Code copied successfuly

Authentication API

Version: v1.0

Specification Release Notes Other versions

Two-factor authentication (2FA) is an additional security layer for your business applications. Traditional username/password approach is vulnerable, especially in today's environment where everything is online. 2FA aims to increase the security level of a standard password-only approach.

Base URLs

2FA Application Service

Users can create multiple 2FA applications and configurations through the 2FA API. tyntec stores these configurations so that users can select between own 2FA applications and the corresponding linked configuration. Those configurations will be used when delivering One-Time Passwords (OTP). For each user, there is the default 2FA application which contains default values and the English language template. This default application will be used in the case no 2FA application ID is specified in an OTP delivery request. The default 2FA application is configurable and users can set own default parameters or a 2FA application.

List all applications

Code samples

# You can also use wget
curl -X GET https://api.tyntec.com/2fa/v1/application \
  -H 'Accept: application/json' \
  -H 'apiKey: API_KEY'

GET https://api.tyntec.com/2fa/v1/application HTTP/1.1
Host: api.tyntec.com
Accept: application/json
apiKey: API_KEY


const headers = {
  'Accept':'application/json',
  'apiKey':'API_KEY'

};

fetch('https://api.tyntec.com/2fa/v1/application',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'apiKey' => 'API_KEY'
}

result = RestClient.get 'https://api.tyntec.com/2fa/v1/application',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'apiKey': 'API_KEY'
}

r = requests.get('https://api.tyntec.com/2fa/v1/application', params={

}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'apiKey' => 'API_KEY',

    );

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://api.tyntec.com/2fa/v1/application', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://api.tyntec.com/2fa/v1/application");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("apiKey", "API_KEY");

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "apiKey": []string{"API_KEY"},

    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.tyntec.com/2fa/v1/application", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /2fa/v1/application

Returns a list of all applications that were created under your account.

Example responses

200 Response

[
  {
    "alphanumeric": false,
    "attempts": 3,
    "expire": 300,
    "name": "string",
    "pinLength": 4,
    "sender": "VERIFY",
    "caller": "VERIFY"
  }
]

Responses

Status Meaning Description Schema
200 OK The list of applications Inline
204 No Content Empty list. No applications were found for your account. Inline
401 Unauthorized Unauthorized None
403 Forbidden Forbidden None
404 Not Found Not Found None
500 Internal Server Error Something went wrong. :-( ErrorResponse
Response Schema

Status Code 200

Name Type Required Restrictions Description
anonymous [TwoFactorAuthApplicationEntity] false none [Two-Factor Authentication Application structure]
» alphanumeric boolean false none Whether the OTP is alphanumeric or not
» attempts integer(int32) false none How many attempts the user can have for this OTP
» expire integer(int64) false none After how many seconds the OTP expires
» name string false none Custom application name
» pinLength integer(int32) false none The length of the auto-generated PIN length. PIN length can be between 4-11 digits.
» sender string false none The sender used for SMS delivery
» caller string false none The caller used for TTS delivery. Using a valid number will improve filtering issues caused by anonymous calls.

Status Code 204

Name Type Required Restrictions Description
anonymous [TwoFactorAuthApplicationEntity] false none [Two-Factor Authentication Application structure]
» alphanumeric boolean false none Whether the OTP is alphanumeric or not
» attempts integer(int32) false none How many attempts the user can have for this OTP
» expire integer(int64) false none After how many seconds the OTP expires
» name string false none Custom application name
» pinLength integer(int32) false none The length of the auto-generated PIN length. PIN length can be between 4-11 digits.
» sender string false none The sender used for SMS delivery
» caller string false none The caller used for TTS delivery. Using a valid number will improve filtering issues caused by anonymous calls.

Create a 2FA application

Code samples

# You can also use wget
curl -X POST https://api.tyntec.com/2fa/v1/application \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'apiKey: API_KEY'

POST https://api.tyntec.com/2fa/v1/application HTTP/1.1
Host: api.tyntec.com
Content-Type: application/json
Accept: application/json
apiKey: API_KEY

const inputBody = '{
  "alphanumeric": false,
  "attempts": 3,
  "expire": 300,
  "name": "string",
  "pinLength": 4,
  "sender": "VERIFY",
  "caller": "VERIFY"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'apiKey':'API_KEY'

};

fetch('https://api.tyntec.com/2fa/v1/application',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'apiKey' => 'API_KEY'
}

result = RestClient.post 'https://api.tyntec.com/2fa/v1/application',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'apiKey': 'API_KEY'
}

r = requests.post('https://api.tyntec.com/2fa/v1/application', params={

}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Content-Type' => 'application/json',
    'Accept' => 'application/json',
    'apiKey' => 'API_KEY',

    );

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('POST','https://api.tyntec.com/2fa/v1/application', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://api.tyntec.com/2fa/v1/application");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("apiKey", "API_KEY");

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "apiKey": []string{"API_KEY"},

    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.tyntec.com/2fa/v1/application", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

POST /2fa/v1/application

Creates a 2FA application instance. You can either:

  • use the target URI with a POST HTTP request or
  • include the application parameters in your request body.

