Using HTTP Requests to Return OTP in PHP

Two-factor authentication (2FA) is a critical security layer for modern web applications. In this blog post, we’ll explore how to create a simple PHP API that generates a One-Time Password (OTP) using a secret key and integrates this functionality into an n8n workflow. We’ll also demonstrate how to extend the functionality by asking for the OTP via WhatsApp with the help of AI tools.

Step 1: PHP API for OTP Generation

The PHP API consists of two endpoints: /getsecrets to list all available secrets and /getotp to generate an OTP for a given secret key. Below is the implementation:

<?php
require_once 'vendor/PHPGangsta/GoogleAuthenticator.php';

// Expected API key
$expectedApiKey = '8cd0de4e14cd240a97209625af4bdeb0';

$headers = getallheaders();
$apiKey = isset($headers['API_KEY']) ? $headers['API_KEY'] : '';

if ($apiKey !== $expectedApiKey) {
    header('Content-Type: application/json');
    header('HTTP/1.1 401 Unauthorized');
    echo json_encode(['status' => 'error', 'message' => 'Unauthorized: Invalid API key']);
    exit;
}

$ga = new PHPGangsta_GoogleAuthenticator();
$jsonFile = 'path_to_your_json_file/totp_secrets.json';
$jsonData = file_exists($jsonFile) ? file_get_contents($jsonFile) : '';
$projects = $jsonData ? json_decode($jsonData, true) : [];

if ($_SERVER['REQUEST_URI'] === '/getsecrets' && $_SERVER['REQUEST_METHOD'] === 'GET') {
    $response = ['status' => 'success', 'secrets' => $projects];
} elseif ($_SERVER['REQUEST_URI'] === '/getotp' && $_SERVER['REQUEST_METHOD'] === 'POST') {
    $inputData = json_decode(file_get_contents('php://input'), true);
    if (isset($inputData['secret'])) {
        $secret = $inputData['secret'];
        $validSecret = array_filter($projects, fn($p) => $p['totp_secret'] === $secret);
        if ($validSecret) {
            $response = ['status' => 'success', 'code' => $ga->getCode($secret)];
        } else {
            $response = ['status' => 'error', 'message' => 'Invalid secret key'];
        }
    } else {
        $response = ['status' => 'error', 'message' => 'Secret key is required'];
    }
} else {
    $response = ['status' => 'error', 'message' => 'Invalid request'];
}

header('Content-Type: application/json');
echo json_encode($response);

Step 2: Integrate with n8n Workflow

n8n is a powerful automation tool that allows you to orchestrate workflows by integrating APIs and services. To utilize the above API, follow these steps:

• HTTP Request Node: Use this node to call the /getotp endpoint. Set the method to POST, include the API key in the headers, and pass the secret key in the request body.
• Data Transformation: Use the response from the API to handle the OTP securely.
• WhatsApp Integration: Add a node to send the OTP to the user via WhatsApp using an AI communication service (e.g., Twilio or WhatsApp Business API).

Step 3: Ask for OTP in WhatsApp with AI

To enhance user experience, you can leverage AI tools to automate OTP delivery and validation over WhatsApp. Here’s how to set it up:

• Set up WhatsApp API: Register for a WhatsApp Business API or use a provider like Twilio to send messages programmatically.
• https://platform.ezchat.org Register 3rd Party Platform to manage,
• Connect WhatsApp with n8n: Add a node in n8n to send the OTP retrieved from the /getotp API to the user’s WhatsApp number.
• Automate Responses: Use an AI agent to handle user queries and verify the OTP they provide.

Conclusion

By following this guide, you can securely generate and deliver OTPs using PHP APIs, integrate them into automated workflows with n8n, and extend the functionality with WhatsApp communication. This setup provides a robust foundation for implementing 2FA in your applications while enhancing user interaction with modern tools.