> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/tokenization/implement-tokenization/card-tokenization-request/processing-the-response/approve-with-step-up-authentication/otp-by-sms-email.md).

# OTP by SMS/email

The payment network **TSP** can authenticate the **End User** using a one-time password (**OTP**) generated and managed by the TSP.

The **Issuer** delivers the OTP to the End User by SMS or email.

D1 can send SMS and email on behalf of the Issuer. The following conditions apply:

{% stepper %}
{% step %}

### Provide contact details

The Issuer must provide the End User’s phone number and/or email according to the preferred method. See [Get started](/tokenization/get-started.md) for details.

D1 uses this API to retrieve End User contact details from your **issuer backend**.

{% hint style="warning" %}
D1 cannot verify the authenticity of End User contact details. It is the Issuer’s responsibility to provide validated End User data to D1.
{% endhint %}
{% endstep %}

{% step %}

### Configure templates

The Issuer must configure message templates. D1 supports placeholders to include the last four digits of the **PAN** and the OTP value.
{% endstep %}

{% step %}

### Update DNS zone

The Issuer must update its DNS zone file to allow D1 to send emails on behalf of the Issuer and prevent emails from being treated as spam.

The detailed procedure is coordinated by the Thales delivery team. In summary, the Issuer defines and configures a subdomain (for example, `email.bankname.com`) and shares it with Thales. Thales uses it to generate DNS records that the Issuer adds to its DNS zone file.
{% endstep %}
{% endstepper %}

### Flow

<figure><img src="/files/N8CnJl5KWSgEaa1N0rkf" alt=""><figcaption><p>OTP delivery flow (high level)</p></figcaption></figure>

### Sequence diagram

<figure><img src="/files/8DkboJ2ZM7jg35CV8HzI" alt=""><figcaption><p>OTP delivery sequence diagram</p></figcaption></figure>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.payments.thalescloud.io/tokenization/implement-tokenization/card-tokenization-request/processing-the-response/approve-with-step-up-authentication/otp-by-sms-email.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.