SMS OTP (2factor)
OTP Authentication Solution
The one-time authentication system gives security to its clients, only the user or email must be placed you use to log in to your portal and the rest will be a unique use key generated by our system.
The first request that is made is to request the unique code and the sending of the SMS with said code.
https://my.unityvox.com/api/get-api/v1/OTP-api?accountnumber={account-number}&apikey={apikey}&ref_id={ref_id}&phone_number=1305xxxxxxxx
This request generates a 6-digit random code which can be validated 1 time only and lasts for 10 minutes. If the code expires or is validated, a new one must be requested by executing the same request.
<form action="https://my.unityvox.com/api/get-api/v1/OTP-api" method="POST" name="request_otp">
<input name="accountnumber" type="hidden" value="{account-number}" />
<input name="apikey" type="hidden" value="{apikey}" />
<input name="ref_id" type="hidden" size="35" value={ref_id}"/>
<input name="phone_number" type="text" size="35" placeholder="to (ej: Cod country + Cod Area + phone)"/>
<input name="Submit" type="submit" value="Submit">
</form>
JavaScript API
var xhr = new XMLHttpRequest();
var url = https://my.unityvox.com/api/get-api/v1/OTP-api
xhr.open("POST", url+"?accountnumber={account-number}&apikey={apikey}&ref_id={ref_id}&phone_number=1305xxxxxxxx", true);
xhr.onreadystatechange = function(){
if (xhr.readyState == 4 && xhr.status == 200) {
console.log(’success’);
}
};
xhr.send();
CURL API
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://my.unityvox.com/api/get-api/v1/OTP-api?accountnumber={account-number}&apikey={apikey}&ref_id={ref_id}&phone_number=1305xxxxxxxx");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_exec($ch);
curl_close($ch);
Variables for OTP code request
-
-
apikey
Private key generated in your account https: /my.unityvox.com.
-
accountnumber
Account number, you can find it in your administration panel in the API Key section.
-
ref_id
Unique value generated when I created the Témplate in https://my.unityvox.com
-
phone_number
Destination telephone number.
System Responses in Shipping
//Error response//
{
"version":"1.00",
"code":"020",
"status":"error",
"resultstring":"Failure",
"statusmessage":"Invalid or empty Message ref_id"
}
{
"version":"1.00",
"code":"021",
"status":"error",
"resultstring":"Failure",
"sessionID":"{sessionID}",
"statusmessage":"No Plan or Balance in account"
}
//Response Success
{
"version":"1.00",
"code":"022",
"status":"success",
"resultstring":"Success",
"phone_number":{phone_number},
"sessionID":{sessionID},
"statusmessage":"Message sent successfully"
}
Validation of OTP code received by your client.
In order to perform the verification of the code, you must send in your request 2 new variable that is sessionID which you received in the code request response and the code that your client received by SMS on your Mobil.
https://my.unityvox.com/api/get-api/v1/OTP-api/verify?accountnumber={account-number}&apikey={apikey}&sessionid={sessionID}&otp_code={otp_code}]
This request generates a 6-digit random code which can be validated 1 time only and lasts for 10 minutes. If the code expires or is validated, a new one must be requested by executing the same request.
<form action="https://my.unityvox.com/api/get-api/v1/OTP-api/verify" method="POST" name="request_otp">
<input name="accountnumber" type="hidden" value="{account-number}" />
<input name="apikey" type="hidden" value="{apikey}" />
<input name="sessionid" type="hidden" size="35" value={sessionid}"/>
<input name="otp_code" type="text" size="35" value="{otp_code}"/>
<input name="Submit" type="submit" value="Submit">
</form>
JavaScript API
var xhr = new XMLHttpRequest();
var url = https://my.unityvox.com/api/get-api/v1/OTP-api/verify
xhr.open("POST", url+"?accountnumber={account-number}&apikey={apikey}&sessionid={sessionid}&otp_code={otp_code}", true);
xhr.onreadystatechange = function(){
if (xhr.readyState == 4 && xhr.status == 200) {
console.log(’success’);
}
};
xhr.send();
CURL API
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://my.unityvox.com/api/get-api/v1/OTP-api/verify?accountnumber={account-number}&apikey={apikey}&sessionid={sessionid}&otp_code={otp_code}");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_exec($ch);
curl_close($ch);
Variables for OTP code validation
-
-
apikey
Private key generated in your account https: /my.unityvox.com.
-
accountnumber
Account number, you can find it in your administration panel in the API Key section.
-
sessionid
Variable sent in the response when requesting the OTP code, is a unique variable and is valid only with its OTP code.
-
otp_code
Code sent by SMS to your client, is a unique code and has a validity of 10 minutes and can only be used once. This OTP code is validated together with the sessionid variable.
System responses in OTP code validation
//Error response//
{
"version":"1.00",
"code":"023",
"status":"error",
"resultstring":"Failure",
"sessionID":"{sessionid}",
"statusmessage":"OTP Expired"
}
{
"version":"1.00",
"code":"024",
"status":"error",
"resultstring":"Failure",
"sessionID":"{sessionid}",
"statusmessage":"Invalid API / SessionId Combination - No Entry Exists"
}
{
"version":"1.00",
"code":"025",
"status":"error",
"resultstring":"Failure",
"sessionID":"{sessionid}",
"statusmessage":"OTP Mismatch"
}
{
"version":"1.00",
"code":"026",
"status":"error",
"resultstring":"Failure",
"sessionID":"{sessionid}",
"statusmessage":"OTP already used"
}
//Response Success
{
"version":"1.00",
"code":"027",
"status":"success",
"resultstring":"Success",
"sessionID":"{sessionid}",
"statusmessage":"OTP Matched"
}