OTPCredential

Limited availability

This feature is not Baseline because it does not work in some of the most widely-used browsers.

Secure context: This feature is available only insecure contexts (HTTPS), in some or allsupporting browsers.

Experimental:This is anexperimental technology
Check theBrowser compatibility table carefully before using this in production.

TheOTPCredential interface of theWebOTP API is returned when a WebOTPnavigator.credentials.get() call (i.e., invoked with anotp option) fulfills. It includes acode property that contains the retrieved one-time password (OTP).

Instance properties

This interface also inherits properties fromCredential.

OTPCredential.codeRead onlyExperimental: The one-time password (OTP).

Instance methods

None.

Examples

The below code triggers the browser's permission flow when an SMS message arrives. If permission is granted, then the promise resolves with anOTPCredential object. The containedcode value is then set as the value of an<input> form element, which is then submitted.

navigator.credentials  .get({    otp: { transport: ["sms"] },    signal: ac.signal,  })  .then((otp) => {    input.value = otp.code;    if (form) form.submit();  })  .catch((err) => {    console.error(err);  });

Note:For a full explanation of the code, see theWebOTP API landing page. You can alsosee this code as part of a full working demo.

Specifications

Specification
WebOTP API # OTPCredential

Browser compatibility

Help improve MDN

Learn how to contribute

This page was last modified on⁨Jul 7, 2025⁩ byMDN contributors.

View this page on GitHub •Report a problem with this content

ページ先頭