two-factor-authenticationauthysms-verification

What is the difference between Authy's TOTP and Phone Verification APIs?


Is the Phone Verification API just a wrapper around TOTP to simplify the process, or are they meant for entirely different use cases?


Solution

  • Authy developer evangelist here.

    The Phone Verification API is useful for one off verifications by SMS or a phone call. Great if all you need to do is make sure your user owns the phone number they have entered. You can read my write up of how to implement phone verification in Rails if you want to see more.

    The TOTP API returns an Authy ID that you can then save and use to send verification codes to your user as part of the 2FA flow. When you then send the verification code to a user, Authy works out whether they have the Authy app or not and sends either a push notification or an SMS.

    It's basically the same technology, however the TOTP case is a bit more complicated and intended for repeated uses.

    I also wrote up how to implement TOTP 2FA with Authy and Rails if you want to see details on that.

    Does that help at all?