Values that are not defined will be populated with default values.

Body parameter

{
  "alphanumeric": false,
  "attempts": 3,
  "expire": 300,
  "name": "string",
  "pinLength": 4,
  "sender": "VERIFY",
  "caller": "VERIFY"
}

Parameters

Name In Type Required Description
body body TwoFactorAuthApplicationEntity false The application to be created

Example responses

200 Response

{
  "alphanumeric": false,
  "attempts": 3,
  "expire": 300,
  "name": "string",
  "pinLength": 4,
  "sender": "VERIFY",
  "caller": "VERIFY"
}

Not valid configuration provided

Responses

Status Meaning Description Schema
200 OK The new application was created. TwoFactorAuthApplicationEntity
400 Bad Request Not valid configuration provided ErrorResponse
401 Unauthorized Unauthorized None
403 Forbidden Forbidden None
404 Not Found Not Found None
500 Internal Server Error Something went wrong. :-( ErrorResponse

Read a 2FA application

Code samples

# You can also use wget
curl -X GET https://api.tyntec.com/2fa/v1/application/{applicationId} \
  -H 'Accept: application/json' \
  -H 'apiKey: API_KEY'

GET https://api.tyntec.com/2fa/v1/application/{applicationId} HTTP/1.1
Host: api.tyntec.com
Accept: application/json
apiKey: API_KEY


const headers = {
  'Accept':'application/json',
  'apiKey':'API_KEY'

};

fetch('https://api.tyntec.com/2fa/v1/application/{applicationId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'apiKey' => 'API_KEY'
}

result = RestClient.get 'https://api.tyntec.com/2fa/v1/application/{applicationId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'apiKey': 'API_KEY'
}

r = requests.get('https://api.tyntec.com/2fa/v1/application/{applicationId}', params={

}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'apiKey' => 'API_KEY',

    );

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://api.tyntec.com/2fa/v1/application/{applicationId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://api.tyntec.com/2fa/v1/application/{applicationId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("apiKey", "API_KEY");

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "apiKey": []string{"API_KEY"},

    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.tyntec.com/2fa/v1/application/{applicationId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /2fa/v1/application/{applicationId}

Returns a 2FA application. You can get a specific application by using the GET HTTP method and the application’s Universally Unique ID (UUID).

Parameters

Name In Type Required Description
applicationId path string true Application ID to be returned

Example responses

200 Response

{
  "alphanumeric": false,
  "attempts": 3,
  "expire": 300,
  "name": "string",
  "pinLength": 4,
  "sender": "VERIFY",
  "caller": "VERIFY"
}

Responses

Status Meaning Description Schema
200 OK The application is included in the response. TwoFactorAuthApplicationEntity
401 Unauthorized Unauthorized None
403 Forbidden Forbidden None
404 Not Found The ID is not valid for this application. None
500 Internal Server Error Something went wrong. :-( ErrorResponse

Edit a 2FA application

Code samples

# You can also use wget
curl -X POST https://api.tyntec.com/2fa/v1/application/{applicationId} \
  -H 'Accept: application/json' \
  -H 'apiKey: API_KEY'

POST https://api.tyntec.com/2fa/v1/application/{applicationId} HTTP/1.1
Host: api.tyntec.com
Accept: application/json
apiKey: API_KEY


const headers = {
  'Accept':'application/json',
  'apiKey':'API_KEY'

};

fetch('https://api.tyntec.com/2fa/v1/application/{applicationId}',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'apiKey' => 'API_KEY'
}

result = RestClient.post 'https://api.tyntec.com/2fa/v1/application/{applicationId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'apiKey': 'API_KEY'
}

r = requests.post('https://api.tyntec.com/2fa/v1/application/{applicationId}', params={

}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'apiKey' => 'API_KEY',

    );

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('POST','https://api.tyntec.com/2fa/v1/application/{applicationId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://api.tyntec.com/2fa/v1/application/{applicationId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("apiKey", "API_KEY");

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "apiKey": []string{"API_KEY"},

    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.tyntec.com/2fa/v1/application/{applicationId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

POST /2fa/v1/application/{applicationId}

Define the parameters that you would like to change in a 2FA application.

Parameters

Name In Type Required Description
applicationId path string true This parameter is a part of the URI following the pattern. ${baseURL}/application/{applicationId}. You can specify "default" to reference the default application.
name query string false This parameter represents the custom name for this application. “default” is not allowed, since it is reserved as it maps to the default application for this user.
pinLength query integer(int32) false The length of the auto-generated PIN length. PIN length can be between 4-11 digits.
alphaNumeric query boolean false By default, this parameter is FALSE and the PIN is generated in numeric values. In the case this parameter is TRUE, then the auto-generated PIN will be a lowercase alphanumeric PIN.
attempts query integer(int32) false This parameter controls how many attempts the user is allowed to have in order to validate a delivered OTP.
expire query integer(int64) false This parameter controls the expiration time in seconds after the first OTP delivery request.
sender query string false This parameter controls the sender name upon SMS delivery.
caller query string false This parameter is used to define a number as caller for voice calls. Adding this will improve the call success ratio, as some operators filter anonymous calls.
deleteCaller query boolean false This parameter is used to delete an already defined caller for voice calls.

