Mobile Verification API

8x8 Mobile Verification API is the only reliable, global two-factor authentication (2FA) solution with 24/7 support for everyone. Send your one-time passcodes through an SMS text or a voice call.

Sign up for free
View the documentation

An Overview of Two-Factor Authentication (2FA)

Have you ever had a bank send you a text message with a one time passcode to confirm your login credentials? That's an example of two factor authentication (2FA) in action.

2FA is a way to increase security by adding a second authentication method. This makes it harder for someone to hack into user accounts. In practice, the way it typically works is that a user will first log in through entering their username and password. After that has been correctly inputted, the user will be prompted to enter their phone number to receive a text message with a code or have their phone called and hear a voice message that verbally shares a code. The user is prompted to enter the code they just received. If their entry matches what was sent to them, then the user is authenticated and logged in to the home screen of the product.

Increasing security protects companies’ data better, and that is beneficial to the company and the end user. Less user account hacks due to weak passwords means that companies have to spend less company support resources speaking with hacked customers and less security resources to investigate the problems. And of course, for end users, it brings more peace of mind knowing that they will avoid the hassle of seeing what was compromised, resetting passwords, and figuring out how to create normalcy again. By implementing 2FA, the chances of a user account getting hacked is reduced dramatically.

Benefits

  • Fast time to implement, with just a few lines of code
  • Get support anytime - it’s available to everyone 24/7
  • Reach customers anywhere with a reliable, fast global network that was built in Asia, so it can handle complex networks
  • Prevent spammers and fraudulent transactions through 2FA

Benefits

  • Fast time to implement, with just a few lines of code
  • Get support anytime - it’s available to everyone 24/7
  • Reach customers anywhere with a reliable, fast global network that was built in Asia, so it can handle complex networks
  • Prevent spammers and fraudulent transactions through 2FA

Examples of companies using it

Monex, a leading futures broker in Indonesia, not only uses SMS for its two-factor authentication but also uses it to keep customers abreast of the latest market trends and news.

Traveloka is a leading hotel and flight booking platform in Southeast Asia. 8x8’s messaging solutions support their one-time passcodes, promotions, and SMS notification efforts.

Tokopedia, a leading marketplace in Indonesia, uses SMS for mobile verification, as well as notifying customers of its deliveries and upcoming promotions.

8x8’s messaging solution helps Paidy, a Japan-based fintech company, to enable two-factor authentication and notify their users within seconds.

Monex, a leading futures broker in Indonesia, not only uses SMS for its two-factor authentication but also uses it to keep customers abreast of the latest market trends and news.

Traveloka is a leading hotel and flight booking platform in Southeast Asia. 8x8’s messaging solutions support their one-time passcodes, promotions, and SMS notification efforts.

Tokopedia, a leading marketplace in Indonesia, uses SMS for mobile verification, as well as notifying customers of its deliveries and upcoming promotions.

8x8’s messaging solution helps Paidy, a Japan-based fintech company, to enable two-factor authentication and notify their users within seconds.

Monex, a leading futures broker in Indonesia, not only uses SMS for its two-factor authentication but also uses it to keep customers abreast of the latest market trends and news.

Traveloka is a leading hotel and flight booking platform in Southeast Asia. 8x8’s messaging solutions support their one-time passcodes, promotions, and SMS notification efforts.

Tokopedia, a leading marketplace in Indonesia, uses SMS for mobile verification, as well as notifying customers of its deliveries and upcoming promotions.

8x8’s messaging solution helps Paidy, a Japan-based fintech company, to enable two-factor authentication and notify their users within seconds.

