As part of Twilio's account security offerings, the Twilio Authy API makes it simple to add a second factor of authentication or passwordless logins to your web application. It supports OTP sent via voice and SMS, TOTP generated in the free Authy app or via the SDK, and push authentication via the free Authy app or SDK. To start working with the API, first create an application in the console and get the API Key.
All URLs in the reference documentation use the following base URL:
All requests to the Authy REST API are served over HTTPS. Unencrypted HTTP is not supported.
HTTP requests to the Authy REST API
/protected endpoints are protected with an API Secret you pass as an HTTP header
curl 'https://api.authy.com/protected/json/app/details' \ -H "X-Authy-API-Key: $AUTHY_API_KEY"
The API Key can be found in the Authy section of the Twilio Console after clicking through to your Authy application.
Want to jump straight to the API Reference? These pages are laid out in the rough order you'll need to follow in your authentication implementation.
Need help troubleshooting an error or understanding a response?
The Authy API currently supports JSON and XML formats. When making API calls, you will need to specify
We've built out a repository which includes cURL commands for various actions you can take through the API. We've also included Postman collection and environment examples as well.
We maintain helper libraries to abstract these API calls for all of our standard web languages.
While the Authy app is the quickest path to enablement, you can build your own SDK-supported mobile authentication application.