sort all the received messages in descending order, and then retrieve only the most recent message from the sorted list).
    1. In the above URL, you can obtain the Account SID and Access Token required to make the request from your Twilio console page:

  1. You should also populate the header with the authorization token as shown here:

  1. Once you update the header with the authorization token and click on Send, the response will be populated as shown here:

  1. Upon receiving the response, you can expand the details contained within it to view the body of the text message:

... and over this message body, you can click on the '+' sign to declare a test variable for it:

  1. Finally, to extract just the OTP out of the message body, you can define a regex for it as shown here and once done, click on the Add API Step button:

How did we do?