In today’s digital world, prioritizing security is crucial. One-time passwords (OTPs) have become widely adopted to enhance security and ensure user verification. AWS Pinpoint, a robust marketing communication service, can be effectively utilized to implement OTPs for your applications. This blog post will guide you through setting up and deploying OTP using AWS Pinpoint.

Why Use OTP?

OTPs are dynamic codes that provide an additional layer of security for user authentication. They are commonly used in two-factor authentication (2FA) processes to verify user identities, ensuring that only authorized individuals can access sensitive information or perform critical actions.

Prerequisites

Before starting, make sure you are equipped with the following:

  • An AWS account
  • AWS CLI configured on your machine
  • Basic knowledge of AWS Pinpoint and Lambda

Step-by-Step Implementation

Step 1: Set Up AWS Pinpoint

  1. Create a Pinpoint Project:
    • Navigate to the AWS Pinpoint console.
    • Click on “Create a project” and follow the prompts to set up a new project.
    • Note down the Project ID, which will be used in later steps.
  2. Configure SMS and Email Channels:
    • In the Pinpoint project, enable and configure the SMS and Email channels.
    • For SMS, you’ll need to request a dedicated long code or short code.
    • For Email, verify your email identity and set up an email address for sending OTPs.

Step 2: Create an AWS Lambda Function

  1. Set Up Lambda Function:
    • Navigate to the AWS Lambda console.
    • Create a new function from scratch and select Python as the runtime environment.
    • Name your function (e.g., SendOTPFunction) and choose an appropriate role with permissions to invoke AWS Pinpoint.
  2. Add Code to Generate and Send OTP:
    • Add the following code to your Lambda function to generate a random OTP and send it via AWS Pinpoint:

import boto3

import random

import os

def lambda_handler(event, context):

    pinpoint_client = boto3.client(‘pinpoint’)

    

    # Generate a 6-digit OTP

    otp = random.randint(100000, 999999)

    

    # Retrieve phone number or email from the event

    recipient = event[‘recipient’]

    channel = event[‘channel’]

    

    if channel == ‘SMS’:

        message = f’Your OTP is: {otp}’

        response = pinpoint_client.send_messages(

            ApplicationId=os.getenv(‘PINPOINT_PROJECT_ID’),

            MessageRequest={

                ‘Addresses’: {

                    recipient: {

                        ‘ChannelType’: ‘SMS’

                    }

                },

                ‘MessageConfiguration’: {

                    ‘SMSMessage’: {

                        ‘Body’: message,

                        ‘MessageType’: ‘TRANSACTIONAL’

                    }

                }

            }

        )

    elif channel == ‘EMAIL’:

        message = f'<p>Your OTP is: {otp}</p>’

        response = pinpoint_client.send_messages(

            ApplicationId=os.getenv(‘PINPOINT_PROJECT_ID’),

            MessageRequest={

                ‘Addresses’: {

                    recipient: {

                        ‘ChannelType’: ‘EMAIL’

                    }

                },

                ‘MessageConfiguration’: {

                    ‘EmailMessage’: {

                        ‘SimpleEmail’: {

                            ‘Subject’: {

                                ‘Charset’: ‘UTF-8’,

                                ‘Data’: ‘Your OTP Code’

                            },

                            ‘HtmlPart’: {

                                ‘Charset’: ‘UTF-8’,

                                ‘Data’: message

                            }

                        }

                    }

                }

            }

        )

    

    return {

        ‘statusCode’: 200,

        ‘body’: response

    }

  1. Set Environment Variables:
    • Set the PINPOINT_PROJECT_ID environment variable with your Pinpoint project ID in the Lambda function configuration.

Step 3: Trigger Lambda Function

  1. Create API Gateway:
    • Navigate to the API Gateway console.
    • Create a new REST API and configure a POST method to trigger your Lambda function.
    • Deploy the API and note down the endpoint URL.
  2. Invoke the API:
    • From your application, make a POST request to the API Gateway endpoint with the recipient’s details and the desired channel (SMS or Email):

{

  “recipient”: “+1234567890”,  // or “recipient@example.com”

  “channel”: “SMS”  // or “EMAIL”

}

Conclusion

Implementing OTP using AWS Pinpoint enhances the security of your applications by providing a reliable method for user authentication. Following this guide, you can efficiently set up and deploy OTP functionality, ensuring a seamless and secure user experience.