authy-client
A complete Authy client with support for TOTP, OneTouch, Phone Verification and Phone Intelligence APIs.
Status
Installation
Install the package via yarn
:
yarn add authy-client
or via npm
:
npm install authy-client --save
Usage
Client
The following is a complete example of registering a user and requesting an SMS using any of the three possible async APIs offered by this package.
babel
)
Using await/async (requires ; const client = key: 'foo' ; { const user: id: authyId = await client; const cellphone = await client; console};
Using promises
const Client = Client;const client = key: 'foo' ; client;
Using callbacks
const Client = Client;const client = key: 'foo' ; client;
If you want to run this example without first transpiling it, you can install the babel-cli
package and run node_modules/.bin/babel-node example.js
.
Command-line interface
Another option of interacting with Authy's API is by using the available command-line interface (cli). It handles most tasks without require any coding.
❯ authyCommands: activity <command> Manage activity application <command> Manage application information onetouch <command> Manage onetouch requests phone <command> Manage phone verifications user <command> Manage users Options: --key API Key [string] [required] --pretty Whether to print pretty results [boolean] [default: true] --help Show help [boolean]
Note that all calls must be authenticated using the API Key. However, if you prefer, you can define the API Key using the environment variable AUTHY_KEY
such as:
❯ AUTHY_KEY=foobar authy <command>
Client({ key }, [options])
Arguments
args
(Object): the required arguments object.args.key
(string): The private API key obtained from the Authy Dashboard.[options]
(Object): The options object.[options.host=https://api.authy.com]
(string): The target API endpoint.[options.timeout=5000]
(number): The maximum request time, in milliseconds.
Example
key: 'foo' timeout: 10000 ;
TOTP API
Authy TOTP (Time-based One-time Password) is an API that allows application developers to enable two-factor authentication (2FA) for a user. 2FA, as the name suggests, is an additional step to secure an user's account or action by comparing a code generated or sent to the user's mobile phone against a shared secret.
registerUser({ countryCode, email, phone }, [callback])
Create an Authy user based on the users mobile phone number and email. The returned Authy Id should be stored on your database for subsequent calls.
The library automatically converts conforming country codes (e.g. US
) to the corresponding country calling code (e.g. 1
) and validates the resulting phone number thoroughly before submitting it to Authy.
Arguments
args
(Object): the required arguments object.args.countryCode
(string): the user's phone country code in ISO 3166 alpha 2 format (recommended format, e.g.US
) or a numeric country calling code (use at your own risk).args.email
(string): the user's email address.args.phone
(string): the user's phone number.[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires const user: id: authyId = await client; console;
Using promises
client ;
Using callbacks
client;
Using cli
❯ AUTHY_KEY=foobar authy user create 911234567 PT foo@bar.com
requestSms({ authyId }, [options, callback])
Request an SMS with a token for users that don't own a smartphone. If the Authy app is in use by the user, this request is ignored and a push notification is sent instead.
Arguments
args
(Object): the required arguments object.args.authyId
(string): the user's Authy Id.[options]
(Object): the options object.[options.action]
(string): the action or context that is being validated.[options.force]
(boolean): whether to send an SMS even if the user is using the mobile application.[options.message]
(string): a message for the specific action, if one is set.[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires const response = await client; console;
Using promises
client ;
Using callbacks
client;
Using cli
❯ AUTHY_KEY=foobar authy user request sms 1635
requestCall({ authyId }, [options, callback])
Request a call with a token for users that don't own a smartphone. If the Authy app is in use by the user, this request is ignored and a push notification is sent instead.
Arguments
args
(Object): the required arguments object.args.authyId
(string): the user's Authy Id.[options]
(Object): the options object.[options.action]
(string): the action or context that is being validated.[options.force]
(boolean): whether to call the user even if the mobile application is in use.[options.message]
(string): a message for the specific action, if one is set.[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires const response = await client; console;
Using promises
client ;
Using callbacks
client;
Using cli
❯ AUTHY_KEY=foobar authy user request call 1635
verifyToken({ authyId, token }, [options, callback])
Verify if a token submitted by the user is valid or not.