Example responses

200 Response

{
  "alphanumeric": false,
  "attempts": 3,
  "expire": 300,
  "name": "string",
  "pinLength": 4,
  "sender": "VERIFY",
  "caller": "VERIFY"
}

Responses

Status Meaning Description Schema
200 OK The application is included in the response. TwoFactorAuthApplicationEntity
201 Created Created None
400 Bad Request Valid configuration was not provided. ErrorResponse
401 Unauthorized Unauthorized None
403 Forbidden Forbidden None
404 Not Found The ID is not valid for this application. ErrorResponse
500 Internal Server Error Something went wrong. :-( None

Delete a 2FA application

Code samples

# You can also use wget
curl -X DELETE https://api.tyntec.com/2fa/v1/application/{applicationId} \
  -H 'Accept: application/json' \
  -H 'apiKey: API_KEY'

DELETE https://api.tyntec.com/2fa/v1/application/{applicationId} HTTP/1.1
Host: api.tyntec.com
Accept: application/json
apiKey: API_KEY


const headers = {
  'Accept':'application/json',
  'apiKey':'API_KEY'

};

fetch('https://api.tyntec.com/2fa/v1/application/{applicationId}',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'apiKey' => 'API_KEY'
}

result = RestClient.delete 'https://api.tyntec.com/2fa/v1/application/{applicationId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'apiKey': 'API_KEY'
}

r = requests.delete('https://api.tyntec.com/2fa/v1/application/{applicationId}', params={

}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'apiKey' => 'API_KEY',

    );

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('DELETE','https://api.tyntec.com/2fa/v1/application/{applicationId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://api.tyntec.com/2fa/v1/application/{applicationId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("apiKey", "API_KEY");

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "apiKey": []string{"API_KEY"},

    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("DELETE", "https://api.tyntec.com/2fa/v1/application/{applicationId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

DELETE /2fa/v1/application/{applicationId}

You can delete your application if needed by using the DELETE HTTP method. Existing OTPs will still be valid but resend or verification of an OTP will not be possible.

Note: You cannot delete the “default” application.

Parameters

Name In Type Required Description
applicationId path string true ID of the application to be deleted

Example responses

200 Response

{
  "alphanumeric": false,
  "attempts": 3,
  "expire": 300,
  "name": "string",
  "pinLength": 4,
  "sender": "VERIFY",
  "caller": "VERIFY"
}

Responses

Status Meaning Description Schema
200 OK The application was deleted. TwoFactorAuthApplicationEntity
204 No Content No Content None
401 Unauthorized Unauthorized None
403 Forbidden Forbidden None
404 Not Found The ID is not valid for this application. ErrorResponse
500 Internal Server Error Something went wrong. :-( None

Add/Update a language template

Code samples

# You can also use wget
curl -X POST https://api.tyntec.com/2fa/v1/application/{applicationId}/language?language=string&text=string \
  -H 'Accept: application/json' \
  -H 'apiKey: API_KEY'

POST https://api.tyntec.com/2fa/v1/application/{applicationId}/language?language=string&text=string HTTP/1.1
Host: api.tyntec.com
Accept: application/json
apiKey: API_KEY


const headers = {
  'Accept':'application/json',
  'apiKey':'API_KEY'

};

fetch('https://api.tyntec.com/2fa/v1/application/{applicationId}/language?language=string&text=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'apiKey' => 'API_KEY'
}

result = RestClient.post 'https://api.tyntec.com/2fa/v1/application/{applicationId}/language',
  params: {
  'language' => 'string',
'text' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'apiKey': 'API_KEY'
}

r = requests.post('https://api.tyntec.com/2fa/v1/application/{applicationId}/language', params={
  'language': 'string',  'text': 'string'
}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'apiKey' => 'API_KEY',

    );

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('POST','https://api.tyntec.com/2fa/v1/application/{applicationId}/language', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://api.tyntec.com/2fa/v1/application/{applicationId}/language?language=string&text=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("apiKey", "API_KEY");

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "apiKey": []string{"API_KEY"},

    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.tyntec.com/2fa/v1/application/{applicationId}/language", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

POST /2fa/v1/application/{applicationId}/language

You can add or edit a language template by referring to the application UUID resource and the language you want to add or edit. If you specify also the channel optional parameter, the specific template for this delivery channel will be created.

Parameters

Name In Type Required Description
applicationId path string true The applicationId of the application you would like to edit. This parameter is part of the URI following the pattern ${baseURL}/application/{applicationId}. You can specify "default" to reference the default application.
language query string true The language locale should be in the ISO 639-1 format.
text query string true The text template for the specific language. Placeholder {{OTP}} must exist at least once. {{SEC}} is an optional placeholder that will replace the “expire” parameter for this application.
channel query string false This optional parameter is set in the case you want to have different template for the same language, depending on the delivery channel, SMS or VOICE.

