20 may 2026, 09:43
265
One-time verification codes have become a standard part of digital services. A user logs in, confirms an email address, resets a password, enables two-factor authentication, or confirms an important action – and expects the code to arrive immediately.
In these scenarios, email is not just a communication chanWebhooks Configuration For OTP Emails Trackingnel. It is part of the product experience and product security. If an OTP email is delayed, lands in spam, or does not arrive at all, the user may be unable to complete registration, log into an account, or continue using the service. Either way, the trust may be broken forever.
UniOne helps you quickly set up OTP email delivery via Web API or SMTP, configure a sender domain, use templates, track delivery statuses, and scale your email infrastructure as your product grows.
What Are OTP Emails?
OTP stands for one-time password. It is a temporary verification code that is valid for a limited time period and is used to confirm a user action.
Source: Really Good Emails
The most common examples of OTP emails include:
- registration confirmation;
- account login;
- two-factor authentication;
- password reset;
- email address confirmation;
- payment confirmation or security settings update;
- login confirmation from a new device.
Source: Really Good Emails
The main difference between OTP emails and marketing campaigns is that OTP emails are sent in response to a specific user action. The user initiates the event and expects the email right away. That is why speed, delivery stability, and clear error diagnostics are especially important for OTP traffic.
Why OTP Traffic Should Be Sent Through a Specialized Email Service
At an early stage, you can send OTP emails through a regular SMTP server offered by your hosting provider or through the built-in email mechanism of your CMS. But as the project grows, typical problems show up quickly:
- emails land in spam;
- the sender domain is not configured correctly;
- there is no proper delivery analytics;
- it is difficult to understand why a specific user did not receive a code;
- there are no webhook notifications about delivery, bounces, or spam complaints;
- it is difficult to separate transactional and marketing traffic;
- CMS-based or shared hosting email delivery is not designed for high-volume sending.
OTP emails are critical for the product. If the user does not receive the code, it is no longer just an email delivery issue – it can lead to a lost registration, failed login, or a support request.
That is why it is better to use a dedicated infrastructure for OTP traffic or a specialized email solution for sending OTPs – one that is designed specifically for transactional emails.
Why UniOne Is a Good Fit for OTP Traffic
UniOne can be connected in two ways: via Web API or SMTP. Web API is a good choice for projects where email sending is integrated into a backend, application, or internal system. SMTP is convenient for CMS platforms, WordPress-like websites, ready-made modules, and services where you only need to specify a host, login, and password.
UniOne Web API is a fast and flexible way to integrate email sending through code, while SMTP is easier to connect using standard means.
UniOne also offers many public libraries and integrations: Make, Zapier, Albato, Bloomreach/Exponea, Ruby gem, PHP SDK, JavaScript SDK, C# library, Drupal module, Postman collection, as well as Java SDK and Python 3 SDK in public beta.
How OTP Sending Works with UniOne
The general flow works like this:
- The user performs an action in your product: logs in, registers, or requests a password reset.
- Your backend generates a one-time code.
- The code is stored on your side with a limited expiration time.
- The backend sends the email through UniOne.
- UniOne accepts the email, processes it, and sends it to the recipient.
- You receive the sending status and can track further events through webhooks or reports.
- The user enters the code in your interface.
- Your backend verifies the code and completes the action.
Important: UniOne is responsible for delivering the email, but it will not generate or verify the OTP code for you. Code generation, storage, TTL, attempt limits, and verification should remain on your application side.
Step 1. Create an Account and Verify Your Sender Domain
While sending OTP emails, it is best to use your own domain or dedicated subdomain. For example:
auth.example.com
login.example.com
mail.example.com
A dedicated subdomain is the preferred option. It helps separate the reputation of authentication emails from marketing campaigns, promotional emails, and other types of email traffic.
In UniOne, you need to add a sender domain and configure DNS records. Typically, these include:
- a TXT record to verify domain ownership;
- a DKIM record to sign emails;
- an SPF record or an update to an existing SPF record.
Detailed DNS setup instructions are available on the DNS setup page.
Step 2. Choose the Connection Method: Web API or SMTP
UniOne supports two main sending methods: Web API and SMTP.
Option 1. Web API
Web API is the best choice if you are integrating OTP sending into an application backend, SaaS product, mobile app, user account area, or your own authentication system.
Benefits of Web API:
- convenient template variable passing;
- support for metadata;
- ability to store job_id and link it to a specific OTP attempt;
- easier error handling;
- higher throughput;
- easier scaling;
- support for idempotence key to protect against duplicate sending.
