authy-one-touch
Essentials
  • Simple user experience

    Users respond to a device push notification and are presented with a simple and easy to understand decision. Approve or deny a login or in-application event, such as a money transfer or account change. No awkward codes for the user to re-enter, just approve or deny requests with a single touch.

  • Increased security

    Unlike SMS, OneTouch requests are digitally signed and fully encrypted between our service and each trusted device. The simple UI allows the user to deny unauthorized logins and transactions in real time.

  • Fast to implement

    Delivered as a modern REST API, you can implement the Authy 2FA solution in a single sprint without worrying about availability, reliability or service security. We handle that for you. Just sign up and get started within minutes. Everything can be accessed immediately; we don’t hide our SDK or API behind a sales person.

  • End user support

    Users change phone numbers and lose devices. We’ve built an automated system, augmented with in-person security team reviews, to support your users so they can securely recover access to their accounts. Increase your security without increasing your support burden.

By choosing a modern technology experience like Authy, we’re communicating our security philosophy. We’re able to show our clients that Zesty.io is completely secure and innovative through the tools we’re using.

Technology
  • Out-of-band

    OneTouch requests are delivered securely to trusted devices directly from our cloud API, out-of-band from your application. Responses from users are securely sent via signed callbacks direct to your application from our service.

  • End-to-end encryption

    Unlike using SMS for 2FA, OneTouch uses an RSA key pair, an encrypted channel to the devices, and digital signatures to provide a highly secure solution that is less vulnerable to phishing and other authentication attacks.

  • Real-time denials

    OneTouch prompts the user to verify an action; a 2FA login, money transfer or purchase. The user can deny unauthorized requests in real-time. As soon as they respond to their device, we send your application a web callback with a wealth of information you can leverage as part of your overall fraud detection and product security efforts.

  • Non-repudiation

    To ensure you can trust and prove a response came from a specific user, responses from each device are signed by a per-device private key. Webhooks from our service are also signed to ensure you can trust that the source of the callback is Authy and not an imposter.

Experience
  • Real-time response

    2FA has a history of being difficult to use. OneTouch provides a very simple Approve/Deny experience directly to users. As soon as the user responds on their trusted device, the login or transaction responds immediately in your application. No extra steps for the user, no codes to enter. You can even replace the use of passwords for every day logins.

  • Branding

    OneTouch messages are fully branded. You can add your company logos, create your own login or authorization message, and pass in any details you wish to reassure the user they are responding to your trusted application’s request.

  • Informative

    Unlike using SMS for 2FA, OneTouch presents any information you want to the end user. You can communicate details about the request they have to approve/deny, the location the login request is coming from, or what account they are trying to access and from which device.

  • Embeddable SDK

    Embed OneTouch functionality directly into your existing mobile applications for total control over your branding and the user experience. We provide SDKs for both Android and iOS development.

Scale
  • Millions and billions

    Authy 2FA services applications with millions of users, for customers such as Twitch, Coinbase and SendGrid. We handle billions of API calls with a solution designed to scale as you do.

  • Documentation

    We have all the information you need to start building. Get unstuck quickly with tutorials, sample code, and extensive API documentation. Plus, we provide example cURL commands and POSTMAN samples to accelerate your engineering efforts.

  • Helper libraries

    Program in the language you already use with libraries available from Twilio and its community.

  • Access roles

    Manage user permissions with unique access roles for admins, developers, support and billing.

The Twilio advantage
  • Communicate reliably

    Experience a 99.95% uptime SLA made possible with automated failover and zero-maintenance windows.

  • Operate at scale

    Extend the same app you write once to new markets with configurable features for localization and compliance.

  • Many channels

    Use the same platform you know for voice, messaging, video, chat, two-factor authentication, and more.

  • No shenanigans

    Get to market faster with pay-as-you-go pricing, free support, and the freedom to scale up or down without contracts.