Development

Five easy steps for successful 2-factor authentication

Infobip's SMS-based 2FA immediately turns your user's devices into an extra layer of security. It doesn't require extra equipment and works on every mobile phone.

February 26 2015

Traditionally, implementing two-factor authentication for web-based services also meant introducing additional hardware. Nowadays, enterprises and Internet giants need a simpler and faster solution to verify their global user base.

SMS-based 2FA sends a one-time PIN code to users’ mobile phones via text message, immediately turning their device into an extra layer of security. It doesn’t require extra equipment and works on both the latest smartphones and decade-old feature phones.

Step 1: Register your app

Before you start generating and sending PIN codes over Infobip 2FA service, you’ll have to register your app on our platform and provide us with the name of your app.

 

POST /2fa/1/applications HTTP/1.1
Host: oneapi.infobip.com
Authorization: Basic RkTpGSVR0lUdGVhbZWFt
Content-Type: application/json
 
{
  "name":"My BASIC app"
}

The name of your app will be enough for you to proceed to the next step if you require only basic usage. For advanced usage, you’ll be able to configure the additional features for your app: PIN time to live, PIN attempts, verification attempts, verification interval, etc.

Find out more about additional features for your app and advanced usage of this method.

Step 2: Create a message

After you have registered your app for the 2FA application, the next step will be to create a message that you want to send to your app users.

A PIN code is generated as part of your message so you’ll need to specify its features:

  • PIN type: Type of PIN code that will be generated and sent as part of 2FA message. You can set PIN type to numeric, alpha, alphanumeric, or hex.
  • PIN length: PIN code length between 1 and 8 characters.
POST /2fa/1/applications/8F0792F86035A9F4290821F1EE6BC06A/messages HTTP/1.1
Host: oneapi.infobip.com
Authorization: Basic RkTpGSVR0lUdGVhbZWFt
Content-Type: application/json
 
{
  "pinType":"NUMERIC",
  "pinPlaceholder":"",
  "messageText":"Your pin is ",
  "pinLength":4,
  "sender":"Infobip 2FA"
}

Find out more about additional message parameters and their usage.

Step 3: Generate API key

In order to start sending and verifying PINs from the client side, you need a valid Infobip API key.

Generate your API key with this simple method:

POST /2fa/1/api-key HTTP/1.1
Host: oneapi.infobip.com
Authorization: Basic RkTpGSVR0lUdGVhbZWFt
Content-Type: application/json

Response:

"003026bbc133714df1834b8638bb496e-8f4b3d9a-e931-478d-a994-28a725159ab9"

Step 4: PIN generation and sending

If you have created a 2FA application (Step 1), configured your message (Step 2) and obtained your API key for authorisation (Step 3), you are ready to generate and send PINs to your users.

POST /2fa/1/pin HTTP/1.1
Host: oneapi.infobip.com
Authorization: App 003026bbc133714df1834b8638bb496e-8f4b3d9a-e931-478d-a994-28a725159ab9
Content-Type: application/json
{
  "applicationId":"6D48F9FE5FA2B679C815F8AF33282A7C",
  "messageId":"1036B771ACA7EC408772F93BC855D00A",
  "phoneNumber":"41793026727"
}
 

A response that indicates if everything is ok with your request will be immediately sent to you:

{
 "to": "41793026727",
 "ncStatus": "NC_DESTINATION_REACHABLE",
 "smsStatus": "MESSAGE_SENT",
 "pinId": "9C817C6F8AF3D48F9FE553282AFA2B67"
}

Find out more about additional features for sending PIN codes.

Step 5: Verify PIN

The final step is to verify if the user entered the correct PIN that he had received on his mobile phone.

Simply forward us the value the user entered in your app, and we will verify the PIN:

POST /2fa/1/pin/9C817C6F8AF3D48F9FE553282AFA2B67/verify HTTP/1.1
Host: oneapi.infobip.com
Authorization: App 003026bbc133714df1834b8638bb496e-8f4b3d9a-e931-478d-a994-28a725159ab9
Content-Type: application/json
{
 "pin":"1598"
}

If the PIN is correct, you will receive this response:

{
 "pinId": "9C817C6F8AF3D48F9FE553282AFA2B67",
 "msisdn": "41793026727",
 "verified": true,
 "attemptsRemaining": 0
}

If the PIN is wrong, you will receive this response:

{
 "pinId": "9C817C6F8AF3D48F9FE553282AFA2B67",
 "msisdn": "41793026727",
    "verified": false,
    "attemptsRemaining": 2,
    "pinError": "WRONG_PIN"
}

To see how easy it is to integrate our 2FA solution into your mobile app check out our free demo app and browse through our Android SDK documentation.