# WebSMS OTP example - Python

Python 3.8+, `requests` for the API client and `flask` for the webhook server.

## Files
- `websms_client.py` - token cache + auto-refresh, send OTP, verify OTP
- `webhook.py` - Flask endpoint receiving `mo` (replies) + `dlr` (delivery reports)
- `demo.py` - end-to-end runnable demo (phone form -> SMS -> verify, with WebOTP autofill)

## Quick start
```bash
pip install -r requirements.txt
cp .env.example .env   # then fill in your cid_/csk_ values
python webhook.py      # webhook server on :3000
```

## Try the demo
```bash
WEBSMS_CLIENT_ID=cid_... WEBSMS_CLIENT_SECRET=csk_... python demo.py
```
Open <http://localhost:3000/> in Chrome on a phone, enter the mobile number, receive the SMS, see Chrome offer the code as autofill into the verification field.

```python
from websms_client import WebSMSClient
import os

c = WebSMSClient(os.environ['WEBSMS_CLIENT_ID'], os.environ['WEBSMS_CLIENT_SECRET'])
c.send_otp('6421234567', 'MyApp', comment='Valid for 5 minutes.')
ok = c.verify_otp('6421234567', '482174')
```

## Notes
- Token + OTP storage is in-process. Production: replace with Redis so multiple
  workers / hosts share state.
- `verify_otp()` is single-shot and caps at 5 attempts.
- Provide your own `code` argument to `send_otp()` (4-8 digits) to control the value.