Blog Detail


Generate OTP With Expiry in Laravel Without Using Database  cover image

arrow_back Generate OTP With Expiry in Laravel Without Using Database

Tipu Zayn introduced a tool to create OTP with an expiry for PHP without using any Database. This is primarily a Laravel Package but it can be used outside of Laravel also.


You can install this package via composer by running this command:

composer require tzsk/otp

To publish the config file for laravel you can run

php artisan otp:publish


Import the facade class:

use Tzsk\Otp\Facades\Otp;

Generate an OTP:

$otp = Otp::generate($unique_secret);
// Returns - string

The above generated OTP will only be validated using the same unique secret within the default expiry time.

TIP: OTP is generally used for user verification. So the easiest way of determining the unique secret is the user’s email or phone number. Or maybe even the User ID. You can even get creative about the unique secret. You can use md5($email) the md5 of the user’s email or phone number.

Match an OTP:

$valid = Otp::match($otp, $unique_secret);
// Returns - boolean

Other Generate & Match Options:

There are other ways of generating or matching an OTP:

// Generate -

Otp::digits(8)->generate($unique_secret); // 8 Digits, Default expiry from config
Otp::expiry(30)->generate($unique_secret); // 30 min expiry, Default digits from config
Otp::digits(8)->expiry(30)->generate($unique_secret); // 8 digits, 30 min expiry

// The above generate method can be swapped with other generator methods. Ex -

Make sure to set the same config during checking. What that means is, if you have used 8 digits and 30 min during creation you will also have to use 8 digits and 30 min during checking as well.

// Match - (Different Runtime)

// The first example above
Otp::check($otp, $unique_secret); // -> false
Otp::digits(8)->check($otp, $unique_secret); // -> true

// The second example above
Otp::check($otp, $unique_secret); // -> false
Otp::expiry(30)->check($otp, $unique_secret); // -> true

// The third example above
Otp::check($otp, $unique_secret); // -> false
Otp::digits(8)->expiry(30)->check($otp, $unique_secret); // -> true

Here, in the above example for matching the OTP, we can see that the same config is required when matching the OTP with the secret which was used during the creation of the OTP.

Security Advantage: - The main advantage of using the same config while matching is some third person cannot use this tool to generate the same OTP for the user in question if he doesn’t know the config.

Helper usage

You can use the package with provided helper function as well

$otp = otp()->make($secret);
$otp = otp()->digits(8)->expiry(20)->make($secret);


You can also utilize this package outside the laravel. If you want to know how to use this package outside the laravel, then you can visit Github for its complete documentation.

Published at : 23-12-2021

Author : Rizwan Aslam
Rizwan Aslam

I am a highly results-driven professional with 12+ years of collective experience in the grounds of web application development especially in laravel, native android application development in java, and desktop application development in the dot net framework. Now managing a team of expert developers at Codebrisk.

Launch your project

Launch project