Example responses

200 Response

{
  "alphanumeric": false,
  "attempts": 3,
  "expire": 300,
  "name": "string",
  "pinLength": 4,
  "sender": "VERIFY",
  "caller": "VERIFY"
}

Responses

Status Meaning Description Schema
200 OK The application language template was saved. TwoFactorAuthApplicationEntity
201 Created Created None
400 Bad Request Wrong arguments were provided. ErrorResponse
401 Unauthorized Unauthorized None
403 Forbidden Forbidden None
404 Not Found The ID for this application is not valid. ErrorResponse
500 Internal Server Error Something went wrong. :-( ErrorResponse

Delete a language template

Code samples

# You can also use wget
curl -X DELETE https://api.tyntec.com/2fa/v1/application/{applicationId}/language?language=string \
  -H 'Accept: application/json' \
  -H 'apiKey: API_KEY'

DELETE https://api.tyntec.com/2fa/v1/application/{applicationId}/language?language=string HTTP/1.1
Host: api.tyntec.com
Accept: application/json
apiKey: API_KEY


const headers = {
  'Accept':'application/json',
  'apiKey':'API_KEY'

};

fetch('https://api.tyntec.com/2fa/v1/application/{applicationId}/language?language=string',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'apiKey' => 'API_KEY'
}

result = RestClient.delete 'https://api.tyntec.com/2fa/v1/application/{applicationId}/language',
  params: {
  'language' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'apiKey': 'API_KEY'
}

r = requests.delete('https://api.tyntec.com/2fa/v1/application/{applicationId}/language', params={
  'language': 'string'
}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'apiKey' => 'API_KEY',

    );

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('DELETE','https://api.tyntec.com/2fa/v1/application/{applicationId}/language', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://api.tyntec.com/2fa/v1/application/{applicationId}/language?language=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("apiKey", "API_KEY");

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "apiKey": []string{"API_KEY"},

    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("DELETE", "https://api.tyntec.com/2fa/v1/application/{applicationId}/language", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

DELETE /2fa/v1/application/{applicationId}/language

You can delete a language template by referring to the application UUID resource and the language you want to delete. If you specify also the channel optional parameter, the specific template for this delivery channel will be deleted.

Parameters

Name In Type Required Description
applicationId path string true This parameter is the applicationId of the application you would like to edit and it is a part of the URI following the pattern ${baseURL}/application/{applicationId}. You can specify "default" to reference the default application.
language query string true The language locale should be in ISO 639-1 format
channel query string false This optional parameter is set in the case you want to have different template for the same language, depending on the delivery channel, SMS or VOICE.

Example responses

200 Response

{
  "alphanumeric": false,
  "attempts": 3,
  "expire": 300,
  "name": "string",
  "pinLength": 4,
  "sender": "VERIFY",
  "caller": "VERIFY"
}

Responses

Status Meaning Description Schema
200 OK The language template was deleted. TwoFactorAuthApplicationEntity
204 No Content No Content None
400 Bad Request Wrong arguments were provided. ErrorResponse
401 Unauthorized Unauthorized None
403 Forbidden Forbidden None
404 Not Found The ID is not valid for this application, or the language does not exist. None
500 Internal Server Error Something went wrong. :-( None

2FA OTP Service

The OTP service is used for delivering and checking One Time Password (OTP) codes to destination numbers.

List OTPs

Code samples

# You can also use wget
curl -X GET https://api.tyntec.com/2fa/v1/otp?number=string \
  -H 'Accept: application/json' \
  -H 'apiKey: API_KEY'

GET https://api.tyntec.com/2fa/v1/otp?number=string HTTP/1.1
Host: api.tyntec.com
Accept: application/json
apiKey: API_KEY


const headers = {
  'Accept':'application/json',
  'apiKey':'API_KEY'

};

fetch('https://api.tyntec.com/2fa/v1/otp?number=string',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'apiKey' => 'API_KEY'
}

result = RestClient.get 'https://api.tyntec.com/2fa/v1/otp',
  params: {
  'number' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'apiKey': 'API_KEY'
}

r = requests.get('https://api.tyntec.com/2fa/v1/otp', params={
  'number': 'string'
}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'apiKey' => 'API_KEY',

    );

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://api.tyntec.com/2fa/v1/otp', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://api.tyntec.com/2fa/v1/otp?number=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("apiKey", "API_KEY");

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "apiKey": []string{"API_KEY"},

    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.tyntec.com/2fa/v1/otp", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /2fa/v1/otp

You can query the event's endpoint of an OTP delivery instance to get a list of events reported for this delivery.

