Documentation Index

Fetch the complete documentation index at: https://help.gladly.com/llms.txt

Use this file to discover all available pages before exploring further.

We're updating help docs to reflect our new product naming. Gladly Sidekick (AI) is now called just Gladly, and Gladly Hero (the Platform) is now Gladly Team. Some articles may display outdated names while we update everything. Thank you for your patience! Learn more

  • Product Docs
  • Implementation
  • Developer Tutorials

One Time Password

  • Updated on Jun 8, 2026
  • Published on Jun 8, 2026
  • 3 minute(s) read
Prev Next
REQUIRED USER ROLE 
Administrator
PERMISSION OVERVIEW
View permissions by role

One Time Password (OTP) lets Gladly send a short verification code to a Customer's email address or phone number. When the Customer enters the code back, Gladly confirms whether it matched. This verifies that the customer controls the address before a Workflow takes action on their behalf, such as looking up or canceling an order.

Using OTP in Workflows

OTP is built to work with Gladly Workflows. The User address verification template handles the full OTP flow out of the box. See What is Workflows to learn more.

Access One Time Password settings

  1. Click on the top-left corner of the screen.

  2. Click Settings.

  3. Under Security and Compliance, click One Time Password.

Configuration settings for sending one-time passwords via email and SMS.

The page has two tabs: Configuration and Audit log.

Configuration

The Configuration tab contains the settings that control how OTP emails and SMS messages are sent from your organization.

Configuration settings for one-time passwords, including email and SMS company name fields.

  • [A] Email Endpoint — The email endpoint used to send one-time passwords to customers. Must be a valid email endpoint already configured for your org. Email OTP sends fail at send time until this is set. SMS-only orgs can leave this empty.

  • [B] Company Name (Email) — The company name shown in the email body when a one-time password is sent. Up to 100 characters. Falls back to your org's display name if left empty.

  • [C] Company Name (SMS) — The company name shown in the SMS body when a one-time password is sent. Up to 32 characters. Cannot contain links, phone numbers, special characters, or more than 4 digits. Falls back to your org's display name if left empty.

SMS OTP is available to all orgs without additional setup. Email OTP requires an Email Endpoint [A] to be selected before it will work.

What Customers see

Email: Customers receive a styled email with the subject "Your [Brand Name] verification code." The email displays the brand name, the code in a prominent box, an expiry note, and a footer reminder to ignore it if they did not request it. The HTML template is fixed; only the brand name and From address vary by org.

Email from Retalé containing a verification code that expires in ten minutes.

SMS: Customers receive a message in the format "Your [Brand Name] verification code is: [code]." The SMS body text is fixed and cannot be customized.

A text message displaying a verification code and spam warning for Retalé.

Audit log

The Audit log tab lets you look up the full history of OTP activity for a specific customer address. The log does not show a default listing; results only appear after you enter an address.

Configuration page for one-time passwords with an audit log search feature.

Enter a customer's email address or phone number in the search field to load their OTP history. Each row represents one OTP request. The row label is the terminal event for that request, followed by a count of total lifecycle events recorded. Expand a row to see the full chronological sequence of events.

Event types

Event

Meaning

Send requested

A Workflow requested a code to be sent.

Send succeeded

The provider accepted the send request.

Delivered

Confirmation that the code reached the recipient.

Delivery failed

The provider could not deliver the code (invalid number, hard bounce, geographic restriction, etc.).

Verification succeeded

The customer entered the correct code.

Verification failed

The customer entered an incorrect code.

Code expired

A verification attempt came in after the 10-minute validity window.

Code invalidated

The code was retired after the maximum number of failed attempts.

Trip wire triggered

The recipient entered too many wrong codes within an hour and entered a temporary cooldown period.

Common issues

"I never got the code."

Look for "Send succeeded" followed by "Delivery failed." This means the provider accepted the request but could not complete delivery, typically due to an invalid number, a hard-bounced email, or a geographic restriction.

"The code isn't working."

Look for "Verification failed" (wrong code entered) or "Code expired" (the customer waited longer than 10 minutes before entering the code).

"I can't request a new code."

Look for "Trip wire triggered." The recipient's address is temporarily blocked for 60 minutes due to too many failed verification attempts within an hour.

Related docs