Authentication API

Passwordless login, 2-factor authentication & protected authorizations that are made for developers

Using OneTouch to Build a Push Notification Verification

Start a secure & user-friendly authentication on a mobile device via push notifications. This can also secure in-app transactions such as money transfers.

# # $TFA_API_KEY is the tfa API Key
# # $TFA_API_FORMAT is either “xml” or “json”
# # $TFI_ID example:  123456
# # $COUNTRY_CODE example: 1
# # $OT_MESSAGE is the OneTouch message
# # $OT_DETAILS is a string of details
# # $OT_ITL is the time (in seconds) for verification to occur

curl -X POST "http://api.tfa.com/onetouch/$TFAI_API_FORMAT/users/
$TFA_ID/approval_requests”\
-H "X-TFA-API-Key: $TFA_API_KEY" \
-d message="$OT_MESSAGE" \
-d details="$OT_DETAILS" \
-d seconds_to_expire="$OT_TTL"
# npm install tfa-client
# $TFA_ID example:  123456

const Client = require('tfa-client').Client;
const tfa = new Client({key: TFA_API_KEY});

var request = {
   tfaId: tfa_ID,
   details: {
       hidden: {
           "test": "This is a"
       },
       visible: {
           "Location": "California, USA",
           "Room": "VR Room 1"
       }
   },
   message: 'Requesting War Room Access'
};

tfa.createApprovalRequest(
   request, {
       ttl: 300
   }, function (err, resp) {
       if (err) {
           console.log(err);
       } else {
        console.log(resp);
       }
   });
public static async Task CreateApprovalRequestAsync()
 {
   // Create client
   var client = new HttpClient();

   // Add authentication header
   client.DefaultRequestHeaders.Add("X-tfa-API-Key", tfaAPIKey);

   var requestContent = new FormUrlEncodedContent(new[] {
     new KeyValuePair("message", "Requesting War Room Access"),
     new KeyValuePair("seconds_to_expire", "300"),
     new KeyValuePair("details[Location]", "California, USA"),
     new KeyValuePair("details[Room]", "VR Room 1"),
   });

   // http://api.tfa.com/onetouch/$TFA_API_FORMAT/users/$TFA_ID/
approval_requests
   HttpResponseMessage response = await client.PostAsync(
     "http://api.tfa.com/onetouch/json/users/5661166/approval_requests",
     requestContent);

   // Get the response content.
   HttpContent responseContent = response.Content;

   // Get the stream of the content.
   using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
     {
       // Write the output.
       Console.WriteLine(await reader.ReadToEndAsync());
     }
   }

Monitor Status on OneTouch Push Notification

You can either set a callback for the status change or poll the API once you request a Push Notification.

# $TFA_API_KEY is the tfa API Key
# $TFA_API_FORMAT is either “xml” or “json”
# $TFA_ID example:  123456

curl "http://api.tfa.com/protected/$TFA_API_FORMAT/sms/$TFA_ID?force=true" \
-H "X-tfa-API-Key: $TFA_API_KEY"
# npm install tfa-client
const Client = require('tfa-client').Client;
const tfa = new Client({key: TFA_API_KEY});

tfa.getApprovalRequest({
   id: $UUID
   }, function (err, resp) {
       if (err) {
           console.log(err);
       } else {
       console.log(resp);

       }
   });
public static async Task VerifyPhoneAsync()
 {
   // Create client
   var client = new HttpClient();

   // Add authentication header
   client.DefaultRequestHeaders.Add("X-tfa-API-Key", tfaAPIKey);

   // https://api.tfa.com/protected/$TFA_API_FORMAT/phones/verification/check?phone_number=$USER_PHONE&country_code=$USER_COUNTRY
&verification_code=$VERIFY_CODE
   HttpResponseMessage response = await client.GetAsync("https://api.tfa.com/protected/json/phones/verification/check?phone_number=5558675309&country_code=1&verification_code=3043");

   // Get the response content.
   HttpContent responseContent = response.Content;

   // Get the stream of the content.
 using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
     {
       // Write the output.
       Console.WriteLine(await reader.ReadToEndAsync());
     }
   }

OneCode OTP Request through SMS

An internationally accessible approach of Authentication API, easy to use by individuals with a mobile phone or landline, wherever they are on the planet.

# $TFA_API_KEY is the tfa API Key
# $TFA_API_FORMAT is either “xml” or “json”
# $TFA_ID example:  123456

curl "http://api.tfa.com/protected/$TFA_API_FORMAT/sms/$TFA_ID?force=true" \
-H "X-tfa-API-Key: $TFA_API_KEY"
# npm install tfa-client
const Client = require('tfa-client').Client;
const tfa = new Client({key: TFA_API_KEY});

tfa.requestSms({tfaId: req.body.tfaId}, {force: true}, function (err, resp) {
   if (err) throw err;
   console.log(resp);
});
public static async Task RequesttfaSMSAsync()
 {
   // Create client
   var client = new HttpClient();

   // Add authentication header
   client.DefaultRequestHeaders.Add("X-tfa-API-Key", tfaAPIKey);

   // http://api.tfa.com/protected/$TFA_API_FORMAT/sms/$TFA_ID?force=true
   HttpResponseMessage response = await client.GetAsync(
     "http://api.tfa.com/protected/json/sms/5661166?force=true");

   // Get the response content.
   HttpContent responseContent = response.Content;

   // Get the stream of the content.
   using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
     {
       // Write the output.
       Console.WriteLine(await reader.ReadToEndAsync());
     }
   }

OneCode OTP Request using Voice

An internationally accessible way of Authentication API done by anyone with a mobile phone or landline, globally.

