Authy is a cloud authentication service exposed via an API. It is commonly used for the addition of two-factor authentication (2FA) to existing username and password logins. However it can also be used to replace the password for primary logins, as well as providing a robust and secure mechanism for the approval of high value transactions.

There are several features you can leverage to better authenticate users or authorization transactions in your application. 

  • Send a One Time Password via SMS
  • Send a One Time Password via a voice call
  • Generate a Time based One Time Password using the Authy app (iOS/Android/Chrome)
  • Use a push notification with an approve/deny response to the Authy app or an SDK embedded in your app
  • Validate a user has access to a phone number by validating a code sent via an SMS
  • Validate a user has access to a phone number by validating a code sent via a voice call 

Authy API

The Authy API is used inside applications to provide 3 different security use cases.

  • Second factor of authentication (2FA) after another form of authentication (typically username & password). For example, using our free Authy application to generate a Time based One Time Password (TOTP).
  • Primary authentication where common logins are secured with Authy using a device registered with username and password. For example, you no longer need the password, just the username at login and instead respond to a push notification request.
  • Step up authentication or authorization of in application, high value transactions. For example sending a push notification request to a user's device, generating an approval for a financial transaction in a banking application.

The API is split into two main features:

  • Time based One Time Password (TOTP) - OneCode & SoftToken
  • Push notification based authentication - OneTouch

API Endpoints

The Authy API consists of four families of endpoints:

    Create and verify two-factor authentication via SMS, voice calls or codes from the Authy app.
  • Authy OneTouch API
    Create and verify approval requests that will show up on the Authy or custom mobile apps.
  • Phone Verification API
    Verify a user's landline or cell phone by sending them a verification code.
  • Phone Intelligence API
    Get information about a phone number, to tell if the number is voip, landline or cell phone, as well as carrier information.

Authy Helper Libraries

Authy, with the community, maintains a set of libraries which simplify the interaction with the API in specific languages.

Authy mobile apps

Software based two-factor authentication or primary authentication with Authy relies on using a free mobile or browser based application. We currently support the following platforms. 

TwilioAuth SDK

The TwilioAuth SDK allows you to embed authentication functionalities directly in your own application. This means your users do not have to download the separate Authy app. Currently the SDK supports our push based authentication solution, OneTouch. To build and brand an Authy powered authentication or authorization into your own app, read the documentation on using the TwilioAuth SDK 

Twilio Verification SDK for Android

The Twilio Verification SDK for Android will give you access to the Twilio Verification services directly in your own application. By doing this, it will simplify the process of validating a phone number within an application running on Android. Read the documentation on using the Twilio Verification SDK for Android

Account Security Quickstarts

These sample applications get you running with various account security features in no time flat. Get started with Two-Factor Authentication, Phone Verification, and Lookup with these fun walkthroughs.

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.