Set up an additional layer of protection through OTP authentication for your customers’ transactions in the bot builder. You can configure OTP as a service that can authenticate users and will act as a validation mechanism for certain actions in the bot flow. 


For example, in a typical e-commerce company, customers will contact support for checking the status of their order, cancel an order, etc. An OTP authentication can be set up in the bot flow to make sure these transactions are done securely.


Setting up OTP in the bot builder:

  • Navigate to Bots > Choose your chatbot > Settings > Authentication > Toggle OTP to on


Note: If the OTP toggle is grayed out, you will need to create a new draft version of your bot flow. You can't configure the published version of your bot.



Once you Toggle OTPs to on, you can set up the following configurations:

  • OTP channel: You can send OTPs via SMS or email. 
  • Retry limit: The maximum number of times a user can try to re-enter the OTP (up to five times).
  • Resend limit: The maximum no. of times a user can request an OTP (up to five times).
  • Fallback option: for the user to go to in case the authentication fails 
    • For eg, you can take the user to the ‘My Orders’ page if the OTP fails while they are trying to cancel an order 
  • Business name: This is the name that will be displayed when the user receives an OTP via SMS or Email
  • Click Save



You can now start using the configured OTP authentication in your bot flows.


Setting up OTP in bot flows


Note: You can only disable the OTP authentication if you have not used the OTP response type in your bot flows.


Once you have configured OTP under Settings, it will be available as an option when you’re setting up your bot flows. You can simply choose OTP from the ‘Get Response’ dropdown to trigger it when your customers interact with that flow.



Let’s say you want to trigger an OTP when the customer says, ‘I want to cancel my order’. Before displaying the order details, you can have the bot trigger an OTP to confirm the customer's identity. 


Notes:
1. A default system generated dialog will be sent to the customer to fetch their email ID/phone number when they try to generate OTP for the first time with the bot.

2. The Response Type for OTP dialog cannot be made Private.

3. Conditions cannot be added to the dialog that has OTP as Response Type.