User Story #536
Updated by Islam Mansoori about 1 month ago
**As a** As a System, **I want** I want to receive a mobile number, generate a secure OTP, and trigger a WhatsApp message, **so that** so that the user's identity can be verified. - **In-Scope:** - In-Scope: RESTful API endpoint (`/api/v1/auth/request-otp`). - (/api/v1/auth/request-otp). OTP generation logic (6-digit numeric). - Integration with a WhatsApp Service Provider (e.g., Twilio, Meta Graph API). - Rate limiting per mobile number. - **Out-of-Scope:** - Out-of-Scope: Verification of the OTP (handled in the next story/page). - User profile creation (handled after successful verification). - **Acceptance Acceptance Criteria (AC):** - **AC1:** (AC): AC1: Endpoint accepts `mobile_number` mobile_number and `remember_me` remember_me boolean. - **AC2:** AC2: Generate a unique 6-digit OTP and store it in the cache (e.g., Redis) with a 5-minute expiry. - **AC3:** AC3: Send the OTP via the configured WhatsApp API. - **AC4:** AC4: Return a `200 OK` 200 OK status upon successful handoff to the provider. - **Validation Rules:** - **Rate Limit:** Validation Rules: Rate Limit: Maximum 3 OTP requests per 10 minutes per IP/Number. - **Data Integrity:** Data Integrity: Ensure the number is stripped of whitespace before processing. - **Error Messages:** - *Too Error Messages: Too many requests:* requests: "Too many attempts. Please try again in 10 minutes." - *Provider Down:* Provider Down: "Unable to send OTP at this moment. Please try again later." - **Definition Definition of Done (DoD):** - (DoD): API endpoint documented in Swagger/OpenAPI. - OTP successfully received on a test device via WhatsApp. - Code reviewed and merged to the develop branch. - Integration tests for the WhatsApp provider passed.