Blocked by Paperwork for a Simple SMS OTP?

"I just want to add SMS verification to my side project, but the telecom APIs are asking for a Business License and a Telecommunications Service Certificate? I'm just an indie developer!"

One of the most frustrating bottlenecks for developers building a toy project or a startup MVP is "SMS Authentication." Traditional SMS services in many regions require complex paperwork for registration and mandate sender ID pre-registration, making the entry barrier incredibly high.

But don't worry. You can bypass all this red tape. I will show you how to build a flawless SMS OTP system in just 5 minutes using Kotlin, Spring Boot, Redis, and EasyAuth—an SMS API designed for developers that requires absolutely no paperwork.

---

Architecture Overview

The flow of the SMS authentication system we are building is as follows:

1. POST /send: When a user inputs their phone number, the server generates a 6-digit random code (OTP).
2. Redis Storage: The generated OTP is stored in Redis with the phone number as the key. (Set to expire in 3 minutes).
3. EasyAuth API Call: Send the OTP to the user via the EasyAuth send API.
4. POST /verify: Compare the user-input code with the value stored in Redis to verify identity.

---

Step 1: Environment Setup and Dependencies

First, add the dependencies for Redis and web capabilities in your Spring Boot build.gradle.kts.

dependencies {
    // Redis
    implementation("org.springframework.boot:spring-boot-starter-data-redis")
    // Web
    implementation("org.springframework.boot:spring-boot-starter-web")
}

Set up your Redis connection information in application.yml.

spring:
  data:
    redis:
      host: localhost
      port: 6379

---

Step 2: Implementing the SMS Auth Service

This is the core business logic that manages the lifecycle of the OTP using Redis and triggers the actual SMS delivery using the EasyAuth API.

import org.springframework.data.redis.core.StringRedisTemplate
import org.springframework.stereotype.Service
import org.springframework.web.client.RestTemplate
import org.springframework.http.HttpEntity
import org.springframework.http.HttpHeaders
import org.springframework.http.MediaType
import java.util.concurrent.TimeUnit
import kotlin.random.Random

@Service
class SmsAuthService(
    private val redisTemplate: StringRedisTemplate
) {
    // EasyAuth API endpoint and Auth Key (Issued instantly upon signup)
    private val easyAuthUrl = "https://api.easyauth.co.kr/send"
    private val apiKey = "YOUR_EASYAUTH_API_KEY"
    
    // Auth code Time-To-Live (3 minutes)
    private val AUTH_TTL = 3L

    fun sendCode(phoneNumber: String) {
        // 1. Generate a 6-digit random code
        val authCode = Random.nextInt(100000, 999999).toString()

        // 2. Save to Redis (Key: Phone number, Value: Auth code)
        redisTemplate.opsForValue().set(
            "sms:auth:$phoneNumber",
            authCode,
            AUTH_TTL,
            TimeUnit.MINUTES
        )

        // 3. Send SMS via EasyAuth
        sendViaEasyAuth(phoneNumber, authCode)
    }

    fun verifyCode(phoneNumber: String, inputCode: String): Boolean {
        val key = "sms:auth:$phoneNumber"
        val savedCode = redisTemplate.opsForValue().get(key)

        return if (savedCode != null && savedCode == inputCode) {
            // Delete the key from Redis upon success to prevent reuse
            redisTemplate.delete(key)
            true
        } else {
            false
        }
    }

    private fun sendViaEasyAuth(phoneNumber: String, code: String) {
        val restTemplate = RestTemplate()
        val headers = HttpHeaders().apply {
            contentType = MediaType.APPLICATION_JSON
            set("Authorization", "Bearer $apiKey")
        }

        val requestBody = mapOf(
            "to" to phoneNumber,
            "text" to "[My Service] Your verification code is [$code]. Please enter it within 3 minutes."
        )

        val request = HttpEntity(requestBody, headers)
        
        // EasyAuth API Call - Sent instantly with zero paperwork!
        restTemplate.postForEntity(easyAuthUrl, request, String::class.java)
    }
}

---

Step 3: Exposing the API Endpoints (Controller)

Now, let's write a Controller so that our clients (web/mobile app) can call these functions.

import org.springframework.http.ResponseEntity
import org.springframework.web.bind.annotation.*

@RestController
@RequestMapping("/api/auth")
class SmsAuthController(
    private val smsAuthService: SmsAuthService
) {

    @PostMapping("/send")
    fun sendAuthCode(@RequestBody request: SendRequest): ResponseEntity> {
        smsAuthService.sendCode(request.phoneNumber)
        return ResponseEntity.ok(mapOf("message" to "Verification code sent successfully."))
    }

    @PostMapping("/verify")
    fun verifyAuthCode(@RequestBody request: VerifyRequest): ResponseEntity> {
        val isValid = smsAuthService.verifyCode(request.phoneNumber, request.code)
        
        return if (isValid) {
            ResponseEntity.ok(mapOf("message" to "Verification successful."))
        } else {
            ResponseEntity.status(401).body(mapOf("message" to "Invalid or expired verification code."))
        }
    }
}

// DTO Classes
data class SendRequest(val phoneNumber: String)
data class VerifyRequest(val phoneNumber: String, val code: String)

---

Tips & Best Practices for Production

While the code above works perfectly, you should consider the following for a production-level environment:

1. Rate Limiting (Anti-abuse) You must prevent malicious users from requesting an OTP dozens of times per minute to the same number. We recommend leveraging Redis to limit requests to a certain number per day (e.g., 5 times per number).
2. Automated Sender ID Normally, you need to register a sender's phone number with telecom providers beforehand. However, by using EasyAuth, you can use their built-in automated sender ID pool, allowing you to send messages instantly without the hassle of registration.

---

Conclusion: Why EasyAuth?

Implementing the logic for SMS authentication using Spring Boot and Redis is straightforward. The real roadblock has always been API integration prerequisites.

If you are building a toy project, a startup MVP, or working as a solo developer, I highly recommend using EasyAuth.

• Zero Paperwork: Get an API key instantly upon signup without needing a Business License or Telecom Certificates.
• Automated Sender ID: No waiting for sender number registration approvals.
• Reasonable Pricing: Drastically cheaper at 15~25 KRW per message compared to the standard 30~50 KRW.
• Free Trial: Receive 10 free messages upon signup so you can test your code immediately.

Skip the paperwork and focus strictly on your development in just 5 minutes with EasyAuth today!