Docs

Two-factor authentication

 

Add one more layer of security to your web site with the account verification feature, and also keep your customer personal phone number up to date.

Learn how to implement phone number verification functionality on your web site by using Apifonica API.

What does this thing do?

This PHP sample application demonstrates how to create a web site signup form that verifies user mobile number.

The user registration process will be the following:

  1. Your customer enters his name and a mobile phone number into a signup form.
  2. Your web site generates a one-time verification code, and sends it via Apifonica API to the user's mobile phone to ensure the user physically possesses it. The user enters the code into a verification form to complete the registration process.
  3. There is also a possibility to organize two-factor authentication while excluding sms or voice traffic cost when user authenticates. Renting several amount of numbers from Apifonica, you can code them to be authenticators themselves. While showing customer a number to call (for example providing it in a authorization form or on a website itself), it can be set to hangup immediately and Apifonica will register the call thus authenticating user.

    To ease-up the process you can also generate a QR code for the Apifonica’s number, giving your customer a simple and elegant authentication process.

In this tutorial, we will show you the HTML form that accepts user data and verification code, and the functions that send this code via SMS to the user’s mobile number and check the code validity.

Let’s get started!

Prerequisites

  1. An Apifonica account SID and password to send SMS messages from the web.

    You can find these in your personal account.

  2. An Apifonica phone number to be the SMS sender’s number.

    You can rent a number from your Apifonica account.

  3. An Apache/nginx HTTP server supporting PHP version 5 or higher.

Step 1 – Get the Code

Click here to download the source (case03.php) which includes everything you need for this tutorial.

The file contains an HTTP signup form to be displayed to the users desiring to register at your web site. The file also has the functions that generate five digit verification code, send it as an SMS message to the mobile number specified by the user, and check if the entered verification code is valid.

The following diagram demonstrates how the sample works.

Step 2 – Set Default Variables

In the downloaded case03.php file, specify the default parameter values:

  • Your account SID.
  • Your account password (authToken).
  • A number you have rented from this account—this number will be used as the SMS sender’s number.

It is necessary that you use a mobile number as the sender’s number. Enter it with the area code, but without a plus sign in the beginning.

// Specify Apifonica API URL
$api_url = 'https://api.apifonica.com';
// Specify your Apifonica account SID
$accountSID = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
// Specify your Apifonica account password
$password = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
// Specify the SMS sender's number (this number must be mobile number belonging to the Apifonica account you have specified) 
$from = 'XXXXXXXXXXX';

Step 3 – Upload the Updated Sample File to Your Server

The data you have specified will now be used for sending SMS messages with verification codes: your Apifonica account will be charged for outgoing SMS messages sent from the cloud to the mobile numbers your users specify in the web form.

Step 4 – Open the Web Form on Your Site and Try How It Works

Fill in the fields in the web form and click Send Verification Code in order to generate a one-time verification code and send it to the mobile number you have specified. Include the area code, but omit the plus sign.

Step 5 – Enter the Code You Receive in SMS

After you receive an SMS with the code, enter it and click the Proceed button to complete the registration.

Step 6 – Check Code Validity

In case you enter the valid code, the registration process is successfully completed.