Parameters

Name In Type Required Description
number query string true The destination telephone number in the E.164 format

Example responses

200 Response

[
  {
    "accountId": "string",
    "applicationId": "string",
    "attemptCount": 0,
    "created": 0,
    "expire": 0,
    "number": "string",
    "otpId": "string",
    "otpStatus": "string",
    "referenceId": "string",
    "timestampCreated": "string",
    "timestampExpire": "string"
  }
]

Responses

Status Meaning Description Schema
200 OK The list of OTPs Inline
204 No Content Empty list. No OTPs were found for this account. Inline
400 Bad Request Invalid number format was provided. ErrorResponse
401 Unauthorized Unauthorized None
403 Forbidden Forbidden None
404 Not Found Not Found None
500 Internal Server Error Something went wrong. :-( ErrorResponse
Response Schema

Status Code 200

Name Type Required Restrictions Description
anonymous [OtpStatusEntity] false none [OTP Status schema]
» accountId string false none This is your 2FA accountId in the tyntec system. You cannot change this value.
» applicationId string false none The Universally Unique ID (UUID) that identifies the specific application used to deliver this OTP
» attemptCount integer(int32) false none The number of attempts made for this OTP to be validated
» created integer(int64) false none The time in milliseconds in which the OTP request was created
» expire integer(int64) false none The time in milliseconds in which the OTP will expire
» number string false none The destination phone number in the E.164 format
» otpId string false none The OTP ID that the code should be re-sent to
» otpStatus string false none The OTP status. Possible values, ACTIVE, when the OTP is still active; VERIFIED, when the OTP was verified successfully;
EXPIRED, when the OTP expired; TOO_MANY_ATTEMPTS, when the OTP validation requests exceeded the maximum allowed by the application configuration.
» referenceId string false none Set your custom reference ID.
» timestampCreated string false none The string timestamp “created” representation in UTC Z format
» timestampExpire string false none The string timestamp “expire” representation in UTC Z format

Status Code 204

Name Type Required Restrictions Description
anonymous [OtpStatusEntity] false none [OTP Status schema]
» accountId string false none This is your 2FA accountId in the tyntec system. You cannot change this value.
» applicationId string false none The Universally Unique ID (UUID) that identifies the specific application used to deliver this OTP
» attemptCount integer(int32) false none The number of attempts made for this OTP to be validated
» created integer(int64) false none The time in milliseconds in which the OTP request was created
» expire integer(int64) false none The time in milliseconds in which the OTP will expire
» number string false none The destination phone number in the E.164 format
» otpId string false none The OTP ID that the code should be re-sent to
» otpStatus string false none The OTP status. Possible values, ACTIVE, when the OTP is still active; VERIFIED, when the OTP was verified successfully;
EXPIRED, when the OTP expired; TOO_MANY_ATTEMPTS, when the OTP validation requests exceeded the maximum allowed by the application configuration.
» referenceId string false none Set your custom reference ID.
» timestampCreated string false none The string timestamp “created” representation in UTC Z format
» timestampExpire string false none The string timestamp “expire” representation in UTC Z format

Send an OTP

Code samples

# You can also use wget
curl -X POST https://api.tyntec.com/2fa/v1/otp?number=string \
  -H 'Accept: application/json' \
  -H 'apiKey: API_KEY'

POST https://api.tyntec.com/2fa/v1/otp?number=string HTTP/1.1
Host: api.tyntec.com
Accept: application/json
apiKey: API_KEY


const headers = {
  'Accept':'application/json',
  'apiKey':'API_KEY'

};

fetch('https://api.tyntec.com/2fa/v1/otp?number=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'apiKey' => 'API_KEY'
}

result = RestClient.post 'https://api.tyntec.com/2fa/v1/otp',
  params: {
  'number' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'apiKey': 'API_KEY'
}

r = requests.post('https://api.tyntec.com/2fa/v1/otp', params={
  'number': 'string'
}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'apiKey' => 'API_KEY',

    );

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('POST','https://api.tyntec.com/2fa/v1/otp', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://api.tyntec.com/2fa/v1/otp?number=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("apiKey", "API_KEY");

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "apiKey": []string{"API_KEY"},

    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.tyntec.com/2fa/v1/otp", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

POST /2fa/v1/otp

Sends an OTP based on your application configuration. Modifies the request based on the optional parameters.

Parameters

Name In Type Required Description
number query string true The destination telephone number in the E.164 format
applicationId query string false The UUID of the application you want to use. If not specified, the default will be used.
via query string false SMS/VOICE/AUTO; the channel to deliver the OTP to
country query string false Optional; if you provided a number without a country code, it will be added automatically.
language query string false The language template to be used in the ISO 639-1 codes. If the template is not specified, it will be auto-detected based on the number. If a language template does not exist, it will default to English.
text query string false Text to override the default template. Placeholder {{OTP}} must exist for auto-generation of OTP, otherwise otpCode should be specified.
referenceId query string false Set your custom reference ID.
otpCode query string false Override the auto-generated OTP code.
sender query string false Override the applications sender.
caller query string false Override the applications caller.
pinLength query string false The length of the auto-generated PIN length. PIN length can be between 4-11 digits.
Detailed description

country: Optional; if you provided a number without a country code, it will be added automatically. If the country code is included but doesn't match the country specified, it will result in an error.

