Skip to main content

Documentation Index

Fetch the complete documentation index at: https://plivo.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Two-factor authentication (2FA) can play a key role in securing your applications against password data breaches. Authentication with a one-time password (OTP) delivered to your users over SMS is an effective approach to implementing two-factor authentication. Plivo’s premium direct routes guarantee the highest possible delivery rates and the shortest possible delivery times for your 2FA SMS messages. This guide shows how to set up SMS-based two-factor authentication using either or traditional API development. PHLO lets you create and deploy workflows from an intuitive graphical canvas in few clicks.
Here’s how to implement 2FA using Plivo APIs.

Prerequisites

To get started, you need a Plivo account — sign up with your work email address if you don’t have one already. If this is your first time using Plivo APIs, follow our instructions to set up a Ruby development environment.

Set up the demo application locally

  • Clone the repository from GitHub.
$ git clone https://github.com/plivo/2fa-ruby-demo.git
  • Change your working directory to 2fa-ruby-demo.
$ cd 2fa-ruby-demo
  • Install the dependencies using the Gemfile.
$ bundle install
  • Edit config.yaml. Replace the auth placeholders with your authentication credentials from the Plivo console. Replace the phone number placeholder with an actual phone number in E.164 format (for example, +12025551234). Replace the PHLO ID with null.
Configuration file

A review of the code

Let‘s walk through what the code does.

Step 1: Generate the OTP

Use the Time-Based OTP algorithm to generate a random six-digit one-time password (OTP).
code = rand(999_999)

Step 2: Send an SMS message with the OTP

Send an SMS message with the OTP to the user’s registered mobile number using Plivo’s Send Message API.
def send_verification_code_sms(dst_number, message)
    code = rand(999_999)
    @client.messages.create(
      src: @app_number,
      dst: [dst_number],
      text: message.gsub('__code__', code.to_s)
    )
    code
  rescue PlivoRESTError => e
    puts 'Exception: ' + e.message
  end

Failover: Make a phone call with the OTP

If the SMS message doesn’t reach the mobile device, the user can request a voice OTP.
def send_verification_code_call(dst_number)
    code = rand(999_999)
    @client.calls.create(
      @app_number,
      [dst_number],
      "https://twofa-answerurl.herokuapp.com/answer_url/#{code}"
    )
    code
  rescue PlivoRESTError => e
    puts 'Exception: ' + e.message
  end

Step 3: Verify the OTP

Verify the OTP the user entered on their handset.
get '/checkcode/:number/:code' do
  ##
  # Validates the code entered by the user.
  #
  number = params['number']
  code = params['code']
  original_code = r.get('number:%s:code' % number)
  content_type :json
  if original_code == code
    r.del('number:%s:code' % number)  # verification successful, delete the code
    return { status: 'success', message: 'codes match, number verified' }.to_json
  elsif original_code != code
    return { status: 'failure', message: 'codes do not match, number not verified' }.to_json
  else
    return { status: 'rejected', message: 'number not found' }.to_json
end

Test

To test the application, start the Redis server.
$ redis-server
Save your code and run it.
$ ruby app.rb
Set up ngrok to expose your local server to the internet.You should be able to see the application in action at https://<ngrok_identifier>.ngrok.io/.The finished application should look like this.