Frequently asked questions
Answers about getting started, OTP delivery, and privacy rules.
- Submit a signup request with your company details and preferred plan.
- Our team reviews your request and provisions a customer portal account (typically within 1–2 business days).
- Log in at the customer portal with the credentials we provide.
- We assign one or more API services to your organization. Each service has its own API key and rate limits.
- Integrate using the REST API at
/api/v1/otp/sendand/api/v1/otp/verifywith your service API key in theX-API-Keyheader. - Monitor OTP delivery logs per service from the portal dashboard.
Questions? Email otpspace.support@gmail.com.
TokenFlow delivers one-time passwords through WhatsApp and Telegram using platform accounts managed by the Service Provider.
- Your application calls
POST /api/v1/otp/sendwith the recipient phone number (E.164 format) and optional platform preference. - TokenFlow generates a numeric OTP, stores a hashed copy, and routes the message through an available WhatsApp or Telegram sender account.
- The end user receives the OTP on their messaging app.
- Your application verifies the code with
POST /api/v1/otp/verify.
Delivery success depends on the recipient having the chosen messaging app, network connectivity, and platform policies. Failed sends and verification attempts are recorded in your service audit log.
Contact otpspace.support@gmail.com if you experience persistent delivery issues.
You can close your TokenFlow organization account using either option below:
- Customer portal: Log in and contact us via your assigned support channel to request account closure.
- By email: Send a message to otpspace.support@gmail.com from your registered email address asking us to delete your account and revoke API access.
Upon verification, we will deactivate your portal login, revoke API keys for services assigned to your organization, and delete or anonymize personal data in accordance with our Privacy Policy and applicable law.
TokenFlow processes business customer data and end-user phone numbers solely to provide OTP delivery and verification.
- OTP audit logs: Records of send and verify requests, including phone numbers, timestamps, platforms, and outcomes, are retained for operational, security, and billing purposes.
- Account data: Organization and contact details are retained while your account is active.
- API keys: Stored as cryptographic hashes; plaintext keys are shown only once at creation.
You may request access to, correction of, or deletion of personal data we hold about your organization by emailing otpspace.support@gmail.com. Some data may be retained where required by law or for legitimate business purposes.
See our full Privacy Policy for details.