Example responses

200 Response

{
  "accountId": "string",
  "applicationId": "string",
  "attemptCount": 0,
  "created": 0,
  "expire": 0,
  "number": "string",
  "otpId": "string",
  "otpStatus": "string",
  "referenceId": "string",
  "timestampCreated": "string",
  "timestampExpire": "string"
}

Responses

Status Meaning Description Schema
200 OK The result of the OTP with a unique ID OtpStatusEntity
201 Created Created None
400 Bad Request Invalid parameters provided. Look at the response for the specific error. ErrorResponse
401 Unauthorized Unauthorized None
403 Forbidden Forbidden None
404 Not Found Not Found None
500 Internal Server Error Something went wrong. :-( ErrorResponse

Read OTP status

Code samples

# You can also use wget
curl -X GET https://api.tyntec.com/2fa/v1/otp/{otpId} \
  -H 'Accept: application/json' \
  -H 'apiKey: API_KEY'

GET https://api.tyntec.com/2fa/v1/otp/{otpId} HTTP/1.1
Host: api.tyntec.com
Accept: application/json
apiKey: API_KEY


const headers = {
  'Accept':'application/json',
  'apiKey':'API_KEY'

};

fetch('https://api.tyntec.com/2fa/v1/otp/{otpId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'apiKey' => 'API_KEY'
}

result = RestClient.get 'https://api.tyntec.com/2fa/v1/otp/{otpId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'apiKey': 'API_KEY'
}

r = requests.get('https://api.tyntec.com/2fa/v1/otp/{otpId}', params={

}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'apiKey' => 'API_KEY',

    );

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://api.tyntec.com/2fa/v1/otp/{otpId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://api.tyntec.com/2fa/v1/otp/{otpId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("apiKey", "API_KEY");

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "apiKey": []string{"API_KEY"},

    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.tyntec.com/2fa/v1/otp/{otpId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /2fa/v1/otp/{otpId}

Returns the status of an OTP.

Parameters

Name In Type Required Description
otpId path string true The OTP ID that the code should be re-sent to.

Example responses

200 Response

{
  "accountId": "string",
  "applicationId": "string",
  "attemptCount": 0,
  "created": 0,
  "expire": 0,
  "number": "string",
  "otpId": "string",
  "otpStatus": "string",
  "referenceId": "string",
  "timestampCreated": "string",
  "timestampExpire": "string"
}

Responses

Status Meaning Description Schema
200 OK The OTP status OtpStatusEntity
401 Unauthorized Unauthorized None
403 Forbidden Forbidden None
404 Not Found OTP code was not found. ErrorResponse
500 Internal Server Error Something went wrong. :-( ErrorResponse

Re-send an OTP

Code samples

# You can also use wget
curl -X POST https://api.tyntec.com/2fa/v1/otp/{otpId} \
  -H 'Accept: application/json' \
  -H 'apiKey: API_KEY'

POST https://api.tyntec.com/2fa/v1/otp/{otpId} HTTP/1.1
Host: api.tyntec.com
Accept: application/json
apiKey: API_KEY


const headers = {
  'Accept':'application/json',
  'apiKey':'API_KEY'

};

fetch('https://api.tyntec.com/2fa/v1/otp/{otpId}',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'apiKey' => 'API_KEY'
}

result = RestClient.post 'https://api.tyntec.com/2fa/v1/otp/{otpId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'apiKey': 'API_KEY'
}

r = requests.post('https://api.tyntec.com/2fa/v1/otp/{otpId}', params={

}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'apiKey' => 'API_KEY',

    );

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('POST','https://api.tyntec.com/2fa/v1/otp/{otpId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://api.tyntec.com/2fa/v1/otp/{otpId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("apiKey", "API_KEY");

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "apiKey": []string{"API_KEY"},

    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.tyntec.com/2fa/v1/otp/{otpId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

POST /2fa/v1/otp/{otpId}

In the case the end user didn’t receive the OTP in a reasonable time frame, you can use this operation to re-send the same OTP code. The OTP code will be the same as the original one, but you have the option to choose a different delivery channel.

Parameters

Name In Type Required Description
otpId path string true The OTP ID that the code should be re-sent to
via query string false You can force a delivery channel by using this parameter. Possible values are AUTO, SMS, or VOICE. The default is “AUTO”, which will use SMS in the case of a mobile number and VOICE in the case of a landline number.
sender query string false In the case you want to override the sender set in the application's configuration, you can specify a sender's name for this OTP delivery.
caller query string false In the case you want to override the caller set in the application's configuration, you can specify a caller's ID for this OTP delivery.

