Enabling Rate Limiting
Navigate to Project Settings
Log in to the OTPIQ Dashboard, go to your Settings, and select the Limits tab.
Configure Phone Number Limits
Set how many OTPs a single phone number can receive within a specific time frame (e.g., maximum of 5 OTPs per 10 minutes).
Types of Protection
OTPIQ defends your project on two distinct levels:- Phone Number Rate Limiting
- IP Address Rate Limiting
This works as a recipient-level anti-fraud measure. It prevents anyone from sending an abnormal number of messages to the exact same phone number.
Saves Credits
Prevents your project’s balance from being drained by repeated requests.
Protects Users
Ensures the recipient does not get spammed with endless OTP messages.
The Fraud Protection Dashboard
Once rate limiting is enabled, the Fraud Protection page in your dashboard provides a comprehensive view of blocked activity.Overview Metrics & Charts
- Total Blocked: See exactly how many IP addresses and phone numbers are currently “jailed”.
- Historical Data: View cards showing how many targets were rate-limited today and over the last 30 days.
- Visual Charts: Track total blocked requests per day and see a breakdown of the countries where blocked IPs originate.
Managing Blocked Activity
The dashboard includes detailed tables for both blocked IP addresses and blocked phone numbers. These tables show the target, location, how many requests they sent before being jailed, and how many blocked requests they’ve attempted since. When dealing with a blocked IP address, you have three action choices:- Remove jail time: Allows the IP to start sending OTPs again immediately.
- Add to allow list: Whitelists the IP so it will never be rate-limited again (ideal for your own dev servers).
- Add to permanent ban list: Completely blocks the IP from ever sending OTPs to your project.
Deep Dive: Inspect & Risk Assessment
When you are unsure what action to take on a blocked IP, you can use the Inspect button to gather more context.Detailed IP Context
View the IP’s country, city, ISP, and a map of its approximate location. It also identifies whether the IP is a standard residential address or hiding behind a proxy/VPN.
Activity Timeline
See exactly how many times this specific IP has been jailed in your project to determine if it’s an honest mistake or active abuse.
AI-Powered Risk Assessment
Reviewing data manually can be overwhelming during a high-traffic attack. OTPIQ does the heavy lifting by combining your project’s data with external threat signals. Clicking the Risk Assessment button generates a report that includes:- An overall Threat Level
- A clear Verdict on what action you should take
IP Allow & Ban Lists
Under the IP List tab, you can manually manage your IP access controls independently of the automated rate limiting:- Allowed IP Addresses: Add IPs that should bypass all rate limits (e.g., your backend servers or trusted partners).
- Banned IP Addresses: Manually add IPs that should be permanently blocked from interacting with your project.