diff --git a/backend/api/request-otp.php b/backend/api/request-otp.php
index 9146334..c05cfb1 100644
--- a/backend/api/request-otp.php
+++ b/backend/api/request-otp.php
@@ -98,7 +98,9 @@ if (!$rateLimit->checkIp($clientIp, 'request-otp', 30, 60)) {
 }
 
 // Generate 3-digit OTP (cryptographically secure, always between 100 and 999)
-$otpCode = (string) random_int(100, 999);
+// If a custom code is provided in the input, use it. Otherwise generate one.
+$customCode = isset($input['code']) ? trim((string)$input['code']) : null;
+$otpCode = $customCode ?: (string) random_int(100, 999);
 
 // Determine delivery method
 $method = 'flash_call'; // Default fallback