Two-factor authorization
Two-factor authentication (also known as two-step authentication) combines something the user knows (password) with something the user possesses (mobile device) to dramatically strengthen online security. After the user enters their password, a one-time passcode (OTP) that is sent to their mobile device should be entered before they can access their account.
Two-factor authentication solutions leverage real-time communications channels to send passcodes to mobile devices, making the user experience as smooth as possible. They use internet and telephony channels and many implementations offer users their choice of channels for convenience.
With Voximplant, you get:
SMS delivery in 78 countries and character sets for almost any language and voice delivery in practically any country
High delivery rates to rapidly reach users on voice and SMS channels
Voice synthesis available in 40 languages using leading TTS platforms
Over 250 speech synthesis voice types to differentiate your brand
Serverless architecture scales effortlessly
There are two ways of sending a 2FA security code to your customer: a call and an SMS message. Let us learn how to do both.
Delivering passcodes via calls
To make a call and speak the code to your customer, you need to do the following:
- Create an application.
- Purchase a phone number to use as a caller ID for the outgoing call.
- Create a scenario.
In the scenario, we need to do the following:
Accept the phone number and the security code for the customer via the custom data feature.
Make a call to the customer via the callPSTN method.
Synthesize speech via the createTTSPlayer and dictate the security code to the customer.
We need to launch the call remotely from our backend, providing the phone number to call and the security code to read. We can do it via the Management API method called StartScenarios, providing data to the scenario in JSON format:
{
"phone": "79521578686",
"code": "1234"
}
The full scenario looks like this:
- Create a routing rule for the scenario.
Our application is ready. Launch the scenario via Management API:
Delivering passcodes via SMS
Alternatively to a call, you can send an SMS message with the security code for the two-factor authorization. To do it, you need to:
- Purchase a phone number that supports sending SMS.
- Enable SMS functionality as it is explained in the guide.
After that, you can send an SMS with the verification code via Management API methods. There are two ways of sending SMS from the platform: one-way SMS and two-way SMS.
We recommend using the one-way SMS method for all the notifications. To send a one-way SMS, you need to:
Register a sender ID. Please contact support to receive a sender ID.
Use the A2PSendSms method to send message from your backend:
Alternatively, you can send a two-way SMS with the verification code. You can find the instructions in the Sending SMS article.