Two-Factor Authentication APIIntegrating iSMS 2FA Two-Factor Authentication into your web applications or services, will provide additional security to users while they use your applications. Mobile Number VerificationFor 2FA Two-Factor Authentication, the iSMS system will require the user to insert their mobile number, followed by a One-Time Pin code number. When the user is prompt, keying in the OTP code will verify the user is real with a valid mobile number. Types of FormsLogin Forms, Account Settings UpdateA typical form requires user to insert info such as name, email, mobile number, etc. Because of this, many tend to use the browser's autofill feature to fill in the forms quickly. Such informations are easily hijacked by malicious users. To verify the person submitting the form is the owner himself, an OTP will be sent to the user's mobile phone. This is extremely useful when users need to update their profile info safely. Login FormDuring the login process, after successfully entering username and password, application sends out PIN to the phone number the customer supplied during the 2FA activation process. If PIN is retyped back into the app, this confirms with some level of certainty that the real account owner is trying to log in, since they know the password and have the phone present at that moment. Account Settings UpdateMany users choose to remember passwords via browsers or other password manager tools. Remember me options are very often used on personal computers and if such computer ends up in the wrong hands, nothing prevents them from entering the account. This is why crucial settings like email for password recovery are protected with 2FA. If a malicious user tries to hijack the account by replacing the original email, 2FA PIN will be sent out, and unless the phone was stolen with the computer as well, email update will fail. Transaction ConfirmationTwo-Factor Authentication over APITwo-factor authentication (2FA) is an extra layer of security that requires users to use both their online password and mobile phone to verify their identity to access a service or web app. In addition to using their service credentials to access sensitive data, the user also receives a one-time PIN number on their token or via SMS or Voice. The one-time PIN (OTP) number is generated and sent to the user’s mobile phone. The user receives the OTP and types it into the application to confirm their identity. If the PIN number that was sent out to the user matches the one that is received, the user is allowed to continue with the process. 2FA API for HTTPs GET ResourceSample Requesthttps://www.isms.com.my/2FA/request.php
Step1: Send a 2FA request. Step2: Check the status code in the response and ensure that you sent the request to iSMS correctly. Step3: iSMS delivers your OTP to your user's handset. Step4: Your user enters this OTP into your application. Step5: Verify the OTP via iSMS API Implementation StepsiSMS API - Send/Request OTP
iSMS API - Verify OTP
iSMS API - Check Balance
|