This tutorial will walk you through the steps of setting up your own two-factor authentication service.

User enters your application

User visits your website or mobile app and attempts to log into his account, authorize a transaction, or perform another action that requires two-factor authentication from a new device.

User is prompted to enter his phone number

Restcomm receives the login attempt and prompts the user to enter his phone number in order to authorize the new device.

PIN code is sent to the user via SMS

Once the user enters a valid phone number, from your application you will need to ask Restcomm to send a verification code to that phone number by using the HTTP REST API Call Below.

Sending a verification code requires basic authorization that includes your account SID and auth token. Below is the format you have to use in order to send a verification code to the user’s phone number.

Sending One-Time Passwords - API Reference

Base Resource URI

https://{your_organization}.restcomm.com

Verification Code Resource URI

/2fa/send

Supported Operations

HTTP POST: Send a verification code through SMS to the specified Phone Number

Request Parameters

Parameter Description

service

The name of your service

from

The Phone number that is sending the SMS containing the verification code.

to

The Phone number to send the SMS containing the verification code to.

body

The content of the SMS. Use {code} as a placeholder for the location of the verification code in your SMS content. This {code} will be replaced automatically with a random code generated by the system

Example:

{
    "service" : "Restcomm", // the name of your service
    "from" : "+XXXXXXXXX", // the SMS sender phone number
    "to" : "+XXXXXXXXXX", // the SMS recepient phone number
    "body": "Your verification code is: {code}" // SMS body, containing the verification code
}

From the bash terminal you can run the command below:

curl -X POST \
  https://{your_organization}.restcomm.com/2fa/send \
--user  ' {your_account_SID}:{your_account_token}' \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Type: application/json' \
  -d '{
    "service" : "Restcomm",
    "from" : "+13216549878",
    "to" : "+13216549879",
    "body": "Your verification code is: {code}"
}

User enters the PIN to complete app activation

User receives the one-time PIN code via SMS, gets back to your application and enters it in order to complete the verification process. Verifying the code is simple and requires basic authorization that includes your account SID and auth token.

Verifying One-Time Passwords - API Reference

Base Resource URI

https://{your_organization}.restcomm.com

Verification Code Resource URI

\/2fa/verify

Supported Operations

HTTP Method: POST: Verify the code that was sent through SMS to the Phone Number

Request Parameters

Parameter Description

service

The name of your service

number

The Phone number where the SMS containing the verification code was sent to.

code

The verification code that was sent to the user through SMS.

Example:

{
    "service" : "Restcomm", // the name of your service
    "number" : "+XXXXXXXXXX",  // the phone number of the SMS recepient
    "code": "XXXXX" // the verification code
}

From the bash terminal you can run the command below:

curl -X POST \
  https://{your_company}.restcomm.com/2fa/verify \
  --user  ' {your_account_SID}:{your_account_token}' \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Type: application/json' \
  -d '{
    "service" : "Restcomm",
    "number" : "+13216549879",
    "code": "294228"
}

You can also test your service using Postman or any other alike client.