Features

Core Features
Send one-time passcodes (OTP) via SMS or voiceSend an SMS or voice OTP with a 3-10 character code for verification
Sender/Caller IDCustomise the sender ID or caller ID that appear on users' devices.
Verified SenderGet your brand's own verified account to improve the credibility of your messaging account after activating Google Verified SMS
Intelligent RoutingThe system will automatically select the best available routes including automated fallbacks to other alternatives to ensure quality of service, deliverability and latency
Auto AdaptationMessages, phone number formats and Sender IDs are automatically adapted to ensure successful delivery. For Chat Apps, rich media is adapted accordingly
Programmatic History RetrievalRetrieve your API history programmatically to import your data and create your own reports
Customisable Fields in API Specify custom fields such as contact name or order number in your messages via our API or Campaign Manager
Number LookupClean your database and step up on anti-fraud measures by checking the validity of phone numbers and their current locations
No Download RequiredCommunicate with customers without needing them to download any additional apps
Content Localization CompatibilityThe voice can be used in 45 local languages, SMS can use special encodings to send messages containing local characters (e.g. Thai characters, European accents, etc.)
Virtual Phone NumbersVirtual phone numbers allow communications to take place privately and securely, without revealing private information.
Reporting and Analytics
Messages SentObserve trends on total messages sent on the Customer Portal or through API callbacks
Message and Call StatusObtain message delivery/call status records of incoming or outgoing messages via Customer Portal or customized callback URLs
Read ReceiptsObtain read receipts for select channels throguh callback URLs or Customer Portal reports after activating Google Verified SMS
Individual Communication LogsEasily access communication logs through the Customer Portal or API callbacks
Destination CountriesAnalyse destination countries of messages through Customer Portal dashboard
Integrations
ZendeskAdd mobile verification messaging from within your Zendesk app
ZapierConnect your apps on Zapier and create custom 8x8 Zaps
WorkatoIntegrate mobile verification messaging with Workato's workflows
ShortcutsAdd mobile verification messaging on your Apple Shortcuts
Security and Compliance
Private NetworkPrivate network, with 3 levels of restricted subnets
Limited AccessStrict permission policies, access only over secured methods
EncryptionAll requests use HTTPS/TLS encryption (IPSec connection supported if needed)
Reliability99.993% uptime, with redundancy over multiple app-servers
MonitoringAutomated testing and alerting systems, with 24/7 monitoring by operations team
GDPR CompliancePlatform fully compliant with General Data Protection Regulation (GDPR) requirements when handling personal data of clients and end users
Support
24/7/365 SupportRound the clock support to solve any issues you may face
Local PresenceWorldwide presence to ensure local reliability

Mobile Verification API Parameters that can be Modified

You can send a simple request body that only contains the phone number you’re sending to. However, you can optionally add many more parameters to modify the standard message sent and its characteristics.

DestinationThe phone number you’re sending to. It can be with or without the international prefix for the country of the phone number
Channel Designates whether the mobile verification request should be sent via SMS text or via a voice call
CountryThe country code of the phone number you’re sending to if the destination is specified without an international prefix
TemplateDefines the message body template of the message if you choose to modify the standard template
BrandThe brand parameter can be inserted in the message body to show the company it’s coming from
Code lengthThe number of characters for the one-time passcode
Code validityThe time in seconds that the one-time passcode is valid for before it expires
Code typeThe type of characters used for the code. Options include numeric, numeric with dash, alphanumeric, all capital alphanumeric, and easy to read alphanumeric.
LanguageThe language of voice to read the text to the end user when a voice call is specified as the channel
SourceThe from address that is used when delivering an SMS text or the caller ID when delivering a voice call. It can be alphanumeric or numeric, depending on the country.
Voice ProfileDesignates the voice, gender, and accent to be used in the voice call
SpeedThe speed at which the speech in the voice call is spoken
RepetitionThe number of times to repeat the content in the voice call
Reset SessionIf another code is requested during the validity period, this determines if the same code or a new code will be sent
Resending IntervalA time interval in seconds that is defined to avoid sending multiple codes to the same number in the given time interval
EncodingThe character set encoding to be used when sending an SMS text. The API can analyze the text message body and automatically choose the correct encoding, or GSM7 or UCS2 can be manually selected.
API KeyThe specific API key from the portal that is to be used for the API request
Subaccount IDThe specific subaccount ID from the portal that is to be used for the API request

How to Enable Mobile Verification API

Sign up and get your API key and Subaccount ID

Two common ways to enable 2FA is to set it up using SMS or using voice. For this example, we’ll focus on SMS, because SMS is a very popular method for setting up two factor authentication. Using an SMS API, you can build all of the functionality yourself in your own code. Or you can use an API like the 8x8 Mobile Verification API to get up and running quicker. We’ll focus on this because it will save you a lot of development time.

  • Go to the 8x8 SMS API sign up page and create an account.
  • Verify your account from your email.
  • Then navigate in the portal to the API keys page to find your API key and Subaccount ID.

Sign up and get your API key and Subaccount ID

Two common ways to enable 2FA is to set it up using SMS or using voice. For this example, we’ll focus on SMS, because SMS is a very popular method for setting up two factor authentication. Using an SMS API, you can build all of the functionality yourself in your own code. Or you can use an API like the 8x8 Mobile Verification API to get up and running quicker. We’ll focus on this because it will save you a lot of development time.

  • Go to the 8x8 SMS API sign up page and create an account.
  • Verify your account from your email.
  • Then navigate in the portal to the API keys page to find your API key and Subaccount ID.