# $TFA_API_KEY is the tfa API Key
# $TFA_API_FORMAT is either “xml” or “json”
# $TFA_ID example:  123456

curl "http://api.tfa.com/protected/$TFA_API_FORMAT/sms/$TFA_ID?force=true" \
-H "X-tfa-API-Key: $TFA_API_KEY"
# npm install tfa-client
const Client = require('tfa-client').Client;
const tfa = new Client({key: TFA_API_KEY});

client.requestCall({ tfaId: 1635 }, function(err, res) {
 if (err) throw err;
 console.log('Call initiated’', res.cellphone);
});
public static async Task VerifyTokenAsync()
 {
   // Create client
   var client = new HttpClient();

   // Add authentication header
   client.DefaultRequestHeaders.Add("X-tfa-API-Key", tfaAPIKey);

   // http://api.tfa.com/protected/$TFA_API_FORMAT/verify/$ONECODE/$TFA_ID
   HttpResponseMessage response = await client.GetAsync(
     "http://api.tfa.com/protected/json/verify/3812001/5661166");

   // Get the response content.
   HttpContent responseContent = response.Content;

   // Get the stream of the content.
   using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
     {
       // Write the output.
       Console.WriteLine(await reader.ReadToEndAsync());
     }
   }

Authenticate a OneCode OTP

The most internationally available way of Authentication API is easily usable by people with a mobile phone or landline, globally.

# $TFA_API_KEY is the tfa API Key
# $TFA_API_FORMAT is either “xml” or “json”
# $TFA_ID example:  123456

curl -i "http://api.tfa.com/protected/$TFA_API_FORMAT/call/$TFA_ID?force=true" \
-H "X-tfa-API-Key: $TFA_API_KEY"
# npm install tfa-client
const Client = require('tfa-client').Client;
const tfa = new Client({key: tfa_API_KEY});

client.verifyToken({ tfaId: TFA_ID, token: ONECODE }, function(err, resp) {
 if (err) throw err;
 console.log('Token is valid: ‘, resp');
});
public static async Task VerifyTokenAsync()
 {
   // Create client
   var client = new HttpClient();

   // Add authentication header
   client.DefaultRequestHeaders.Add("X-tfa-API-Key", tfaAPIKey);

   // http://api.tfa.com/protected/$TFA_API_FORMAT/verify/$ONECODE/$TFA_ID
   HttpResponseMessage response = await client.GetAsync(
     "http://api.tfa.com/protected/json/verify/3812001/5661166");

   // Get the response content.
   HttpContent responseContent = response.Content;

   // Get the stream of the content.
   using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
     {
       // Write the output.
       Console.WriteLine(await reader.ReadToEndAsync());
     }
   }

SoftToken Verification of smartphone-generated TOTP

The Ver app generates a token code which lets you complete an Authentication API step authentication without requiring your user to have an internet or cell connected device.

# $TFA_API_KEY is the tfa API Key
# $TFA_API_FORMAT is either “xml” or “json”
# $TFA_ID example:  123456

curl -i "http://api.tfa.com/protected/$TFA_API_FORMAT/call/$TFA_ID?force=true" \
-H "X-tfa-API-Key: $TFA_API_KEY"
# npm install tfa-client
const Client = require('tfa-client').Client;
const tfa = new Client({key: tfa_API_KEY});

client.verifyToken({ tfaId: TFA_ID, token: ONECODE }, function(err, resp) {
 if (err) throw err;
 console.log('Token is valid: ‘, resp');
});
public static async Task VerifyTokenAsync()
 {
   // Create client
   var client = new HttpClient();

   // Add authentication header
   client.DefaultRequestHeaders.Add("X-tfa-API-Key", tfaAPIKey);

   // http://api.tfa.com/protected/$TFA_API_FORMAT/verify/$ONECODE/$TFA_ID
   HttpResponseMessage response = await client.GetAsync(
     "http://api.tfa.com/protected/json/verify/3812001/5661166");

   // Get the response content.
   HttpContent responseContent = response.Content;

   // Get the stream of the content.
   using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
     {
       // Write the output.
       Console.WriteLine(await reader.ReadToEndAsync());
     }
   }

Up Next:
See Authentication
API Use Cases

Use Cases for Alerts

Connect with customers in the way they want.

Alternate Password login

Use alternative passwords with single-usecodes sent over SMS, voice or push. Phonenumber identities let you connect your userswith their contacts.

Block volume registration

Authenticate unique phone numbers to preventbots, spammers, and card testers moreefectively than captchas or email verification.

2-way authentication

Allow an additional second factor toauthenticate users without hardware costs orcomplex integration. Ensure global exposureand wide audience reach from day one.

Secure password reset

Reset passwords in a secure manner byconfirming users’ ownership of their phonenumber. Fastest solutions with less help desk orhelp center costs.

Improved authentication

Apply out-of-band authentication onhigh-value transactions or when risk scorecrosses a threshold and eliminate manualreviews.

Multi-tier verification

Balance user acquisition with compliance byphone verifying lower tier customers instead ofonerous id verification for all users.

THE FONE API EDGE

Redundancy

Automated failover ensures that you have 99.95% uptime SLA without the need for a maintenance window.

Scalability

Use existing apps to new markets by configuring features for compliance and localization.

Multi-channel

Use a single platform for voice, SMS, video, authentication, chat and more.

Without hassles

Get free support, have the freedom to scale your business, market faster with pay-as-you-go.

Create your Account to Start Building
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.