Example responses

200 Response

{
  "accountId": "string",
  "applicationId": "string",
  "attemptCount": 0,
  "created": 0,
  "expire": 0,
  "number": "string",
  "otpId": "string",
  "otpStatus": "string",
  "referenceId": "string",
  "timestampCreated": "string",
  "timestampExpire": "string"
}

Responses

Status Meaning Description Schema
200 OK OTP was re-sent OtpStatusEntity
201 Created Created None
400 Bad Request The provided parameter is not valid. ErrorResponse
401 Unauthorized OTP is not valid anymore. ErrorResponse
403 Forbidden Forbidden None
404 Not Found OTP was not found. ErrorResponse
500 Internal Server Error Something went wrong. :-( ErrorResponse

Delete an OTP

Code samples

# You can also use wget
curl -X DELETE https://api.tyntec.com/2fa/v1/otp/{otpId} \
  -H 'Accept: application/json' \
  -H 'apiKey: API_KEY'

DELETE https://api.tyntec.com/2fa/v1/otp/{otpId} HTTP/1.1
Host: api.tyntec.com
Accept: application/json
apiKey: API_KEY


const headers = {
  'Accept':'application/json',
  'apiKey':'API_KEY'

};

fetch('https://api.tyntec.com/2fa/v1/otp/{otpId}',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'apiKey' => 'API_KEY'
}

result = RestClient.delete 'https://api.tyntec.com/2fa/v1/otp/{otpId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'apiKey': 'API_KEY'
}

r = requests.delete('https://api.tyntec.com/2fa/v1/otp/{otpId}', params={

}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'apiKey' => 'API_KEY',

    );

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('DELETE','https://api.tyntec.com/2fa/v1/otp/{otpId}', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://api.tyntec.com/2fa/v1/otp/{otpId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("apiKey", "API_KEY");

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "apiKey": []string{"API_KEY"},

    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("DELETE", "https://api.tyntec.com/2fa/v1/otp/{otpId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

DELETE /2fa/v1/otp/{otpId}

You can delete the status of an OTP by using this operation.

Parameters

Name In Type Required Description
otpId path string true The OTP ID that the code should be resent to

Example responses

200 Response

{
  "accountId": "string",
  "applicationId": "string",
  "attemptCount": 0,
  "created": 0,
  "expire": 0,
  "number": "string",
  "otpId": "string",
  "otpStatus": "string",
  "referenceId": "string",
  "timestampCreated": "string",
  "timestampExpire": "string"
}

Responses

Status Meaning Description Schema
200 OK OTP deleted OtpStatusEntity
204 No Content No Content None
401 Unauthorized Unauthorized None
403 Forbidden Forbidden None
404 Not Found OTP was not found. None
500 Internal Server Error Something went wrong. :-( ErrorResponse

List OTP events

Code samples

# You can also use wget
curl -X GET https://api.tyntec.com/2fa/v1/otp/{otpId}/events \
  -H 'Accept: application/json' \
  -H 'apiKey: API_KEY'

GET https://api.tyntec.com/2fa/v1/otp/{otpId}/events HTTP/1.1
Host: api.tyntec.com
Accept: application/json
apiKey: API_KEY


const headers = {
  'Accept':'application/json',
  'apiKey':'API_KEY'

};

fetch('https://api.tyntec.com/2fa/v1/otp/{otpId}/events',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'apiKey' => 'API_KEY'
}

result = RestClient.get 'https://api.tyntec.com/2fa/v1/otp/{otpId}/events',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'apiKey': 'API_KEY'
}

r = requests.get('https://api.tyntec.com/2fa/v1/otp/{otpId}/events', params={

}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'apiKey' => 'API_KEY',

    );

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('GET','https://api.tyntec.com/2fa/v1/otp/{otpId}/events', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://api.tyntec.com/2fa/v1/otp/{otpId}/events");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("apiKey", "API_KEY");

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "apiKey": []string{"API_KEY"},

    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.tyntec.com/2fa/v1/otp/{otpId}/events", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET /2fa/v1/otp/{otpId}/events

You can query the event's endpoint of an OTP delivery instance to get a list of events reported for this delivery.

Parameters

Name In Type Required Description
otpId path string true The OTP ID that the code should be re-sent to

Example responses

200 Response

[
  {
    "created": 0,
    "status": "string",
    "statusText": "string",
    "timestampCreated": "string",
    "type": "string"
  }
]

Responses

Status Meaning Description Schema
200 OK The OTP status Inline
401 Unauthorized Unauthorized None
403 Forbidden Forbidden None
404 Not Found OTP code was not found. ErrorResponse
500 Internal Server Error Something went wrong. :-( ErrorResponse
Response Schema

Status Code 200

Name Type Required Restrictions Description
anonymous [StatusEvent] false none [Status schema]
» created integer(int64) false none Timestamp in the Epoch/Unix time
» status string false none Event status; possible values are success/failed/null.
» statusText string false none The status reported by the delivery system
» timestampCreated string false none The string timestamp “created” representation in UTC Z format
» type string false none Refer to the next table regarding all event types.

