/Web APIs


Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The OTPCredential interface of the WebOTP API contains the attributes that are returned when a new one-time password is retrieved.

Credential OTPCredential

Instance properties

This interface also inherits properties from Credential.

OTPCredential.code Experimental

The one-time password.

Event handlers


Instance methods



The below code triggers the browser's permission flow when an SMS message arrives. If permission is granted then the promise resolves with an OTPCredential object. See this code as part of a simple demo.

    otp: { transport: ["sms"] },
    signal: ac.signal,
  .then((otp) => {
    input.value = otp.code;
    if (form) form.submit();
  .catch((err) => {


Browser compatibility

Desktop Mobile
Chrome Edge Firefox Internet Explorer Opera Safari WebView Android Chrome Android Firefox for Android Opera Android Safari on IOS Samsung Internet
OTPCredential 93 93 No No 79 No No 84 No 60 No 14.0
code 93 93 No No 79 No No 84 No 60 No 14.0

© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.