System design interview #fyp #explore #tech #learn #viral #shorts #trending #subscribe #like

Answer:
When you request an OTP in an app (banking, login, etc.), the process usually looks like this:
1️⃣ User Requests OTP
You enter your phone number and click “Send OTP”.
The app sends an API request to the backend server.
2️⃣ OTP Generation
The backend generates a random numeric code (usually 4–6 digits).
Example:
OTP = 482931
It stores this in a database or cache with:
phone number
OTP
expiration time (usually 30-120 seconds)
Many companies store it in in-memory cache like Redis for faster lookup.
3️⃣ OTP Sent via SMS Gateway
The backend sends the OTP to an SMS gateway provider.
Example providers include:
Twilio
MSG91
AWS SNS service
These providers connect with telecom operators like:
Jio
Airtel
Maxx,starhub,simba
Then the SMS is delivered to your phone.
4️⃣ User Enters OTP
You type the OTP in the app.
Another API call is sent:
POST /verify-otp
{
phoneNumber: +91XXXXXXXXXX
otp: 482931
}
5️⃣ OTP Validation
Server checks:
✔ OTP matches
✔ Not expired
✔ Attempts limit not exceeded
If valid → user is authenticated.
.
Security Controls:
Rate Limiting
Prevent spam OTP requests.
Example:
Max 3 OTP requests per minute
Often implemented using API gateways like Kong or NGINX.
OTP Expiry
Usually:
30-120 seconds
Attempt Limit
Example:
Max 5 wrong attempts
After that account gets temporarily locked.
.
If any one layer is slow, OTP delivery delays.
Interview ready:
When a user requests an OTP, the backend generates a random code and stores it with an expiry time in a fast cache like Redis. The system then sends the OTP through an SMS gateway like Twilio, which routes the message via telecom operators to the user’s phone. When the user enters the OTP, the server validates it against the stored value, checks expiry and attempt limits, and then authenticates the user.
.
#fyp #explore #trending #viral #tech

Видео System design interview #fyp #explore #tech #learn #viral #shorts #trending #subscribe #like канала Black Cask