OTP Verification

Identify Your Signers with Certainty Through OTP

A single-use code sent by email or SMS. Irrefutable proof that the right person signed your document.

The problem

How do you prove the right person signed?

Without identity verification, an electronic signature is worthless in court. Here are the risks you face.

Identity theft

Without identity verification, anyone with access to your client's email can click the link and sign in their name. A gaping legal flaw.

Non-repudiation impossible

If your signer contests having signed, how do you prove it? Without OTP, your signature lacks the evidential value needed to withstand litigation.

High legal risk

The eIDAS regulation requires signer identification to recognize the legal value of a signature. Without this, your act can be annulled.

The solution

The OTP-secured signing journey

At each step, we collect identity evidence that constitutes an irrefutable file in case of contestation.

Step 01

Personalized email invitation

The signer receives an email with a unique and secure link. This link is single-use, timestamped and linked exclusively to this signer for this document.

Step 02

Document review

The signer views the complete document in their browser before signing. The date and time of the review are recorded with the IP address.

Step 03

OTP code received

At the time of signing, the signer requests their OTP code. It is sent by email or SMS to the registered contact. 6-digit code, valid for 10 minutes.

Step 04

Validation and signature

After validating the OTP code, the signer applies their handwritten or stylized signature. The OTP success is recorded in the evidence file.

Key features

An OTP system designed for maximum security

OTP by email

The code is sent to the email address provided when creating the request. Simple and effective for most use cases.

OTP by SMS

For enhanced security, the OTP can be sent by SMS to the signer's phone number. Two distinct verification channels.

6-digit code

A 6-digit numeric code, cryptographically securely generated, impossible to guess or brute-force.

10-minute expiration

The OTP code is only valid for 10 minutes after sending. After this period, it is automatically invalidated and a new code must be requested.

3 attempts maximum

After 3 incorrect entries, the code is permanently invalidated. This limit prevents brute-force attacks on the 6-digit code.

Secure hashed storage

The OTP code is never stored in plain text in the database. It is hashed with SHA-256 and compared in a timing-safe manner to prevent timing attacks.

Use cases

When OTP verification is essential

Sensitive contracts

For any high-stakes legal act, OTP verification considerably strengthens the evidential value of the signature and protects all parties.

  • Transfer agreements
  • Termination agreements
  • Financial commitments

Legal acts

Lawyers and notaries use OTP to ensure their clients have reviewed the documents and signed with full knowledge of the facts.

  • Litigation mandates
  • Debt acknowledgements
  • Powers of attorney

Financial mandates

For any document financially committing a natural or legal person, OTP constitutes a decisive additional layer of authentication.

  • SEPA mandates
  • Transfer orders
  • Guarantor commitments
Benefits

What OTP brings to your signatures

Certain identification

Successful OTP challenge proves the signer had access to the registered email or phone number at the time of signing.

Non-repudiation

The signer can no longer claim they didn't sign. OTP constitutes technical and legal proof of their voluntary commitment.

Enhanced evidential value

OTP elevates the evidential value of your simple electronic signature, bringing it closer to the standards of an advanced electronic signature.

Enhanced security

Even if a signing link is intercepted or forwarded to the wrong person, the OTP code ensures only the legitimate recipient can sign.

eIDAS compliance

The unique email + OTP combination meets the signer identification requirements set by the eIDAS regulation for simple electronic signatures.

Complete audit trail

Every OTP send, every validation attempt, every success or failure is recorded with a timestamp in the signature evidence file.

Secure your signatures with OTP verification

Enabled by default on every request. No configuration required. Try for free now.