It's a good question. Currently, the API that is used for unsolicited communication with a customer (or other party role) is indeed TMF681, which basically is intended to wrap and abstract the actual way in which a message is sent (via SMS, voice message, email, other). But perhaps for sending OTPs the TMF681 API is over--qualified.
On the other hand, if you want a record of the fact that OTPs were sent, and flexibility in how they were sent, you'll end up re-inventing TMF681.
Interesting to hear what @Bruno Fernandes (lead for Digital ID API) has to say about this.
------------------------------
Jonathan Goldberg
Amdocs Management Limited
Any opinions and statements made by me on this forum are purely personal, and do not necessarily reflect the position of the TM Forum or my employer.
------------------------------
Original Message:
Sent: Jul 18, 2024 03:52
From: Venkata Krishna Kiran Chennamsetty
Subject: API for OTP SMS
Hi Team,
We have some scenarios where we use OTP SMS.
- While an User logging to application, to authenticate the user we send OTP to User mobile number.
- Another scenario where Agents trying to close the Complaint raised by customer and before closing the complaint an OTP to be triggered to customer as Agent need to take customer confirmation to close the Complaint.
- Another scenario where Agent is serving the customer to subscribe to a package and triggering OTP to customer considering it as customer consent taken to add package to the subscription.
Please suggest which API best suits for these scenarios. Do we need to prefer TMF720 (Digital Identity) considering these as Customer or Agent Authentications or Do we need to use TMF681 (Communication Management) treating these as SMS communications.
Thanks,
Kiran.Ch
------------------------------
Venkata Krishna Kiran Chennamsetty
Innovation Team
------------------------------