Authy documentation Auth-Key and QR code

Im trying to implement 2FA with authy and using authy php library and authy API key to add users to authy, so that user can scan the QR code nd get my app authentication in phone.

I did documentation as mentioned in that library github page. User data is saving successfully but im getting some random numeric secret key (which is generated for user by authy) secret to store in database, if i enter that secret in app it is showing secret key is invalid error, Checkout the screenshots below

We need to enter secret something like this but im getting numeric secret, if i enter that manually app is showing error like below screenshot

documentation is like below

require_once dirname(__DIR__) . '/extra/Authy/vendor/autoload.php';
$authy_api = new Authy\AuthyApi('MY_API_KEY');
$user = $authy_api->registerUser('email@gmail.com', '9999999999', 91); // (email, phone number, country code)
if($user->ok()){
echo json_encode($user->id());
}else{
foreach($user->errors() as $field => $message) {
printf("$field = $message");
}
}

and another problem is how can i generate QR code which Authy can understand? I've searched for some and i didn't get any solutions. please help me.

Twilio/Authy developer evangelist here.

I must apologise, our documentation here has gotten a bit behind. I'll try to help.

First up, I recommend you take a look through this documentation on two factor authentication with Twilio and Authy.

Second, let me explain the process with Authy with regards to how far you've got.

You've set up the API and credentials correctly and then you have registered a user using the call to $authy_api->registerUser. The user ID that you got back from that response should not be shared with anyone. It is your reference to your user in the Authy database. You should store that ID against the user that is signing up and use that ID any time you need to send codes or verify codes.

You don't need to use QR codes to share anything with the user either. To start the two factor authentication process you now need to call:

$authy_api->requestSMS($userID);

With the ID that you got back from the API as the $usedID in this code.

The method call suggests that it's going to send an SMS, however that's just a bit of legacy.

• If your user has already installed the Authy mobile application and logged in and verified it with their phone number, then Authy will send a push notification to that application with the code they need to send you. Your app will appear within the Authy app without the user having to do anything (especially scan a QR code).
• If the user does not have the Authy app installed, then Authy will send them an SMS message with the code. If you want to avoid sending SMS messages, then you need to encourage your users to install the Authy app.

Finally, once the user enters the code on your site you should call to verify the token:

$authy_api->verifyToken($userID, $token);

In this case, the $userID is that ID you got back from the registerUser call initially and that you saved to your user. The $token is the code they enter from the app or the SMS.

Please let me know if that helps or if you have any other questions.