Two-Factor Authentication API

Integrating iSMS 2FA Two-Factor Authentication into your web applications or services, will provide additional security to users while they use your applications.
A One-Time Pin code will be sent to user via SMS to verify their identity and resume the process.

mobile-number-verification

Mobile Number Verification

For 2FA Two-Factor Authentication, the iSMS system will require the user to insert their mobile number, followed by a One-Time Pin code number. When the user is prompt, keying in the OTP code will verify the user is real with a valid mobile number.

Types of Forms

Login Forms, Account Settings Update

A typical form requires user to insert info such as name, email, mobile number, etc. Because of this, many tend to use the browser's autofill feature to fill in the forms quickly. Such informations are easily hijacked by malicious users. To verify the person submitting the form is the owner himself, an OTP will be sent to the user's mobile phone. This is extremely useful when users need to update their profile info safely.

Login Form

During the login process, after successfully entering username and password, application sends out PIN to the phone number the customer supplied during the 2FA activation process. If PIN is retyped back into the app, this confirms with some level of certainty that the real account owner is trying to log in, since they know the password and have the phone present at that moment.

Account Settings Update

Many users choose to remember passwords via browsers or other password manager tools. Remember me options are very often used on personal computers and if such computer ends up in the wrong hands, nothing prevents them from entering the account. This is why crucial settings like email for password recovery are protected with 2FA. If a malicious user tries to hijack the account by replacing the original email, 2FA PIN will be sent out, and unless the phone was stolen with the computer as well, email update will fail.



Transaction Confirmation


Two-Factor Authentication over API


Two-factor authentication (2FA) is an extra layer of security that requires users to use both their online password and mobile phone to verify their identity to access a service or web app. In addition to using their service credentials to access sensitive data, the user also receives a one-time PIN number on their token or via SMS or Voice.

The one-time PIN (OTP) number is generated and sent to the user’s mobile phone. The user receives the OTP and types it into the application to confirm their identity. If the PIN number that was sent out to the user matches the one that is received, the user is allowed to continue with the process.

2FA API for HTTPs GET Resource


Sample Request

https://www.isms.com.my/2FA/request.php

Step1: Send a 2FA request.

Step2: Check the status code in the response and ensure that you sent the request to iSMS correctly.

Step3: iSMS delivers your OTP to your user's handset.

Step4: Your user enters this OTP into your application.

Step5: Verify the OTP via iSMS API


Implementation Steps

iSMS API - Send/Request OTP

Property Name Type Description Sample
*un String Username of iSMS account
pass String Password of iSMS account
mobile String Destination addresses without
country code, all number must
not start from 0(example:
164502380).
164502380
country_code String Mobile Country Code,
example: 60
60
sendid String Represents sender ID and it can
be alphanumeric or numeric.
Alphanumeric sender ID length
should be between 3 and 11
characters (example:
CompanyName).Numeric
sender ID length should be
between 3 and 14 characters.
62033
type String Type of SMS

1 -ASCII (English, Bahasa
Melayu,etc)

2- Unicode(Chinese,
Japanese,etc)
1
message string Text of the message that will be
sent,

OTP parameter =%OTP%
NOTE:%OTP% will convert
to 6 digits OTP random Number
Your XXX OTP Code
is :%OTP%

Sample Request


https://www.isms.com.my/2FA/request.php?mobile=12345678&country_code=60&un=xxx&pass=xxx&type=1&sendid=MOBIWEB&message=your%20OTP%20CODE%20%OTP%

Server Response Detail: Success


{"status":"Success","code":"147623","uuid":"bd9a1ff0-4f2c-11eb-9b62-008cfaff44de","username":"mobiwebtest","sms_id":"1171081025","mobile":"+601711122334"}
Response Code Description
status Success
code OTP Code
mobile Destination Mobile
uuid Message ID
sms_id SMS Transaction ID

Server Response Detail: Fail


{"status":"Failed","message":"Incorrect OTP Code","uuid":"1a1e1b86-4f2d-11eb-9b62-008cfaff44de","sms_id":"1171081605","code":"408902","mobile":"+60175118885"}
Response Code Description
status Fail
message Error Message
uuid Message ID
sms_id SMS Transaction ID
mobile Destination Mobile
code OTP Code

iSMS API - Verify OTP

Property Name Type Description Sample
un String Username of iSMS account
pass String Password of iSMS account
mobile String Destination addresses without
country code, all number must
not start from 0 (example:
164502380).
164502380
country_code String Mobile Country Code,
example: 60
60
sendid String Represents sender ID and it can
be alphanumeric or numeric.
Alphanumeric sender ID length
should be between 3 and 11
characters(example:
CompanyName). Numeric
sender ID length should be
between 3 and 14 characters.
62033
Interval Integer OTP expiry time by minute
example: 3 = OTP expired in 3
minutes
3
method String Method of OTP Verification verify
code Integer OTP Code 123456

Sample Request


https://www.isms.com.my/2FA/request.php?interval=3&mobile=12345678&country_code=60&un=xxxx&pass=xxxx&sendid=MOBIWEB&method=verify&code=515296

Server Response Detail: Success


{"status":"Verified","code":"515296","mobile":"+60175118885"}

Response Code Description
status Verified OTP
code OTP Code
mobile Destination Mobile

Server Response Detail: Fail


{"status":"Failed","message":"Code expired","code":"515296","mobile":"+60175118885"}
Response Code Description
status Failed to verify
Code OTP Code
message Error Message
mobile Destination Mobile

iSMS API - Check Balance

Sample Request


https://www.isms.com.my/2FA/request.php?un=xxxxxx&pass=xxxxx&method=balance
Property Name Type Description Sample
un String Username of iSMS account
pass String Password of iSMS account
method String Set method = balance balance

Server Response Detail


{"method":"balance","balance":"81.0","expiration":"29 Apr 2021"}
Response Code Description
method Request method you use
balance iSMS account balance
expiration Account Expiry Date