Introduction to Agent OTP

Agent OTP is a secure relay service that helps AI agents receive verification codes (SMS/email OTPs) with end-to-end encryption, user approval, and automatic deletion after use.

Why Agent OTP?

AI agents often need to complete tasks that require verification codes - signing up for services, logging into accounts, or verifying identity. However, giving agents direct access to your SMS or email creates security risks. Agent OTP solves this by acting as a secure relay.

Agent OTP provides:

• End-to-End Encryption - OTPs are encrypted on capture; only your agent can decrypt them using its private key
• User Approval - You control which OTPs agents can access, approving each request individually
• One-Time Read - OTPs are automatically deleted after consumption, eliminating persistent data risks
• Full Audit Trail - Every OTP request and access is logged for compliance and transparency

How it works

Quick example

import {
  AgentOTPClient,
  generateKeyPair,
  exportPublicKey
} from '@orrisai/agent-otp-sdk';

const client = new AgentOTPClient({
  apiKey: process.env.AGENT_OTP_API_KEY,
});

// Generate encryption keys (store private key securely)
const { publicKey, privateKey } = await generateKeyPair();

// Request an OTP
const request = await client.requestOTP({
  reason: 'Sign up for Acme service',
  expectedSender: 'Acme',
  filter: {
    sources: ['email'],
    senderPattern: '*@acme.com',
  },
  publicKey: await exportPublicKey(publicKey),
  waitForOTP: true,
  timeout: 120000,
});

// Consume the OTP (decrypts and deletes from server)
if (request.status === 'otp_received') {
  const { code, metadata } = await client.consumeOTP(request.id, privateKey);
  console.log('OTP code:', code);
}

Key features

Next steps