PHPackages amreljako/laravel-otp - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Mail & Notifications](/categories/mail) 4. / 5. amreljako/laravel-otp ActiveLibrary[Mail & Notifications](/categories/mail) amreljako/laravel-otp ===================== Advanced, secure OTP (Email/SMS/WhatsApp) package for Laravel with hashed codes, TTL, rate limiting, one-time use, events, and drivers. v0.1.0(9mo ago)1423MITPHPPHP ^8.1CI failing Since Aug 15Pushed 9mo agoCompare [ Source](https://github.com/amreljako/laravel-otp)[ Packagist](https://packagist.org/packages/amreljako/laravel-otp)[ RSS](/packages/amreljako-laravel-otp/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (6)Versions (2)Used By (0) Laravel OTP by @amreljako ========================= [](#laravel-otp-by-amreljako) Advanced, secure OTP (Email/SMS/WhatsApp) for Laravel. Hashed codes, TTL, one-time use, rate limiting, drivers, rules, and clean API. [![License](https://camo.githubusercontent.com/7013272bd27ece47364536a221edb554cd69683b68a46fc0ee96881174c4214c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e737667)](https://camo.githubusercontent.com/7013272bd27ece47364536a221edb554cd69683b68a46fc0ee96881174c4214c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e737667) Features -------- [](#features) - Random OTP with configurable digits and TTL - Store **only hashed** codes - **One-time use** via `consumed_at` - Rate limit sending/verification - Attempts counter & lockout pattern - HMAC signature binding (purpose + destination) - Channels (Mail by default) + extend SMS/WhatsApp - Migration, Config publish, Facade, Rule - Framework-agnostic tests via Testbench + Pest Install ------- [](#install) ``` composer require amreljako/laravel-otp php artisan vendor:publish --tag=otp-config php artisan migrate ``` Quick Start ----------- [](#quick-start) ``` use Otp; Otp::send([ 'destination' => 'user@example.com', 'purpose' => 'login', 'channel' => 'mail', // or your sms/whatsapp driver // 'ttl' => 300, 'digits' => 6, 'max_attempts' => 5, ]); ``` Verify: ``` $ok = Otp::verify('user@example.com', 'login', $request->code); if ($ok) { /* grant access */ } else { /* error */ } ``` ### Validation Rule [](#validation-rule) ``` $request->validate([ 'email' => ['required','email'], 'code' => ['required', new \Amreljako\Otp\Rules\ValidOtp('email','login')], ]); ``` ### Create your own SMS/WhatsApp channel [](#create-your-own-smswhatsapp-channel) ``` class MySmsChannel implements \Amreljako\Otp\Contracts\OtpChannel { public function send(\Amreljako\Otp\DTO\OtpPayload $p): bool { // call provider API using $p->destination and $p->message() return true; } } ``` Then register in `config/otp.php`: ``` 'channels' => [ 'mail' => \Amreljako\Otp\Channels\MailChannel::class, 'sms' => \App\Otp\Channels\MySmsChannel::class, ], ``` Security -------- [](#security) - No plaintext codes stored - Expires with `expires_at` - One-time consumption - Throttle abuse with RateLimiter - Optional HMAC signature See **SECURITY.md** to report vulnerabilities. Testing ------- [](#testing) ``` composer install vendor/bin/pest ``` License ------- [](#license) MIT © 2025 Amr Elsayed ### Health Score 29 — LowBetter than 60% of packages Maintenance58 Moderate activity, may be stable Popularity11 Limited adoption so far Community8 Small or concentrated contributor base Maturity34 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 270d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/402b06c86e2b864bfa76b7cb27c3d78072dacb43fd685c9f2987e53f5afc05ac?d=identicon)[amreljako](/maintainers/amreljako) --- Top Contributors [![amreljako](https://avatars.githubusercontent.com/u/101364453?v=4)](https://github.com/amreljako "amreljako (7 commits)") --- Tags laravelotpsecurityemail2fasmswhatsapp ### Code Quality TestsPest Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/amreljako-laravel-otp/health.svg) ``` [![Health](https://phpackages.com/badges/amreljako-laravel-otp/health.svg)](https://phpackages.com/packages/amreljako-laravel-otp) ``` ### Alternatives [tzsk/otp A secure, database-free One-Time Password (OTP) generator and verifier for PHP and Laravel. 241641.4k1](/packages/tzsk-otp)[ferdous/laravel-otp-validate Laravel package for OTP validation with built-in features like retry and resend mechanism. Built in max retry and max resend blocking. OTP/Security Code can be send over SMS or Email of your choice with user-defined template. 7124.4k](/packages/ferdous-laravel-otp-validate)[martian/spammailchecker A laravel package that protect users from entering non-existing/spam email addresses. 422.0k](/packages/martian-spammailchecker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)