Validate an OTP

Code samples

# You can also use wget
curl -X POST https://api.tyntec.com/2fa/v1/otp/{otpId}/check?otpCode=string \
  -H 'Accept: application/json' \
  -H 'apiKey: API_KEY'

POST https://api.tyntec.com/2fa/v1/otp/{otpId}/check?otpCode=string HTTP/1.1
Host: api.tyntec.com
Accept: application/json
apiKey: API_KEY


const headers = {
  'Accept':'application/json',
  'apiKey':'API_KEY'

};

fetch('https://api.tyntec.com/2fa/v1/otp/{otpId}/check?otpCode=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'apiKey' => 'API_KEY'
}

result = RestClient.post 'https://api.tyntec.com/2fa/v1/otp/{otpId}/check',
  params: {
  'otpCode' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'apiKey': 'API_KEY'
}

r = requests.post('https://api.tyntec.com/2fa/v1/otp/{otpId}/check', params={
  'otpCode': 'string'
}, headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/json',
    'apiKey' => 'API_KEY',

    );

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('POST','https://api.tyntec.com/2fa/v1/otp/{otpId}/check', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://api.tyntec.com/2fa/v1/otp/{otpId}/check?otpCode=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("apiKey", "API_KEY");

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "apiKey": []string{"API_KEY"},

    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.tyntec.com/2fa/v1/otp/{otpId}/check", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

POST /2fa/v1/otp/{otpId}/check

This operation will verify whether the OTP code used matched the OTP code that was generated for this user. To verify an OTP code, you need to provide: 1) the unique OTPId that refers the the OTP delivery request 2) the OTP code sent to the user

Parameters

Name In Type Required Description
otpId path string true The OTP ID that the code should be re-sent to
otpCode query string true otpCode

Example responses

200 Response

{
  "accountId": "string",
  "applicationId": "string",
  "attemptCount": 0,
  "created": 0,
  "expire": 0,
  "number": "string",
  "otpId": "string",
  "otpStatus": "string",
  "referenceId": "string",
  "timestampCreated": "string",
  "timestampExpire": "string"
}

Responses

Status Meaning Description Schema
200 OK OK OtpStatusEntity
201 Created Created None
202 Accepted The provided OTP is valid. OtpStatusEntity
401 Unauthorized The provided OTP code is not valid. OtpStatusEntity
403 Forbidden OTP expired because of too many attempts made. OtpStatusEntity
404 Not Found OTP was not found. None
410 Gone OTP is not active anymore. OtpStatusEntity
500 Internal Server Error Something went wrong. :-( ErrorResponse

Schemas

OtpStatusEntity

{
  "accountId": "string",
  "applicationId": "string",
  "attemptCount": 0,
  "created": 0,
  "expire": 0,
  "number": "string",
  "otpId": "string",
  "otpStatus": "string",
  "referenceId": "string",
  "timestampCreated": "string",
  "timestampExpire": "string"
}

OTP Status schema

Properties

Name Type Required Restrictions Description
accountId string false none This is your 2FA accountId in the tyntec system. You cannot change this value.
applicationId string false none The Universally Unique ID (UUID) that identifies the specific application used to deliver this OTP
attemptCount integer(int32) false none The number of attempts made for this OTP to be validated
created integer(int64) false none The time in milliseconds in which the OTP request was created
expire integer(int64) false none The time in milliseconds in which the OTP will expire
number string false none The destination phone number in the E.164 format
otpId string false none The OTP ID that the code should be re-sent to
otpStatus string false none The OTP status. Possible values, ACTIVE, when the OTP is still active; VERIFIED, when the OTP was verified successfully;
EXPIRED, when the OTP expired; TOO_MANY_ATTEMPTS, when the OTP validation requests exceeded the maximum allowed by the application configuration.
referenceId string false none Set your custom reference ID.
timestampCreated string false none The string timestamp “created” representation in UTC Z format
timestampExpire string false none The string timestamp “expire” representation in UTC Z format

StatusEvent

{
  "created": 0,
  "status": "string",
  "statusText": "string",
  "timestampCreated": "string",
  "type": "string"
}

Status schema

Properties

Name Type Required Restrictions Description
created integer(int64) false none Timestamp in the Epoch/Unix time
status string false none Event status; possible values are success/failed/null.
statusText string false none The status reported by the delivery system
timestampCreated string false none The string timestamp “created” representation in UTC Z format
type string false none Refer to the next table regarding all event types.

TwoFactorAuthApplicationEntity

{
  "alphanumeric": false,
  "attempts": 3,
  "expire": 300,
  "name": "string",
  "pinLength": 4,
  "sender": "VERIFY",
  "caller": "VERIFY"
}

Two-Factor Authentication Application structure

Properties

Name Type Required Restrictions Description
alphanumeric boolean false none Whether the OTP is alphanumeric or not
attempts integer(int32) false none How many attempts the user can have for this OTP
expire integer(int64) false none After how many seconds the OTP expires
name string false none Custom application name
pinLength integer(int32) false none The length of the auto-generated PIN length. PIN length can be between 4-11 digits.
sender string false none The sender used for SMS delivery
caller string false none The caller used for TTS delivery. Using a valid number will improve filtering issues caused by anonymous calls.

ErrorResponse

{
  "code": "string",
  "id": "string",
  "message": "string",
  "timestamp": 0
}

Error Response schema

Properties

Name Type Required Restrictions Description
code string false none The reason for an unsuccessful attempt
id string false none Error code ID
message string false none Textual representation of the code, containing further information
timestamp integer(int64) false none Timestamp in Epoch/Unix time