Cloud

Architecting a Serverless OTP & SMS Service

How I designed a secure, high-performance communication service using Azure Functions, Cosmos DB, and AWS SNS.

July 30, 2024
3 min read
Architecting a Serverless OTP & SMS Service

Introduction

In modern application development, reliable communication channels like SMS and OTPs (One-Time Passwords) are critical for user authentication and engagement. I recently architected a centralized, serverless solution to handle these needs, ensuring high availability, security, and cost-efficiency.

The Challenge

I needed a robust service to:

  1. Generate and verify OTPs with low latency.
  2. Send transactional SMS messages reliably.
  3. Scale automatically to handle burst traffic without manual intervention.
  4. Securely manage API access across different internal applications.

The Solution: A Hybrid Cloud Approach

I designed a Python-based Azure Function App that leverages the best of both Azure and AWS ecosystems.

graph TB
    Client[Client Application] -->|HTTPS Request| Azure[Azure Functions]
    
    subgraph "Azure Cloud"
        Azure -->|Store OTP| Cosmos[(Azure Cosmos DB)]
        Azure -->|Validate| Auth[API Key Authentication]
    end
    
    subgraph "AWS Cloud"
        SNS[AWS SNS]
        Pinpoint[AWS Pinpoint]
    end
    
    Azure -->|Send SMS| SNS
    Azure -->|Send SMS| Pinpoint
    Cosmos -->|Verify OTP| Azure
    
    SNS -->|Deliver| Phone[User Phone]
    Pinpoint -->|Deliver| Phone

Azure Functions (Python)

I chose Azure Functions for the compute layer. The serverless model allows us to pay only for execution time, which is perfect for the sporadic nature of OTP requests. Python was selected for its rich ecosystem and ease of development.

Azure Cosmos DB

For storing OTPs, I implemented Azure Cosmos DB. Its global distribution and single-digit millisecond latency are crucial for the “verify OTP” flow, where speed directly impacts user experience.

AWS SNS & Pinpoint

While hosted on Azure, I integrated AWS Simple Notification Service (SNS) and Pinpoint for the actual SMS delivery. AWS provides industry-leading deliverability rates and global reach for SMS, making it the superior choice for the communication layer.

Key Implementation Details

Secure API Authentication

Security was a top priority. I implemented a custom decorator pattern in Python to enforce API key authentication. This ensures that only authorized internal services can trigger SMS sends or OTP generation.

# Conceptual example of the auth decorator
def require_api_key(func):
    def wrapper(req):
        api_key = req.headers.get('x-org-key')
        if not api_key or not is_valid(api_key):
            return func.HttpResponse("Unauthorized", status_code=401)
        return func(req)
    return wrapper

Dual-Database Strategy

The system is designed to be resilient. While Cosmos DB handles the high-speed OTP data, it also maintains structured logs and audit trails, ensuring complete visibility into delivery attempts and verification success rates.

Performance & Results

The serverless architecture has delivered:

  • Zero Maintenance: No servers to patch or manage.
  • Auto-Scaling: Seamlessly handles traffic spikes during marketing campaigns.
  • Cost Efficiency: Costs scale linearly with usage, with no idle resource costs.

Conclusion

By combining Azure’s serverless compute with AWS’s communication infrastructure, I built a service that is both robust and flexible. This project demonstrates how a hybrid cloud strategy can be effectively employed to solve specific business problems without being locked into a single provider’s full stack.

Tags

#Azure Functions #Python #Serverless #CosmosDB #AWS
Rommel

Written by Rommel Saquicela

Senior Tech Lead & Solutions Architect

View Profile