Closed ajamous closed 6 months ago
Hi @ajamous !
Can you join our community call (25/01/2024, Thursday, 8:30 GMT+1), so we can discuss this issue?
Thx! David
Hi!
closing this issue.
@ajamous if more concerns are coming in future and this issue becomes relevant - we can reopen it.
Thx!
Overview
This issue outlines a series of proposed enhancements to the One Time Password SMS API to improve its usability, security, and compliance. The goal is to provide a clearer, more robust, and developer-friendly API that aligns with best practices and industry standards.
Below we compare the current API specification with the suggested enhancements by providing concrete examples for each for your review:
Performance Metrics:
Endpoint Descriptions:
/send-code
endpoint description: "Rate limited to 100 requests per hour per phone number."Error Handling:
"message": "Client specified an invalid argument, request body or query param"
."message": "Invalid 'phoneNumber' format. Ensure it is in E.164 format, including the '+' sign and country code."
Security Schemes:
securitySchemes
, add"algorithm": "RS256"
and in the description: "Tokens have a 60-minute lifetime before expiration."Request and Response Bodies:
maxLength: 160
"maxLength": 640
, with documentation stating: "Messages will be automatically segmented and reassembled."Rate Limiting and Quotas:
X-RateLimit-Limit
,X-RateLimit-Remaining
, andX-RateLimit-Reset
.Webhooks for Asynchronous Operations:
"webhookUrl": "https://clientapp.com/otp-delivery-status"
.Localization and Internationalization:
Message
schema."locale": "en-US"
in theSendCodeBody
schema, with a note: "Locale parameter sets the language for OTP messages."Testing and Sandbox Environment:
https://api.sandbox.example.com/one-time-password-sms/v0
for testing.Monitoring and Analytics:
GET /analytics/otp-usage
to fetch usage statistics.Compliance and Regulation:
"userConsent": true
, with a note on GDPR compliance.The above examples highlight the difference between the current state of the API and how each suggested improvement could be articulated within the API documentation or functionality.