UniOne API accepts HTTPS POST requests with JSON payload, and the email/send.json method allows you to use substitutions, templates, tracking settings, and other parameters.
Option 2. SMTP
SMTP is a better choice if you already have a website, CMS, or plugin that can send emails through an external SMTP server.
For example, this option is convenient for:
- WordPress;
- online stores;
- LMS platforms;
- self-hosted applications;
- CRM systems;
- forums;
- services that already have SMTP settings in the admin panel.
In this case, all you need is to specify the SMTP host, port, username, and password. SMTP integration is simpler, and if you are connecting email delivery for WordPress or another CMS through a ready-made module, SMTP may be the fastest way to launch. However, for new backend integrations, Web API is usually a better option.
Step 3. Create an OTP Email Template
An OTP email should be short, clear, without any unnecessary elements. The user opens the email not to read news, but to quickly obtain the code.
Example structure:
Subject: Your verification code
Your verification code: 123456
The code is valid for 10 minutes.
If you did not request this code, please ignore this email.
Do not share this code with anyone.
For an HTML email, you can use this version:
<h1>Your verification code</h1>
<p>Use this code to complete your account login:</p>
<p style="font-size: 28px; font-weight: bold; letter-spacing: 4px;">
{{otp_code}}
</p>
<p>The code is valid for {{expires_in}} minutes.</p>
<p>If you did not request this code, simply ignore this email.</p>
In UniOne, you can store the template on the service side and use it by its ID. This is convenient for recurring emails and especially useful for high-volume sending. Templates can also be used for recurring and high-volume messages.
Also, feel free to check out the library of predesigned transactional email templates at UniOne, where each one can be customized with an AI-powered email builder supporting both drag-n-drop and HTML editing.
Step 4. Generate the OTP Code on Your Application Side
The OTP code should be generated on your side. UniOne receives the generated value and sends it to the user.
Recommended logic:
- Generate a random code.
- Store it in a database or Redis.
- Set an expiration time, for example 5–10 minutes.
- Limit the number of input attempts.
- Delete the code or mark it as used after successful verification.
- Do not store the code in plain text if your project’s security requirements do not allow it.
- Do not return the code in the API response to the frontend application.
Step 5. Send the OTP via Web API
Example request data for email/send.json:
{
"message": {
"idempotence_key": "otp-login-8f4f2b9e-7b8a-4c3a-9bb7-3d1c7c6d7a10",
"template_id": "00000000-0000-0000-0000-000000000000",
"from_email": "auth@example.com",
"from_name": "Example App",
"subject": "Your verification code",
"recipients": [
{
"email": "user@example.com",
"substitutions": {
"otp_code": "123456"
},
"metadata": {
"event": "login_otp",
"user_id": "12345",
"request_id": "8f4f2b9e-7b8a-4c3a-9bb7-3d1c7c6d7a10"
}
}
],
"tags": [
"otp",
"auth"
]
}
}
After a successful request, UniOne returns a job_id. It is worth storing it in your system next to the OTP request ID. This will help you quickly find the email in logs and check whether the email was delivered, rejected, bounced, or resulted in a complaint.
Step 6. Or Connect UniOne via SMTP
If your website or CMS can already send email through SMTP, you can connect UniOne without building a full API integration.
Typical SMTP settings are:
Host: smtp.eu1.unione.io / smtp.us1.unione.io (please, check the correct host for your account on the SMTP Configuration page)
Port: 465 or 587
Encryption: TLS
Username: your user_id or project_id
Password: your API key or project API key
Encoding: UTF-8
UniOne supports only secure TLS connections.
This option is most convenient if you use WordPress or another CMS with an SMTP plugin. You configure SMTP once, and your website’s system emails – including OTP, registration, password reset, and notifications – start going through UniOne.
For more advanced scenarios, SMTP also supports additional options through the X-UNIONE header: substitutions, templates, tracking settings, and other parameters.
Step 7. Configure Webhooks to Monitor Delivery
For OTP traffic, it is important not only to send the email, but also to understand what happens to it afterwards.
The most important statuses are:
- sent – the email has been sent;
- delivered – the email has been delivered;
- soft_bounced – temporary delivery failure;
- hard_bounced – final delivery failure;
- spam – the user reported the email as spam.
A webhook allows you to receive delivery events in your system. For example, if an OTP email fails, you can prompt the user an alternative scenario: retry later, use another email address, or contact your support.
A UniOne webhook callback contains job_id, metadata, recipient email, status, event time, and additional delivery details.
Step 8. Separate OTP, Marketing, and Other Types of Email
OTP emails should not be mixed with bulk marketing campaigns.
