- Node
- Ruby
- Python
- PHP
- .NET
Overview
This guide shows how to set up SMS-based two-factor authentication (2FA) using Plivo’s APIs and Node.js. Authentication with a one-time password (OTP) delivered to users via SMS is an effective way to secure your application.Set up the demo application
First, clone the 2FA demo repository from GitHub and install the dependencies.git clone [https://github.com/plivo/2fa-node-demo.git](https://github.com/plivo/2fa-node-demo.git)
cd 2fa-node-demo
npm install
config.js. Replace the auth placeholders with your credentials from the Plivo console. Add your Plivo phone number and set the phlo_id to null.A review of the code
Here’s a walk-through of the key functions in the demo application.Step 1: Generate the OTP
This function generates a random six-digit one-time password.const code = Math.floor(100000 + Math.random() * 900000);
Step 2: Send an SMS with the OTP
This function sends an SMS message containing the OTP to the user’s number using Plivo’s Send Message API.sendVerificationCode_sms(DstNumber, Message) {
const code = Math.floor(100000 + Math.random() * 900000);
this.client.messages.create({
src: this.app_number,
dst: DstNumber,
text: Message.replace('__code__', code),
});
return code;
}
Failover: Make a voice call with the OTP
If the user doesn’t receive the SMS, they can request the OTP via a voice call using Plivo’s Make a Call API.sendVerificationCode_call(DstNumber) {
const code = Math.floor(100000 + Math.random() * 900000);
this.client.calls.create(
this.app_number, // from
DstNumber, // to
'[https://twofa-answerurl.herokuapp.com/answer_url/](https://twofa-answerurl.herokuapp.com/answer_url/)' + code // answer_url
);
return code;
}
Step 3: Verify the OTP
This function checks if the OTP entered by the user matches the one stored in Redis.router.get('/checkcode/:number/:code', function(req, res) {
const number = (req.params.number);
const code = (req.params.code);
redisClient.get(`number:${number}:code`, function(err, originalCode) {
if (originalCode == code) {
redisClient.del(`number:${number}:code`);
res.send(JSON.stringify({
'status': 'success',
'message': 'Codes match, number verified'
}));
} else {
res.send(JSON.stringify({
'status': 'failure',
'message': 'Codes do not match'
}));
}
});
});
Test
First, start the Redis server.redis-server
node app.js
Overview
This guide shows how to set up SMS-based two-factor authentication (2FA) using Plivo’s APIs and Ruby. Authentication with a one-time password (OTP) delivered to users via SMS is an effective way to secure your application.Set up the demo application
First, clone the 2FA demo repository from GitHub and install the dependencies.git clone [https://github.com/plivo/2fa-ruby-demo.git](https://github.com/plivo/2fa-ruby-demo.git)
cd 2fa-ruby-demo
bundle install
config.yaml. Replace the auth placeholders with your credentials from the Plivo console. Add your Plivo phone number and set the phlo_id to null.A review of the code
Here’s a walk-through of the key functions in the demo application.Step 1: Generate the OTP
This function generates a random six-digit one-time password.code = rand(100000..999999)
Step 2: Send an SMS with the OTP
This function sends an SMS message containing the OTP to the user’s number using Plivo’s Send Message API.def send_verification_code_sms(dst_number, message)
code = rand(100000..999999)
@client.messages.create(
src: @app_number,
dst: [dst_number],
text: message.gsub('__code__', code.to_s)
)
code
rescue PlivoRESTError => e
puts 'Exception: ' + e.message
end
Failover: Make a voice call with the OTP
If the user doesn’t receive the SMS, they can request the OTP via a voice call using Plivo’s Make a Call API.def send_verification_code_call(dst_number)
code = rand(100000..999999)
@client.calls.create(
@app_number,
[dst_number],
"[https://twofa-answerurl.herokuapp.com/answer_url/#](https://twofa-answerurl.herokuapp.com/answer_url/#){code}"
)
code
rescue PlivoRESTError => e
puts 'Exception: ' + e.message
end
Step 3: Verify the OTP
This function checks if the OTP entered by the user matches the one stored in Redis.get '/checkcode/:number/:code' do
number = params['number']
code = params['code']
original_code = r.get("number:#{number}:code")
content_type :json
if original_code == code
r.del("number:#{number}:code")
return { status: 'success', message: 'Codes match, number verified' }.to_json
else
return { status: 'failure', message: 'Codes do not match' }.to_json
end
end
Test
First, start the Redis server.redis-server
ruby app.rb
Overview
This guide shows how to set up SMS-based two-factor authentication (2FA) using Plivo’s APIs and Python. Authentication with a one-time password (OTP) delivered to users via SMS is an effective way to secure your application.Set up the demo application
First, clone the 2FA demo repository from GitHub and install the dependencies.git clone [https://github.com/plivo/2fa-python-demo.git](https://github.com/plivo/2fa-python-demo.git)
cd 2fa-python-demo
pip install -r requirements.txt
settings.py. Replace the auth placeholders with your credentials from the Plivo console. Add your Plivo phone number and set the phlo_id to None.A review of the code
Here’s a walk-through of the key functions in the demo application.Step 1: Generate the OTP
This function generates a random six-digit one-time password.import random
code = random.randint(100000, 999999)
Step 2: Send an SMS with the OTP
This function sends an SMS message containing the OTP to the user’s number using Plivo’s Send Message API.def send_verification_code_sms(self, dst_number, message_text):
code = random.randint(100000, 999999)
try:
response = self.client.messages.create(
src=self.app_number,
dst=dst_number,
text=message_text.replace('__code__', str(code))
)
return code, response
except PlivoRestError as e:
print(e)
Failover: Make a voice call with the OTP
If the user doesn’t receive the SMS, they can request the OTP via a voice call using Plivo’s Make a Call API.def send_verification_code_voice(self, dst_number, code):
try:
response = self.client.calls.create(
from_=self.app_number,
to_=dst_number,
answer_url=f"[https://twofa-answerurl.herokuapp.com/answer_url/](https://twofa-answerurl.herokuapp.com/answer_url/){code}",
answer_method="GET",
)
return response
except PlivoRestError as e:
print(e)
Step 3: Verify the OTP
This function checks if the OTP entered by the user matches the one stored in Redis.@app.route("/checkcode/<number>/<code>")
def check_code(number, code):
original_code = current_app.redis.get(f"number:{number}:code")
if original_code == code:
current_app.redis.delete(f"number:{number}:code")
return jsonify({"status": "success", "message": "Codes match, number verified"}), 200
else:
return jsonify({"status": "failure", "message": "Codes do not match"}), 404
Test
First, start the Redis server.redis-server
flask run
Overview
This guide shows how to set up SMS-based two-factor authentication (2FA) using Plivo’s APIs and PHP. Authentication with a one-time password (OTP) delivered to users via SMS is an effective way to secure your application.Set up the demo application
First, clone the 2FA demo repository from GitHub and install the dependencies.git clone [https://github.com/plivo/2fa-php-demo.git](https://github.com/plivo/2fa-php-demo.git)
cd 2fa-php-demo
composer install
config.ini. Replace the auth placeholders with your credentials from the Plivo console. Add your Plivo phone number and set the phlo_id to null.A review of the code
Here’s a walk-through of the key functions in the demo application.Step 1: Generate the OTP
This function generates a random six-digit one-time password.$code = random_int(100000, 999999);
Step 2: Send an SMS with the OTP
This function sends an SMS message containing the OTP to the user’s number using Plivo’s Send Message API.function send_verification_code_sms($dst_number, $message) {
$code = random_int(100000, 999999);
try {
$this->client->messages->create([
"src" => $this->config['app_number'],
"dst" => [$dst_number],
"text" => str_replace("__code__", $code, $message)
]);
return $code;
} catch (PlivoRestException $ex) {
print_r($ex);
}
}
Failover: Make a voice call with the OTP
If the user doesn’t receive the SMS, they can request the OTP via a voice call using Plivo’s Make a Call API.function send_verification_code_call($dst_number) {
$code = random_int(100000, 999999);
try {
$this->client->calls->create(
$this->config['app_number'],
[$dst_number],
'[https://twofa-answerurl.herokuapp.com/answer_url/'.$code](https://twofa-answerurl.herokuapp.com/answer_url/'.$code),
'POST'
);
return $code;
} catch (PlivoRestException $ex) {
print_r($ex);
}
}
Step 3: Verify the OTP
This function checks if the OTP entered by the user matches the one stored in Redis.$number = $param[2];
$code = $param[3];
$original_code = $redis_client->get('number:' . $number . ':code');
if ($original_code == $code) {
$redis_client->del('number:' . $number . ':code');
// Logic for success
} else {
// Logic for failure
}
Test
First, start the Redis server.redis-server
php -S localhost:8000
Overview
This guide shows how to set up SMS-based two-factor authentication (2FA) using Plivo’s APIs and .NET. Authentication with a one-time password (OTP) delivered to users via SMS is an effective way to secure your application.Set up the demo application
First, clone the 2FA demo repository from GitHub and open the project in Visual Studio.git clone [https://github.com/plivo/2fa-dotnet-demo.git](https://github.com/plivo/2fa-dotnet-demo.git)
cd 2fa-dotnet-demo
appsettings.json. Replace the auth placeholders with your credentials from the Plivo console. Add your Plivo phone number and set the PhloId to null.A review of the code
Here’s a walk-through of the key functions in the demo application.Step 1: Generate the OTP
This function generates a random six-digit one-time password.Random r = new Random();
var code = r.Next(100000, 999999);
Step 2: Send an SMS with the OTP
This function sends an SMS message containing the OTP to the user’s number using Plivo’s Send Message API.public int SendVerificationCodeSms(String DstNumber, String Message)
{
Random r = new Random();
var code = r.Next(100000, 999999);
var response = Client.Message.Create(
src: AppNumber,
dst: new List<String> { DstNumber },
text: Message.Replace("__code__", code.ToString())
);
return code;
}
Failover: Make a voice call with the OTP
If the user doesn’t receive the SMS, they can request the OTP via a voice call using Plivo’s Make a Call API.public int SendVerificationCodeCall(String DstNumber)
{
Random r = new Random();
var code = r.Next(100000, 999999);
var response = Client.Call.Create(
to: new List<String> { DstNumber },
from: AppNumber,
answerMethod: "POST",
answerUrl: "[https://twofa-answerurl.herokuapp.com/answer_url/](https://twofa-answerurl.herokuapp.com/answer_url/)" + code
);
return code;
}
Step 3: Verify the OTP
This function checks if the OTP entered by the user matches the one stored in Redis.public string Index(string number, string code)
{
ConnectionMultiplexer redis = ConnectionMultiplexer.Connect(_configuration.GetValue<string>("RedisHost"));
IDatabase conn = redis.GetDatabase();
string key = $"number:{number}:code";
var compare_code = (string)conn.StringGet(key);
Verification verification = new Verification();
if (compare_code == code)
{
conn.KeyDelete(key);
verification.status = "success";
verification.message = "Number verified";
}
else
{
verification.status = "failure";
verification.message = "Codes do not match";
}
return JsonConvert.SerializeObject(verification);
}
Test
First, start the Redis server.redis-server