Skip to main content

SOTT (Secure One-Time Token)

Overview

The Secure One-Time Token (SOTT) is a LoginRadius security feature that protects user registration flows from unauthorized or automated sign-ups. It ensures that registration requests originate from trusted sources by requiring a time-bound, encrypted token to be included with each request.

SOTT is dynamically generated using the API Key, API Secret, and a timestamp range (start and end time). While LoginRadius SDKs automatically handle SOTT generation during registration, you can also manually generate a SOTT for custom flows or advanced configurations.

Key Features

  • Strengthens registration endpoint security without relying solely on CAPTCHAs.
  • Delivers a smooth registration experience on smaller screens compared to visual-based security methods while maintaining robust protection.
  • Customizable token validity period by setting the expiration window for advanced scenarios like timed registration links, extended onboarding flows, or security-conscious applications that require short-lived tokens.

Primary Use Cases

Mobile Registration (Alternative to CAPTCHA)

SOTT adds an extra layer of registration security without introducing visual challenges or UI elements, making it a smooth experience across both web and mobile platforms - including smaller screens where traditional security methods may be less convenient.

Web Registration with SOTT

Even for web apps, SOTT can be used alongside or instead of CAPTCHA to provide an additional layer of bot protection.

Configuration

You can manually generate a Secure One-Time Token (SOTT) in the LoginRadius Admin Console using your API Key and Secret. For step-by-step configuration instructions, refer to the API Configuration ocument.

Integration Guide

Below are the various methods LoginRadius supports for generating the SOTT when leveraging it for custom implementations.

  • LoginRadius API
  • Manual Generation
  • SDK Implementation

Default Expiration Time

By default, a SOTT expires 10 minutes after generation. You can customize this window by:

  • Using the Admin Console or Generate SOTT API to configure your preferred expiration duration.
  • Passing custom startTime and endTime when generating it manually.

You can leverage the Generate SOTT API to generate the SOTT by ingesting the LoginRadius API Key, LoginRadius Secret Key, and timedifference. The response will include the SOTT and its expiration time.

Below is the sample output of a successful response.

{
"Sott": "UHvoadn**********/PrJ6DzANoF**********jWGFyk***J8n3COAV**********gjlHh****YN4mGy+mly**********uyp3hZPMqxs48=*c09bd**********a40662e6eb30*****",
"ExpiryTime": "2017-11-06T07:03:12.1100256Z"
}

Demo

See a live example of the SOTT generation here: https://dotnetfiddle.net/fHk8Ah

Best Practices

  • Always generate a new SOTT for every registration attempt.
  • Use HTTPS to ensure the token is transmitted securely.
  • Avoid hardcoding API secrets in client-side code.
  • Prefer server-side SOTT generation where possible.