Push notification-based authentication delivered as an API for 2FA, passwordless login, and in-application transactions on both web and mobile.
Simple user experience
Users respond to a device push notification and are presented with a simple and easy to understand decision. Approve or deny a login or in-application event, such as a money transfer or account change. No awkward codes for the user to re-enter, just approve or deny requests with a single touch.
Unlike SMS, OneTouch requests are digitally signed and fully encrypted between our service and each trusted device. The simple UI allows the user to deny unauthorized logins and transactions in real time.
Fast to implement
Delivered as a modern REST API, you can implement the Authy 2FA solution in a single sprint without worrying about availability, reliability or service security. We handle that for you. Just sign up and get started within minutes. Everything can be accessed immediately; we don’t hide our SDK or API behind a sales person.
End user support
Users change phone numbers and lose devices. We’ve built an automated system, augmented with in-person security team reviews, to support your users so they can securely recover access to their accounts. Increase your security without increasing your support burden.
By choosing a modern technology experience like Authy, we’re communicating our security philosophy. We’re able to show our clients that Zesty.io is completely secure and innovative through the tools we’re using.
OneTouch requests are delivered securely to trusted devices directly from our cloud API, out-of-band from your application. Responses from users are securely sent via signed callbacks direct to your application from our service.
Unlike using SMS for 2FA, OneTouch uses an RSA key pair, an encrypted channel to the devices, and digital signatures to provide a highly secure solution that is less vulnerable to phishing and other authentication attacks.
OneTouch prompts the user to verify an action; a 2FA login, money transfer or purchase. The user can deny unauthorized requests in real-time. As soon as they respond to their device, we send your application a web callback with a wealth of information you can leverage as part of your overall fraud detection and product security efforts.
To ensure you can trust and prove a response came from a specific user, responses from each device are signed by a per-device private key. Webhooks from our service are also signed to ensure you can trust that the source of the callback is Authy and not an imposter.
2FA has a history of being difficult to use. OneTouch provides a very simple Approve/Deny experience directly to users. As soon as the user responds on their trusted device, the login or transaction responds immediately in your application. No extra steps for the user, no codes to enter. You can even replace the use of passwords for every day logins.
OneTouch messages are fully branded. You can add your company logos, create your own login or authorization message, and pass in any details you wish to reassure the user they are responding to your trusted application’s request.
Unlike using SMS for 2FA, OneTouch presents any information you want to the end user. You can communicate details about the request they have to approve/deny, the location the login request is coming from, or what account they are trying to access and from which device.
Embed OneTouch functionality directly into your existing mobile applications for total control over your branding and the user experience. We provide SDKs for both Android and iOS development.
Millions and billions
Authy 2FA services applications with millions of users, for customers such as Twitch, Coinbase and SendGrid. We handle billions of API calls with a solution designed to scale as you do.
We have all the information you need to start building. Get unstuck quickly with tutorials, sample code, and extensive API documentation. Plus, we provide example cURL commands and POSTMAN samples to accelerate your engineering efforts.
Program in the language you already use with libraries available from Twilio and its community.
Manage user permissions with unique access roles for admins, developers, support and billing.
Experience a 99.95% uptime SLA made possible with automated failover and zero-maintenance windows.
Operate at scale
Extend the same app you write once to new markets with configurable features for localization and compliance.
Use the same platform you know for voice, messaging, video, chat, two-factor authentication, and more.
Get to market faster with pay-as-you-go pricing, free support, and the freedom to scale up or down without contracts.