Verification code via SMS
Last updated: August 11, 2025
The Verification code via SMS Login module enables customers to log in to the mobile application using their mobile number and a one-time password (OTP) sent via SMS.
Getting Started
Implementing OTP login requires an account with a supported SMS provider.
Supported SMS Providers:
The app integrates directly with specific SMS providers to send OTPs. The supported providers are:
Trustsignal
MSG91
ValueFirst
Kwikpass
Requirements for Enabling SMS OTP Login:
To enable SMS OTP login, specific details from the chosen SMS provider are required:
API Key.
Sender ID
Template ID
DLT ID
An approved message template with one OTP variable (e.g., {{OTP}} or {#var#}) is also necessary.
The OTP login flow is designed to provide a seamless and secure login experience across different user scenarios without prior knowledge of whether the user is new or existing. The app integrates with supported SMS providers to send the one-time password.
Here's a breakdown of the typical flow:
For Existing Users:
If a user has an existing account already linked to a phone number, they can log in directly using OTP in one step.
If a user has an existing account but does not have a phone number linked, they will be prompted to verify their email to securely link it with their mobile number. This email verification step is required to prevent linking to someone else's account. Once the phone number is successfully mapped to an email, they can sign in easily using their mobile number on subsequent logins.
For New Users:
Users without any existing account are able to create a new account and complete onboarding in the same flow.
A tested flow for a completely new number and email goes through these steps:
Phone OTP + Verification.
Email add.
First & Last Name add.
The "create account" flow can be entirely removed, as the OTP flow itself handles account creation for users who don't exist in the database by prompting them for necessary details like email and name after phone verification.
The mobile number used for OTP login is typically read from the contact information in the customer account, but it can also be enabled to read from the shipping information.
Once OTP login is enabled, it is the intended primary login method. There is a recommendation to disable email/password login for non-Shopify Plus stores to improve the experience, as Shopify might reset the password on website OTP login, causing issues in the app. The mobile OTP method is generally recommended for a smoother experience.
Setup Instructions
To enable SMS OTP login for your app, you will need to have an active account with a supported SMS provider.
Merchants also need to ensure they have completed their DLT (Distributed Ledger Technology) registration and have an approved message template with at least one variable for the OTP. SMS providers can typically assist with the DLT registration process.
Once your account with a provider is set up, you will need to share specific credentials for Appbrew to enable the OTP login:
For Trustsignal:
API Key
Sender ID
Message content (including the OTP variable, e.g., {{OTP}} or {#var#})
DLT Template ID
DLT ID
For MSG91:
Authkey
Sender id
Message
DLT Template ID
DLT ID
For ValueFirst:
API Key
Sender Id
Message (including the OTP variable)
FAQ & Troubleshooting
Here are common issues and troubleshooting steps -
1. OTP Not Being Received
Problem: Users are not receiving the SMS containing the OTP, even though the system's API response might indicate that the SMS was sent successfully. This has been reported during internal testing and by customers.
Possible Causes & Troubleshooting:
Incorrect SMS Provider Details/Configuration: It's crucial to double-check all details related to the SMS provider (such as API Key, Sender ID, Template ID, Message content) that were shared for the setup. Verify if any configurations need to be updated.
Incorrect Message Content Format: The SMS might fail to send with a "TEMPLATE_NOT_MATCHED" error if the correct content format, including the OTP variable (e.g., {#var#}, {{OTP}}, or ##var1##), is not passed correctly. Referencing provided examples of valid message formats can help.
Insufficient Credits: A "credits exhausted" error can prevent OTP delivery. Ensuring the account has sufficient credits is necessary. Adding credits to the account has resolved this issue.
Temporary Issue with Provider: Sometimes, the issue might be temporary. Verifying details from the SMS provider's dashboard and potentially sharing screenshots of the Auth key can help diagnose problems.
Device-Specific Issues: In some instances, the SMS might not be received on a specific device. Checking if the issue occurs on other devices can help determine if it's a widespread problem or isolated to a particular device.
2. "Unidentified Customer" Error During Login
Problem: Users encounter an "Unidentified Customer" error when attempting to log in. This has been observed when trying to log in via email/password after a prior successful mobile number login.
Possible Causes & Troubleshooting:
The error can occur if an account has not been created yet for that user.
Verify the credentials by trying to log in on the website. If successful on the website but not the app, suggest clearing the app's cache or reinstalling.
Ensure the login details entered are precisely correct.
Issues with the mapping between the mobile number and email can cause this. If a user logs in with a mobile number and later tries to use email/password, the email might not be correctly mapped in the backend, leading to login issues.
Sometimes, a typo when adding an email after mobile OTP verification can create a separate account, leading to the original order not being visible and potentially login issues. The resolution involves logging in with the correct mobile number and updating the email in the account details. The error message has been updated from "Unidentified user" to clarify if the email or password is incorrect.
4. Email OTP Not Received When Prompted After Mobile OTP
Problem: For certain scenarios, like when a user's mobile number exists but no email is linked (or vice versa), the flow prompts for email verification using Email OTP. However, users are not receiving this Email OTP. This is described as an expected behavior for these specific user data scenarios, but the failure to receive the email is the issue. The email OTP option might also appear intermittently even if it's meant to be disabled.
Possible Causes & Troubleshooting:
The issue might lie with the email provider.
Specific email addresses may have trouble receiving the OTP.
To address this, a backup email service has been implemented by Appbrew, which is triggered when the user clicks the 'retry' option. This backup service has been reported to fix the issue in some cases.
5. Shopify Password Reset Triggered (Non-Shopify Plus)
Problem: For stores not on Shopify Plus, using OTP login on the website can trigger Shopify's "Reset Password" API, potentially leading to errors or blocks if done too frequently.
Possible Causes & Troubleshooting:
This is a specific behavior for non-Shopify Plus stores as a workaround.
To mitigate this, it's recommended to enable OTP login on the app.
Disabling the standard email/password login on the app and relying solely on OTP login is also suggested for a smoother experience.
6. Delay After Entering OTP
Problem: After a user enters the OTP, there is a noticeable delay before the login is completed.
Possible Causes & Troubleshooting:
The time taken for authentication after OTP entry is heavily dependent on the response time of the Shopify API being used. There are limitations on how much this can be optimized by the app.
With the integration of KwikPass, the response time would then depend on the KwikPass system.
When encountering any of these issues, providing detailed information such as the mobile number/email used, device details, screenshots, or screen recordings can significantly help in diagnosing and resolving the problem.