Automate One-Time Password (OTP) Testing: A Casual Guide

Testing one-time passwords (OTPs) can be such a pain, right? Constantly flipping between your app and SMS inbox, hunting for codes... It’s time we fixed that. Let’s talk about automating the whole process using tools that just get the job done. And yeah, we’ll use temporary phone numbers too, but we’ll keep it chill and focus on real value for your dev workflow.

Here’s how you can level up your OTP game with tools like Playwright, Puppeteer, Selenium, and a bit of creativity. No matter your stack, you’ll find some nuggets here.

---

Why Bother Automating OTPs?

The Usual Struggles

• Switching between your test and SMS inbox
• Copy-pasting like it’s 2005
• Testing on multiple devices? Ugh.

The Smart Fix

Grab some temporary phone numbers programmatically, snag the OTPs via API, and automate the rest. No more back-and-forth, no more drama. You’ll look like a wizard during sprint reviews.

---

Why Quackr.io?

There are plenty of services out there for temporary phone numbers, so why pick Quackr.io? Here’s the deal:

• Fast and Reliable: Quackr.io delivers SMS messages in seconds, which is exactly what you need when testing OTP flows.
• Simple API: Their API is super easy to integrate—you’ll be up and running in no time.
• Global Numbers: Test with numbers from different countries to cover regional use cases.
• Affordable Plans: Perfect for developers and teams who want a cost-effective solution without sacrificing quality.

We’ve used Quackr.io because it ticks all these boxes. You’re welcome to try others, but if you’re looking for something dependable, Quackr.io is a great starting point.

---

What You Need

• Temporary Phone Numbers: Any reliable service will do. (We’re going to use Quackr.io here because it works great.)
• Your Favorite HTTP Client: Axios? Fetch? Your call.
• Testing Frameworks: Playwright, Puppeteer, Selenium... whatever you vibe with.
• Node.js: Because why not?

---

The Fun Part: Coding It Out

Here’s how you can build an OTP automation script. Think of it as a starting point—make it yours.

Step 1: Get a Temporary Phone Number

First, sign up with a service that provides temporary phone numbers (we’re using Quackr.io). Grab your API key, and let’s roll.

Step 2: Install Some Basics

If you’re rocking Node.js, you’ll need a few packages:

npm install playwright axios dotenv

Step 3: The Script

Here’s an example using Playwright and Axios. Feel free to adapt it for your setup.

const { chromium } = require('playwright');
const axios = require('axios');
require('dotenv').config();

(async () => {
  const browser = await chromium.launch();
  const page = await browser.newPage();

  // Fetch a temporary phone number
  const phoneResponse = await axios.get('https://quackr.io/api/phones', {
    headers: { 'Authorization': `Bearer ${process.env.API_KEY}` }
  });

  const phoneNumber = phoneResponse.data.number;
  console.log(`Using phone number: ${phoneNumber}`);

  // Simulate your app’s signup flow
  await page.goto('https://yourapp.com/signup');
  await page.fill('#phone-input', phoneNumber);
  await page.click('#send-otp');

  // Wait for the OTP
  let otp;
  while (!otp) {
    const messages = await axios.get(`https://quackr.io/api/messages?phone=${phoneNumber}`, {
      headers: { 'Authorization': `Bearer ${process.env.API_KEY}` }
    });

    const otpMessage = messages.data.find(msg => msg.body.includes('Your OTP is'));
    if (otpMessage) {
      otp = otpMessage.body.match(/\d{6}/)[0];
      console.log(`Got OTP: ${otp}`);
    } else {
      console.log('Waiting for OTP...');
      await new Promise(resolve => setTimeout(resolve, 2000));
    }
  }

  // Enter the OTP and complete verification
  await page.fill('#otp-input', otp);
  await page.click('#verify-otp');

  console.log('OTP verification done!');

  await browser.close();
})();

Step 4: Keep Your Secrets... Secret

Use a .env file for your API keys. Example:

API_KEY=your_api_key_here

---

Bonus Tips

1. Run Tests in Parallel: Use multiple phone numbers to speed things up.
2. Mock It for CI: Save some API calls during CI/CD by mocking the OTP flow.
3. Stay Resilient: Add retries for flaky network issues.
4. Log Everything: Keep track of OTPs and responses for debugging.

---

What’s Next?

You can extend this setup for:

• Two-Factor Authentication (2FA)
• Phone number validation tests
• Smooth onboarding flows

---

Final Thoughts

This is just scratching the surface. Automating OTPs can save so much time and make your tests feel polished. If you’ve got ideas to make this even better, I’d love to hear them. Got any cool tricks for handling OTPs? Drop them below—let’s learn from each other!