Authy API

Two-factor authentication, passwordless login, and secured authorizations, built for developers.

  • Create a push authentication

    Use a push notification to a mobile device to start a secure, yet user-friendly authentication. Can also be used for protecting in application transactions, like money transfers.

    View Docs
    • Curl
    • Node
    • .NET (C#)
    # $AUTHY_API_KEY is the Authy API Key
# $AUTHY_API_FORMAT is either “xml” or “json”
# $AUTHY_ID example:  123456
# $COUNTRY_CODE example: 1
# $OT_MESSAGE is the OneTouch message
# $OT_DETAILS is a string of details
# $OT_TTL is the time (in seconds) for verification to occur

curl -X POST "https://api.authy.com/onetouch/$AUTHY_API_FORMAT/users/$AUTHY_ID/approval_requests” \
-H "X-Authy-API-Key: $AUTHY_API_KEY" \
-d message="$OT_MESSAGE" \
-d details="$OT_DETAILS" \
-d seconds_to_expire="$OT_TTL"
    // npm install authy
var authy = require('authy')('APIKEY');

authy.send_approval_request('1337', user_payload, [hidden_details], [logos], function (err, res) {
  // res = {"approval_request":{"uuid":"########-####-####-####-############"},"success":true}
});
    public static async Task CreateApprovalRequestAsync()
  {
    // Create client
    var client = new HttpClient();

    // Add authentication header
    client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey);

    var requestContent = new FormUrlEncodedContent(new[] {
      new KeyValuePair("message", "Requesting War Room Access"),
      new KeyValuePair("seconds_to_expire", "300"),
      new KeyValuePair("details[Location]", "California, USA"),
      new KeyValuePair("details[Room]", "VR Room 1"),
    });

    // https://api.authy.com/onetouch/$AUTHY_API_FORMAT/users/$AUTHY_ID/approval_requests
    HttpResponseMessage response = await client.PostAsync(
      "https://api.authy.com/onetouch/json/users/5661166/approval_requests",
      requestContent);

    // Get the response content.
    HttpContent responseContent = response.Content;

    // Get the stream of the content.
    using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
      {
        // Write the output.
        Console.WriteLine(await reader.ReadToEndAsync());
      }
    }
  • Check push authentication status

    Once you’ve requested a push authentication, you can either set a callback for the status change or poll the API with this example.

    View Docs
    • Curl
    • Node
    • .NET (C#)
    # $AUTHY_API_KEY is the Authy API Key
# $AUTHY_API_FORMAT is either “xml” or “json”
# $UUID is the string returned after creating a OneTouch request

curl "https://api.authy.com/onetouch/$AUTHY_API_FORMAT/approval_requests/$UUID" \
-H "X-Authy-API-Key: $AUTHY_API_KEY"
    // npm install authy
var authy = require('authy')('APIKEY');

authy.check_approval_status(uuid, function(err, res) {
	/*
	res = {
		"approval_request": {
			"_app_name": YOUR_APP_NAME,
			"_app_serial_id": APP_SERIAL_ID,
			"_authy_id": AUTHY_ID,
			"_id": INTERNAL_ID,
			"_user_email": EMAIL_ID,
			"app_id": APP_ID,
			"created_at": TIME_STAMP,
			"notified": false,
			"processed_at": null,
			"seconds_to_expire": 600,
			"status": 'pending',
			"updated_at": TIME_STAMP,
			"user_id": USER_ID,
			"uuid": UUID
		},
		"success": true
	}
	*/
});
    public static async Task VerifyPhoneAsync()
  {
    // Create client
    var client = new HttpClient();

    // Add authentication header
    client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey);

    // https://api.authy.com/protected/$AUTHY_API_FORMAT/phones/verification/check?phone_number=$USER_PHONE&country_code=$USER_COUNTRY&verification_code=$VERIFY_CODE
    HttpResponseMessage response = await client.GetAsync("https://api.authy.com/protected/json/phones/verification/check?phone_number=5558675309&country_code=1&verification_code=3043");

    // Get the response content.
    HttpContent responseContent = response.Content;

    // Get the stream of the content.
	  using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
      {
        // Write the output.
        Console.WriteLine(await reader.ReadToEndAsync());
      }
    }
  • Request an OTP via SMS

    The most globally available method of 2FA, usable by anyone with a mobile phone or landline, anywhere in the world.

    View Docs
    • Curl
    • Node
    • .NET (C#)
    # $AUTHY_API_KEY is the Authy API Key
# $AUTHY_API_FORMAT is either “xml” or “json”
# $AUTHY_ID example:  123456

curl "https://api.authy.com/protected/$AUTHY_API_FORMAT/sms/$AUTHY_ID?force=true" \
-H "X-Authy-API-Key: $AUTHY_API_KEY"
    // npm install authy
var authy = require('authy')('APIKEY');

authy.request_sms('1337', function (err, res) {
  //
});
    public static async Task RequestAuthySMSAsync()
  {
    // Create client
    var client = new HttpClient();

    // Add authentication header
    client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey);

    // https://api.authy.com/protected/$AUTHY_API_FORMAT/sms/$AUTHY_ID?force=true
    HttpResponseMessage response = await client.GetAsync(
      "https://api.authy.com/protected/json/sms/5661166?force=true");

    // Get the response content.
    HttpContent responseContent = response.Content;

    // Get the stream of the content.
    using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
      {
        // Write the output.
        Console.WriteLine(await reader.ReadToEndAsync());
      }
    }
  • Request an OTP via voice

    The most globally available method of 2FA, usable by anyone with a mobile phone or landline, anywhere in the world.