Recommended subdomain structure for different types of emails may be like:
auth.example.com – for OTP, login, 2FA, password resets
news.example.com – marketing campaigns
billing.example.com – invoices, payments, financial notifications
This approach helps you:
- protect the reputation of critical authentication traffic;
- analyze deliverability more easily;
- find issues faster;
- separate settings by product or team;
- reduce the impact of marketing campaigns on transactional emails.
If you have multiple products, clients, or independent business areas, you can use UniOne’s Projects feature. Each project has its own API key, domains, templates, webhooks, and suppression lists. This is convenient when one team manages email delivery for several products or clients.
What Your Product Gets After Connecting UniOne
With UniOne, OTP traffic becomes manageable:
- emails are sent through infrastructure designed for transactional email;
- the sender domain passes SPF/DKIM authentication;
- templates can be stored and updated centrally;
- developers can send OTP emails via API and SDK;
- website owners can connect via SMTP;
- delivery statuses are available through webhooks and reports;
- support is easier to handle using job_id, metadata, and event logs;
- OTP traffic can be separated from marketing traffic;
- as your project grows, sending can be scaled without changing the core architecture.
Quick Checklist for Connecting OTP via UniOne
- Register a UniOne account.
- Add a sender domain or subdomain.
- Configure DNS records: verification record, DKIM, and SPF.
- Wait for the confirmed and active statuses.
- Choose the sending method: Web API, SDK, or SMTP.
- Create an OTP email template.
- Implement OTP generation and verification on the application side.
- Pass the OTP code to UniOne as a template variable.
- Disable tracking if it is not needed for authentication emails.
- Store job_id and request ID.
- Configure webhooks for delivery statuses.
- Separate OTP traffic from marketing campaigns using a dedicated subdomain or project.
Conclusion
OTP emails are one of the most sensitive types of transactional traffic. The user expects the code immediately, and the product depends on whether the email is delivered quickly and reliably.
UniOne is a good fit for these scenarios because it lets you connect email sending in a convenient way: via Web API for backend integrations or via SMTP for CMS platforms and ready-made websites. At the same time, you get domain authentication, templates, webhooks, statistics, event logs, project support, and code libraries.
If you need to quickly launch OTP codes, 2FA emails, password reset emails, or other security notifications, UniOne gives you a clear path and high efficiency. Start sending critical emails through infrastructure designed for transactional email today.
Related Services
Transactional Email Service
Send OTP codes, password reset emails, login notifications, invoices, and other transactional emails through infrastructure designed for high deliverability and fast sending speeds.
Email API
Integrate transactional email sending directly into your application, backend, SaaS platform, or mobile app using UniOne’s scalable Web API with templates, metadata, webhooks, and analytics support.
SMTP Service
Connect UniOne via SMTP to WordPress, Drupal, online stores, CRM systems, and other CMS platforms without building a custom API integration.
Transactional Email Templates
Use ready-made transactional email templates for OTP codes, password reset emails, login alerts, registration confirmations, and other security-related notifications.
Email Analytics
Track delivery statuses, bounces, spam complaints, and recipient engagement through detailed reports, webhooks, and event history logs.
FAQ
What is an OTP email?
An OTP email is a message containing a one-time password or verification code used to confirm a user action. OTP emails are commonly used for login verification, two-factor authentication (2FA), password resets, email confirmation, and security-sensitive actions.
Is SMTP or API better for sending OTP emails?
It depends on your infrastructure. Web API is usually the best option for backend integrations, SaaS platforms, mobile apps, and custom authentication systems because it offers better scalability, metadata support, template handling, and error processing. SMTP is easier to connect for WordPress websites, CMS platforms, online stores, and applications that already support external SMTP servers.
Should OTP emails be separated from marketing emails?
Yes. OTP traffic should be isolated from newsletters and promotional campaigns. Using a dedicated subdomain for authentication emails (better when combined with a separate sending stream / project) helps protect sender reputation and reduces the risk of critical transactional emails being affected by marketing-related complaints or deliverability issues.
Can I use UniOne with WordPress or other CMS platforms?
Yes. UniOne supports SMTP integration, which makes it compatible with WordPress, Drupal (there’s also ready-to-use UniOne module for Drupal to ease the integration), LMS platforms, CRM systems, online stores, and other CMS-based websites that support external SMTP configuration.
How can I monitor OTP email delivery?
You can monitor OTP email statuses through webhooks, event logs, and reports. UniOne supports delivery tracking for statuses like accepted, sent, delivered, opened, clicked, soft_bounced, hard_bounced, unsubscribes and spam complaints, helping developers quickly diagnose delivery problems.