Edit the curl code template for sending the OTP code

To generate and send the one time passcode (OTP) in your 2FA flow, use this curl code as a template. 

curl -i -X "POST" https://api.wavecell.com/verify/v1/amazing_hq -H "Authorization: Bearer OiLc1xKaghw3sD*********WtLQn4WjvOww" -H "Content-Type: application/json" -d $'{ "destination": "98765432", "country": "SG", "productName": "Amazing Product" }'

Here’s what you need to customize in the above template for your specific implementation:

  • “Amazing_hq” - swap that out with your subaccount ID
  • “OiLc1xKaghw3sD*********WtLQn4WjvOww” - replace this with your API key
  • “98765432” - put in the phone number you want to send the 2FA message to
  • "SG" - enter the country code of the phone number you’re sending to
  • “Amazing Product” - replace this with the company name or product name you want showing up in the 2FA text message

Edit the curl code template for sending the OTP code

To generate and send the one time passcode (OTP) in your 2FA flow, use this curl code as a template. 

curl -i -X "POST" https://api.wavecell.com/verify/v1/amazing_hq -H "Authorization: Bearer OiLc1xKaghw3sD*********WtLQn4WjvOww" -H "Content-Type: application/json" -d $'{ "destination": "98765432", "country": "SG", "productName": "Amazing Product" }'

Here’s what you need to customize in the above template for your specific implementation:

  • “Amazing_hq” - swap that out with your subaccount ID
  • “OiLc1xKaghw3sD*********WtLQn4WjvOww” - replace this with your API key
  • “98765432” - put in the phone number you want to send the 2FA message to
  • "SG" - enter the country code of the phone number you’re sending to
  • “Amazing Product” - replace this with the company name or product name you want showing up in the 2FA text message

Edit the curl code template for verifying the user inputs the correct code

To verify the user inputs the correct code into your login process, use this curl code template.

curl -X GET 'https://api.wavecell.com/verify/v1/amazing_hq/c96a488d-5704-459e-9dee-3dd8138b3a52?code=7085' -H "Authorization: Bearer OiLc1xKaghw3sD*********WtLQn4WjvOww"

Customize the above code in these ways to make it work for your account:

  • “Amazing_hq” - swap that out with your subaccount ID
  • “C96a488d-5704-459e-9dee-3dd8138b3a52” - swap the uid, the unique identifier returned by the API call from the previous step
  • “7085” - replace this with the code value returned by the API call from the previous step
  • “OiLc1xKaghw3sD*********WtLQn4WjvOww” - replace this with your API key

Edit the curl code template for verifying the user inputs the correct code

To verify the user inputs the correct code into your login process, use this curl code template.

curl -X GET 'https://api.wavecell.com/verify/v1/amazing_hq/c96a488d-5704-459e-9dee-3dd8138b3a52?code=7085' -H "Authorization: Bearer OiLc1xKaghw3sD*********WtLQn4WjvOww"

Customize the above code in these ways to make it work for your account:

  • “Amazing_hq” - swap that out with your subaccount ID
  • “C96a488d-5704-459e-9dee-3dd8138b3a52” - swap the uid, the unique identifier returned by the API call from the previous step
  • “7085” - replace this with the code value returned by the API call from the previous step
  • “OiLc1xKaghw3sD*********WtLQn4WjvOww” - replace this with your API key

Check if the status returned is Verified

When you run the code from the last step, the JSON response will look like this: 

{
   "uid": "c96a488d-5704-459e-9dee-3dd8138b3a52",
   "resourceUri"
   "/verify/v1/amazing_hq/aa0fb28141bd4bedae848f9615b0221e",
   "msisdn": 6598765432,
   "status": "VERIFIED",
   "attempt": 0,
   "expiresAt": "2017-08-29T21:43:26.641256+00:00"
   "nextSmsAfter": "2017-08-29T21:38:36.641256+00:00"
}

If status is listed as VERIFIED, then the user has successfully received and inputted the correct OTP code. Now it’s safe to allow them to authenticate into your product and you’re all done! You’ve successfully enabled 2FA in your product.

Check if the status returned is Verified

When you run the code from the last step, the JSON response will look like this: 

{
   "uid": "c96a488d-5704-459e-9dee-3dd8138b3a52",
   "resourceUri"
   "/verify/v1/amazing_hq/aa0fb28141bd4bedae848f9615b0221e",
   "msisdn": 6598765432,
   "status": "VERIFIED",
   "attempt": 0,
   "expiresAt": "2017-08-29T21:43:26.641256+00:00"
   "nextSmsAfter": "2017-08-29T21:38:36.641256+00:00"
}

If status is listed as VERIFIED, then the user has successfully received and inputted the correct OTP code. Now it’s safe to allow them to authenticate into your product and you’re all done! You’ve successfully enabled 2FA in your product.

Pricing starts at $0.0019 and is dependent on the country that the message is sent to. Sign up now to get started.

Request A Quote

Get your fast, no-obligation quote now

1-866-879-8647

Discuss your needs with an 8x8 expert

Chat with Sales
Schedule a Meeting

Need product help?

Go to Support