For new development, we encourage you to use the Verify API instead of the Authy API. The Verify API is an evolution of the Authy API with continued support for SMS, voice, and email one-time passcodes, an improved developer experience and new features including:
- Access via the Twilio CLI
- Improved Visibility and Insights
- Push authentication SDK embeddable in your own application
The European Payment Services Directive (PSD2) regulation requires Strong Customer Authentication (SCA) for all transactions over €30 by 31 December 2020 (14 September 2021 for the UK). This page will show you how to implement a compliant solution for your application using the Authy API. For more detail on PSD2, SCA, and dynamic linking, check out this post.
The Authy API supports 3 channels for PSD2 compliant authorization.
action_message parameter to tie the verification to a specific transaction. The same values are required to verify the token.
Display transaction details in the Authy App. Each authorization is signed by the end user's device and linked to that specific transaction.
Offline support with transactional TOTP codes in the Authy app. Transaction details are mixed with the application secret to create a unique code tied to the transaction.