2FA: Introduction and setup
Learn more about 2-Factor Authentication (2FA) and how to set it up.
2-Factor Authentication (2FA) is a cloud messaging security solution that confirms the identity of the user and protects the system from phishing or hacking attacks.
A one-time PIN (PIN code) is generated and sent to the user’s mobile phone. The user receives the PIN code and types it into the application to confirm the identity. If the PIN number that was sent out to the user matches the one that is received, the user is allowed to continue with the process.
This introduction will help you get started:
- Explaining the 2FA process and how it works
- Set up your first application and message template
- Send and verify PIN numbers
2FA process overview
- User enters the Phone number into the client’s application (mobile or web). The other option is that the client pulls the phone number from his user database.
- Application sends a request for the PIN code with the user’s phone number to Infobip
- Infobip generates the PIN and PIN ID, and sends the PIN ID back to the application
- Infobip sends Number lookup request to the MNO
- Infobip receives Number Lookup response from the MNO
- Infobip sends Number Lookup response to the Application
- If the Number Lookup result is valid, Infobip generates the PIN code and sends it via SMS
- MNO delivers the SMS with the PIN code
- Infobip receives the Delivery report for sent message
- User enters the received PIN code into the application
- Application sends the verification request with the PIN code and PIN ID
- Infobip verifies the received PIN and sends the response to the application
Steps 4 and 5 are important for clients that want to check whether the user entered a valid phone number before sending the verification SMS. We use Number Lookup to check the phone number validity. If the phone number is not valid (i.e. doesn’t exists) we don’t generate the PIN code or send an SMS. In this way we prevent unnecessary costs for our clients. These steps are optional to fit the customer needs.
Setup consists of two parts and requires only 2 API calls to complete the setup process - Application setup and Message template setup. Later, you will reuse message template(s) to send out PINs.
1. Application setup
Application represents your service. It’s a good practice to have separate applications for separate services. You may also have separate applications for the same service but different use cases. For example, 2FA for login may be represented as one application and 2FA for changing password as another. Separating use cases in different applications will allow you to choose different options and behavior for each use case (like PIN attempts or PIN limits). Start building your 2FA service by creating the application.
2. Message template setup
Message template is the message body with the PIN placeholder that will be sent to end users. You may create many message templates per single application and therefore use the same application for different use cases or different languages. When you create your message template, you will be provided with the message template ID, which you will be using later when sending PINs. By referencing a message template ID, our system will generate a PIN, place the PIN in the message template and finally send the message with the PIN to the end user. See message template documentation for details.
Send and verify PINs
Once the Application and Message template are created, you are ready to send out PIN messages. The process also consists of two steps - Send PIN and Verify PIN.
1. Send PIN
PINs are generated by our system and sent out using message templates. You can have one or more message templates in each application and you can reuse each template to send out PINs as many times as you like.
2. Verify PIN
Sending out the PIN is just the first step. Once the end user received the PIN to confirm his identity, you will need to verify if the PIN is correct and valid.
See Send and Verify PIN documentation for details.
Verify PIN Authorization
Sending and Verifying a PIN requires the API key authorization method. API key for 2FA documentation describes how to create one.