Authy API

Two-factor authentication, passwordless login, and secured authorizations, built for developers.

Java logo
JavaScript logo
PHP logo
Python logo
Ruby logo

Create a push authentication

Use a push notification to a mobile device to start a secure, yet user-friendly authentication. Can also be used for protecting in application transactions, like money transfers.

View Docs

# $AUTHY_API_KEY is the Authy API Key
  # $AUTHY_API_FORMAT is either “xml” or “json”
  # $AUTHY_ID example:  123456
  # $COUNTRY_CODE example: 1
  # $OT_MESSAGE is the OneTouch message
  # $OT_DETAILS is a string of details
  # $OT_TTL is the time (in seconds) for verification to occur

  curl -X POST "https://api.authy.com/onetouch/$AUTHY_API_FORMAT/users/$AUTHY_ID/approval_requests” \
  -H "X-Authy-API-Key: $AUTHY_API_KEY" \
  -d message="$OT_MESSAGE" \
  -d details="$OT_DETAILS" \
  -d seconds_to_expire="$OT_TTL"
Check push authentication status
Once you’ve requested a push authentication, you can either set a callback for the status change or poll the API with this example.

View Docs
// npm install authy
const authy = require("authy")("APIKEY");

authy.send_approval_request(
  "1337",
  user_payload,
  [hidden_details],
  [logos],
  function (err, res) {
    // res = {"approval_request":{"uuid":"########-####-####-####-############"},"success":true}
  }
);
public static async Task CreateApprovalRequestAsync()
  {
    // Create client
    var client = new HttpClient();

    // Add authentication header
    client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey);

    var requestContent = new FormUrlEncodedContent(new[] {
      new KeyValuePair("message", "Requesting War Room Access"),
      new KeyValuePair("seconds_to_expire", "300"),
      new KeyValuePair("details[Location]", "California, USA"),
      new KeyValuePair("details[Room]", "VR Room 1"),
    });

    // https://api.authy.com/onetouch/$AUTHY_API_FORMAT/users/$AUTHY_ID/approval_requests
    HttpResponseMessage response = await client.PostAsync(
      "https://api.authy.com/onetouch/json/users/5661166/approval_requests",
      requestContent);

    // Get the response content.
    HttpContent responseContent = response.Content;

    // Get the stream of the content.
    using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
      {
        // Write the output.
        Console.WriteLine(await reader.ReadToEndAsync());
      }
    }

Check push authentication status

Once you’ve requested a push authentication, you can either set a callback for the status change or poll the API with this example.

View Docs

# $AUTHY_API_KEY is the Authy API Key
  # $AUTHY_API_FORMAT is either “xml” or “json”
  # $UUID is the string returned after creating a OneTouch request

  curl "https://api.authy.com/onetouch/$AUTHY_API_FORMAT/approval_requests/$UUID" \
  -H "X-Authy-API-Key: $AUTHY_API_KEY"
// npm install authy
const authy = require("authy")("APIKEY");

authy.check_approval_status(uuid, function (err, res) {
  /*
res = {
  "approval_request": {
    "_app_name": YOUR_APP_NAME,
    "_app_serial_id": APP_SERIAL_ID,
    "_authy_id": AUTHY_ID,
    "_id": INTERNAL_ID,
    "_user_email": EMAIL_ID,
    "app_id": APP_ID,
    "created_at": TIME_STAMP,
    "notified": false,
    "processed_at": null,
    "seconds_to_expire": 600,
    "status": 'pending',
    "updated_at": TIME_STAMP,
    "user_id": USER_ID,
    "uuid": UUID
  },
  "success": true
}
*/
});
public static async Task VerifyPhoneAsync()
  {
    // Create client
    var client = new HttpClient();

    // Add authentication header
    client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey);

    // https://api.authy.com/protected/$AUTHY_API_FORMAT/phones/verification/check?phone_number=$USER_PHONE&country_code=$USER_COUNTRY&verification_code=$VERIFY_CODE
    HttpResponseMessage response = await client.GetAsync("https://api.authy.com/protected/json/phones/verification/check?phone_number=5558675309&country_code=1&verification_code=3043");

    // Get the response content.
    HttpContent responseContent = response.Content;

    // Get the stream of the content.
    using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
      {
        // Write the output.
        Console.WriteLine(await reader.ReadToEndAsync());
      }
    }

Request an OTP via SMS

The most globally available method of 2FA, usable by anyone with a mobile phone or landline, anywhere in the world.

