Open source on GitHub Star us

Secure OTP Relay for AI Agents

Help your AI agents receive verification codes securely. End-to-end encrypted. User approved. Auto-deleted after use. Never give your agent direct access to SMS or email again.

View on GitHubDocumentation
E2E Encrypted
SMS & Email
Self-hostable

Security First

OTP relay designed for AI agents

Your agents need verification codes. You need security and control. Agent OTP bridges the gap with end-to-end encryption and user approval.

End-to-End Encrypted

OTPs are encrypted on your device with the agent's public key. Only the authorized agent can decrypt them. Even we can't read your codes.

One-Time Read

OTP codes are automatically deleted after your agent reads them. No data retention, no persistent storage of sensitive codes.

User Approval

You control which OTPs your agents can access. Approve each request in real-time via Telegram, email, or the dashboard.

Multi-Source Capture

Capture OTPs from SMS (Android app), Email (Gmail/IMAP), and more. One unified API for all verification codes.

Full Audit Trail

Every OTP request and access is logged. See exactly what your agents accessed and when. Export logs for compliance.

Framework Agnostic

Works with LangChain, CrewAI, AutoGen, or any custom agent. TypeScript and Python SDKs available.

Simple Integration

How it works

Get started in minutes. Our SDK handles the complexity so you can focus on building.

01

Install the App

Download Agent OTP on your Android phone or connect your email account for OTP capture.

02

Agent Requests OTP

When your agent needs a verification code, it requests access through the SDK with the reason.

03

You Approve

Get notified via Telegram or email. Approve which OTP to share with your agent.

04

Agent Gets Code

The encrypted OTP is securely delivered to your agent. Deleted after reading.

Developer Experience

Clean, intuitive API

Our SDK handles encryption, polling, and error handling. Request an OTP, wait for it, decrypt and use it. Simple.

TypeScript
Built-in E2E encryption with Web Crypto API
Async/await with built-in polling and timeout handling
Detailed error classes for every failure mode
Get Started
agent.ts
import {
  AgentOTPClient,
  generateKeyPair,
  exportPublicKey
} from '@orrisai/agent-otp-sdk';

const client = new AgentOTPClient({
  apiKey: process.env.AGENT_OTP_API_KEY!,
});

// Generate encryption keys (store private key securely)
const { publicKey, privateKey } = await generateKeyPair();

// Request an OTP
const request = await client.requestOTP({
  reason: 'Sign up verification for Acme Inc',
  expectedSender: 'Acme',
  filter: {
    sources: ['email'],
    senderPattern: '*@acme.com',
  },
  publicKey: await exportPublicKey(publicKey),
  waitForOTP: true,
});

// Consume the OTP (one-time read, then deleted)
if (request.status === 'otp_received') {
  const { code } = await client.consumeOTP(request.id, privateKey);
  await completeSignup(code);
}

Open Source

Built in the open, for the community

Agent OTP is fully open source under the MIT license. Self-host it, contribute to it, or use it as a foundation for your own security infrastructure.

Contribute

Found a bug? Have a feature idea? PRs and issues are welcome. Join our community of contributors.

View on GitHub

Self-Host

Deploy on your own infrastructure. Full control over your data with Docker and Kubernetes support.

Self-hosting guide

MIT License

Use it commercially, modify it freely, and distribute it as you wish. No strings attached.

View license

Stay updated on Agent OTP

Get notified about new releases, features, and security updates. Join our newsletter for the latest on AI agent security.

Star on GitHubRead the Docs