• http://www.gongmsgn.com/wp-content/uploads/2012/12/services_banner.jpg

    Blog

http://www.gongmsgn.com/wp-content/themes/flare/images/shadow-1.png

Five Easy Steps For Successful 2-Factor Authentication

Traditionally, implementing two-factor authentication for web-based services also meant introducing additional hardware. Nowadays, enterprises and Internet giants need a simpler and faster solution to verify their global user base.

SMS-based 2FA sends a one-time PIN code to users’ mobile phones via text message, immediately turning their device into an extra layer of security. It doesn’t require extra equipment and works on both the latest smartphones and decade-old feature phones.

1 Register Your App

Before you start generating and sending PIN codes over GONG 2FA service, you’ll have to register your app on our Authentrix platform and provide us with the name of your app.

POST /2fa/1/applications HTTP/1.1
Host: unityapi.gongmsgn.com
Authorization: Basic RkTpGSVR0lUdGVhbZWFt
Content-Type: application/json
 
{
  "name":"My BASIC app"
}

The name of your app will be enough for you to proceed to the next step if you require only basic usage. For advanced usage, you’ll be able to configure the additional features for your app: PIN time to live, PIN attempts, verification attempts, verification interval, etc.

Find out more about additional features for your app and advanced usage of this method in the coming weeks.

2 Create A Message

After you have registered your app for the 2FA application, the next step will be to create a message that you want to send to your app users.

A PIN code is generated as part of your message so you’ll need to specify its features:

  • PIN Type: Type of PIN code that will be generated and sent as part of 2FA message. You can set PIN type to numeric, alpha, alphanumeric, or hex.
  • PIN Length: PIN code length between 1 and 8 characters.

POST /2fa/1/applications/8F0792F86035A9F4290821F1EE6BC06A/messages HTTP/1.1
Host: unityapi.gongmsgn.com
Authorization: Basic RkTpGSVR0lUdGVhbZWFt
Content-Type: application/json
 
{
  "pinType":"NUMERIC",
  "pinPlaceholder":"",
  "messageText":"Your pin is ",
  "pinLength":4,
  "sender":"GONG 2FA"
}

Find out more about additional message parameters and their usage in the coming weeks.

3 Generate API Key

In order to start sending and verifying PINs from the client side, you need a valid GONG API key.

Generate your API key with this simple method:

POST /2fa/1/api-key HTTP/1.1
Host: unityapi.gongmsgn.com
Authorization: Basic RkTpGSVR0lUdGVhbZWFt
Content-Type: application/json

Response

"003026bbc133714df1834b8638bb496e-8f4b3d9a-e931-478d-a994-28a725159ab9"

4 PIN Generation And Sending

If you have created a 2FA application (Step 1), configured your message (Step 2) and obtained your API key for authorisation (Step 3), you are ready to generate and send PINs to your users.

POST /2fa/1/pin HTTP/1.1
Host: unityapi.gongmsgn.com
Authorization: App 003026bbc133714df1834b8638bb496e-8f4b3d9a-e931-478d-a994-28a725159ab9
Content-Type: application/json
{
  "applicationId":"6D48F9FE5FA2B679C815F8AF33282A7C",
  "messageId":"1036B771ACA7EC408772F93BC855D00A",
  "phoneNumber":"2348056661831"
}

A response that indicates if everything is ok with your request will be immediately sent to you:

{
 "to": "2348056661831",
 "ncStatus": "NC_DESTINATION_REACHABLE",
 "smsStatus": "MESSAGE_SENT",
 "pinId": "9C817C6F8AF3D48F9FE553282AFA2B67"
}

Find out more about additional features for sending PIN codes in the coming weeks.

5 Verify PIN

The final step is to verify if the user entered the correct PIN that he had received on his mobile phone.

Simply forward us the value the user entered in your app, and we will verify the PIN:

POST /2fa/1/pin/9C817C6F8AF3D48F9FE553282AFA2B67/verify HTTP/1.1
Host: unityapi.gongmsgn.com
Authorization: App 003026bbc133714df1834b8638bb496e-8f4b3d9a-e931-478d-a994-28a725159ab9
Content-Type: application/json
{
 "pin":"1598"
}

If the PIN is correct, you will receive this response:

{
 "pinId": "9C817C6F8AF3D48F9FE553282AFA2B67",
 "msisdn": "2348056661831",
 "verified": true,
 "attemptsRemaining": 0
}

If the PIN is wrong, you will receive this response:

{
 "pinId": "9C817C6F8AF3D48F9FE553282AFA2B67",
 "msisdn": "2348056661831",
    "verified": false,
    "attemptsRemaining": 2,
    "pinError": "WRONG_PIN"
}

To see how easy it is to integrate our 2FA solution into your mobile app watch out for our upcoming free demo app and Android SDK documentation.

Share Button

About GONG:

GONG is a global mobile transaction cloud service connecting mobile and IP service providers and enterprises through an in-house developed and operated communication services cloud. Our converged messaging, m-payments, push notifications, voice and unified communication services bring a mobile and IP dimension to any business. Offices in Nigeria and strategic partnerships with major telco groups enable us to provide seamless integration, delivery and user experience. Always looking for innovation and new ideas, fostering a customer-first business philosophy and having the reach to every part of the world makes us the reliable provider for many clients in Nigeria and worldwide.