View Docs

# $AUTHY_API_KEY is the Authy API Key
  # $AUTHY_API_FORMAT is either “xml” or “json”
  # $AUTHY_ID example:  123456

  curl -i "https://api.authy.com/protected/$AUTHY_API_FORMAT/call/$AUTHY_ID?force=true" \
  -H "X-Authy-API-Key: $AUTHY_API_KEY"
// npm install authy
const authy = require("authy")("APIKEY");

authy.request_call("1337", function (err, res) {
  //
});
public static async Task RequestAuthySMSAsync()
  {
    // Create client
    var client = new HttpClient();

    // Add authentication header
    client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey);

    // https://api.authy.com/protected/$AUTHY_API_FORMAT/sms/$AUTHY_ID?force=true
    HttpResponseMessage response = await client.GetAsync(
      "https://api.authy.com/protected/json/sms/5661166?force=true");

    // Get the response content.
    HttpContent responseContent = response.Content;

    // Get the stream of the content.
    using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
      {
        // Write the output.
        Console.WriteLine(await reader.ReadToEndAsync());
      }
    }

Request an OTP via voice

The most globally available method of 2FA, usable by anyone with a mobile phone or landline, anywhere in the world.

View Docs

# $AUTHY_API_KEY is the Authy API Key
  # $AUTHY_API_FORMAT is either “xml” or “json”
  # $AUTHY_ID example:  123456

  curl -i "https://api.authy.com/protected/$AUTHY_API_FORMAT/call/$AUTHY_ID?force=true" \
  -H "X-Authy-API-Key: $AUTHY_API_KEY"
// npm install authy
const authy = require("authy")("APIKEY");

authy.request_call("1337", function (err, res) {
  //
});
public static async Task RequestAuthyVoiceAsync()
  {
    // Create client
    var client = new HttpClient();

    // Add authentication header
    client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey);

    // https://api.authy.com/protected/$AUTHY_API_FORMAT/call/$AUTHY_ID?force=true
    HttpResponseMessage response = await client.GetAsync(
      "https://api.authy.com/protected/json/call/5661166?force=true");

    // Get the response content.
    HttpContent responseContent = response.Content;

    // Get the stream of the content.
    using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
      {
        // Write the output.
        Console.WriteLine(await reader.ReadToEndAsync());
      }
    }

Verify an OTP

The most globally available method of 2FA, usable by anyone with a mobile phone or landline, anywhere in the world.

View Docs

# $AUTHY_API_KEY is the Authy API Key
  # $AUTHY_API_FORMAT is either “xml” or “json”
  # $AUTHY_ID example:  123456
  # $ONECODE is the requested token

  curl -i "https://api.authy.com/protected/$AUTHY_API_FORMAT/verify/$ONECODE/$AUTHY_ID" \
  -H "X-Authy-API-Key: $AUTHY_API_KEY"
// npm install authy
const authy = require("authy")("APIKEY");

authy.verify("1337", "0000000", function (err, res) {
  //
});
public static async Task VerifyTokenAsync()
  {
    // Create client
    var client = new HttpClient();

    // Add authentication header
    client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey);

    // https://api.authy.com/protected/$AUTHY_API_FORMAT/verify/$ONECODE/$AUTHY_ID
    HttpResponseMessage response = await client.GetAsync(
      "https://api.authy.com/protected/json/verify/3812001/5661166");

    // Get the response content.
    HttpContent responseContent = response.Content;

    // Get the stream of the content.
    using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
      {
        // Write the output.
        Console.WriteLine(await reader.ReadToEndAsync());
      }
    }

Verify a smartphone-generated TOTP

Complete a 2FA step without requiring your user to have an internet or cell connected device. Simply verify the token generated by the Authy app, regardless of whether or not your device is connected.

View Docs

#$AUTHY_API_KEY is the Authy API Key
  # $AUTHY_API_FORMAT is either “xml” or “json”
  # $AUTHY_ID example:  123456
  # $ONECODE is the requested token


  curl -i "https://api.authy.com/protected/$AUTHY_API_FORMAT/verify/$ONECODE/$AUTHY_ID" \
  -H "X-Authy-API-Key: $AUTHY_API_KEY"
// npm install authy
const authy = require("authy")("APIKEY");

authy.verify("1337", "0000000", function (err, res) {
  //
});
public static async Task VerifyTokenAsync()
  {
    // Create client
    var client = new HttpClient();

    // Add authentication header
    client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey);

    // https://api.authy.com/protected/$AUTHY_API_FORMAT/verify/$ONECODE/$AUTHY_ID
    HttpResponseMessage response = await client.GetAsync(
      "https://api.authy.com/protected/json/verify/3812001/5661166");

    // Get the response content.
    HttpContent responseContent = response.Content;

    // Get the stream of the content.
    using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
      {
        // Write the output.
        Console.WriteLine(await reader.ReadToEndAsync());
      }
    }

THE TWILIO ADVANTAGE

Communicate reliably

Experience a 99.95% uptime SLA made possible with automated failover and zero maintenance windows.

Operate at scale

Extend the same app you write once to new markets with configurable features for localization and compliance.

Many channels

Use the same platform you know for voice, SMS, video, chat, two-factor authentication, and more.

No shenanigans

Get to market faster with pay‑as‑you‑go pricing, free support, and the freedom to scale up or down without contracts.

Not ready yet? Talk to an expert