    View Docs
    • Curl
    • Node
    • .NET (C#)
    # $AUTHY_API_KEY is the Authy API Key
# $AUTHY_API_FORMAT is either “xml” or “json”
# $AUTHY_ID example:  123456

curl -i "https://api.authy.com/protected/$AUTHY_API_FORMAT/call/$AUTHY_ID?force=true" \
-H "X-Authy-API-Key: $AUTHY_API_KEY"

    // npm install authy
var authy = require('authy')('APIKEY');

authy.request_call('1337', function (err, res) {
  //
});
    public static async Task RequestAuthyVoiceAsync()
  {
    // Create client
    var client = new HttpClient();

    // Add authentication header
    client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey);

    // https://api.authy.com/protected/$AUTHY_API_FORMAT/call/$AUTHY_ID?force=true
    HttpResponseMessage response = await client.GetAsync(
      "https://api.authy.com/protected/json/call/5661166?force=true");

    // Get the response content.
    HttpContent responseContent = response.Content;

    // Get the stream of the content.
    using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
      {
        // Write the output.
        Console.WriteLine(await reader.ReadToEndAsync());
      }
    }
  • Verify an OTP

    The most globally available method of 2FA, usable by anyone with a mobile phone or landline, anywhere in the world.

    View Docs
    • Curl
    • Node
    • .NET (C#)
    # $AUTHY_API_KEY is the Authy API Key
# $AUTHY_API_FORMAT is either “xml” or “json”
# $AUTHY_ID example:  123456
# $ONECODE is the requested token

curl -i "https://api.authy.com/protected/$AUTHY_API_FORMAT/verify/$ONECODE/$AUTHY_ID" \
-H "X-Authy-API-Key: $AUTHY_API_KEY"
    // npm install authy
var authy = require('authy')('APIKEY');

authy.verify('1337', '0000000', function (err, res) {
  //
});
    public static async Task VerifyTokenAsync()
  {
    // Create client
    var client = new HttpClient();

    // Add authentication header
    client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey);

    // https://api.authy.com/protected/$AUTHY_API_FORMAT/verify/$ONECODE/$AUTHY_ID
    HttpResponseMessage response = await client.GetAsync(
      "https://api.authy.com/protected/json/verify/3812001/5661166");

    // Get the response content.
    HttpContent responseContent = response.Content;

    // Get the stream of the content.
    using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
      {
        // Write the output.
        Console.WriteLine(await reader.ReadToEndAsync());
      }
    }
  • Verify a smartphone-generated TOTP

    Complete a 2FA step without requiring your user to have an internet or cell connected device. Simply verify the token generated by the Authy app, regardless of whether or not your device is connected.

    View Docs
    • Curl
    • Node
    • .NET (C#)
    # $AUTHY_API_KEY is the Authy API Key
# $AUTHY_API_FORMAT is either “xml” or “json”
# $AUTHY_ID example:  123456
# $ONECODE is the requested token


curl -i "https://api.authy.com/protected/$AUTHY_API_FORMAT/verify/$ONECODE/$AUTHY_ID" \
-H "X-Authy-API-Key: $AUTHY_API_KEY"
    // npm install authy
var authy = require('authy')('APIKEY');

authy.verify('1337', '0000000', function (err, res) {
 //
});
    public static async Task VerifyTokenAsync()
  {
    // Create client
    var client = new HttpClient();

    // Add authentication header
    client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey);

    // https://api.authy.com/protected/$AUTHY_API_FORMAT/verify/$ONECODE/$AUTHY_ID
    HttpResponseMessage response = await client.GetAsync(
      "https://api.authy.com/protected/json/verify/3812001/5661166");

    // Get the response content.
    HttpContent responseContent = response.Content;

    // Get the stream of the content.
    using (var reader = new StreamReader(await responseContent.ReadAsStreamAsync()))
      {
        // Write the output.
        Console.WriteLine(await reader.ReadToEndAsync());
      }
    }
The Twilio advantage

  • Communicate reliably

    Experience a 99.95% uptime SLA made possible with automated failover and zero maintenance windows.

  • Operate at scale

    Extend the same app you write once to new markets with configurable features for localization and compliance.

  • Many channels

    Use the same platform you know for voice, SMS, video, chat, two-factor authentication, and more.

  • No shenanigans

    Get to market faster with pay-as-you-go pricing, free support, and the freedom to scale up or down without contracts.

Sign up and start building
We can’t wait to see what you build.
Twilio Authentication
API and Docs
On the Blog