Arguments
args
(Object): the required arguments object.args.authyId
(string): the user's Authy Id.args.token
(string): the token to verify.[options]
(Object): the options object.[options.force]
(boolean): whether to verify the token regardless of the user's login status.[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires const response = await client; console;
Using promises
client ;
Using callbacks
client;
Using cli
❯ AUTHY_KEY=foobar authy user verify --token 1234567
deleteUser({ authyId }, [options, callback])
Delete a user from the application.
Arguments
args
(Object): the required arguments object.args.authyId
(string): the user's Authy Id.[options]
(Object): the options object.[options.ip]
(string): the IP requesting to delete the user.[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires const response = await client; console;
Using promises
client ;
Using callbacks
client;
Using cli
❯ AUTHY_KEY=foobar authy user delete 1635
registerActivity({ authyId, data, type }, [options, callback])
Register a user activity.
Arguments
args
(Object): the required arguments object.args.authyId
(string): the user's Authy Id.args.type
(string): the activity type (one ofpassword_reset
,banned
,unbanned
orcookie_login
).[data]
(Object): a data object associated with the activity.[options]
(Object): the options object.[options.ip]
(string): the IP of the user registering the activity.[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires const response = await client; console;
Using promises
client ;
Using callbacks
client;
Using cli
❯ AUTHY_KEY=foobar authy activity create 1635 \ --data.reason foo \ --type banned \ --ip 127.0.0.1
getUserStatus({ authyId }, [options, callback])
Retrieve the user status, such as the registered country code, phone number, devices and confirmation status.
Arguments
args
(Object): the required arguments object.args.authyId
(string): the user's Authy Id.[options]
(Object): the options object.[options.ip]
(string): the IP of the user requesting to see the user details.[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires const response = await client; console;
Using promises
client ;
Using callbacks
client;
Using cli
❯ AUTHY_KEY=foobar authy user get status 1635
getApplicationDetails([options, callback])
Retrieve application details such as its name or current billing plan.
Arguments
[options]
(Object): the options object.[options.ip]
(string): the IP of the user requesting to see the application details.[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires const response = await client; console;
Using promises
client ;
Using callbacks
client;
Using cli
❯ AUTHY_KEY=foobar authy application get details
getApplicationStatistics([options, callback])
Retrieve application statistics by month and current quotas.
Arguments
[options]
(Object): the options object.[options.ip]
(string): the IP of the user requesting to see the application statistics.[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires const response = await client; console;
Using promises
client ;
Using callbacks
client;
Using cli
❯ AUTHY_KEY=foobar authy application get statistics
Phone Verification API
The Phone Verification API allows for a simple phone verification for situations where the complexity of the TOTP API is not required. First, a code is sent to the user's phone number and then that code is submitted back by the user. Authy verifies that the code matches the one issued for it.
startPhoneVerification({ countryCode, phone, via }, [options, callback])
Verify a phone number by sending it a verification code by SMS or call. Custom messages for the SMS are currently not working so support has not been added.
Arguments
args
(Object): the required arguments object.args.countryCode
(string): the user's phone country code in ISO 3166 alpha 2 format (recommended format, e.g.US
) or a numeric country calling code (use at your own risk).args.phone
(string): the user's phone number to verify.args.via
(string): the mechanism used to send the verification code (sms
orcall
).[options]
(Object): the options object.[options.locale]
(string): the locale of the message received by the user. If none is given, Authy will attempt to auto-detect it based on the country code passed, otherwise English will be used.[options.codeLength]
(integer): the number of verification digits sent (by default, 4). Allowed values are 4-10.[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires ; const response = await client; console;
Using promises
const enums = enums; client ;
Using callbacks
const enums = enums; client;
Using cli
❯ AUTHY_KEY=foobar authy phone verify 7754615609 US \ --locale=en \ --via=sms
verifyPhone({ countryCode, phone, token }, [callback])
Verify a phone number through a verification code.
Arguments
args
(Object): the required arguments object.args.countryCode
(string): the user's phone country code in ISO 3166 alpha 2 format (recommended format, e.g.US
) or a numeric country calling code (use at your own risk).args.phone
(string): the user's phone number to verify.args.token
(string): the token submitted by the user to verify the phone.[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires const response = await client; console;
Using promises
client ;
Using callbacks
client;
Using cli
❯ AUTHY_KEY=foobar authy phone verify 7754615609 US --token 1234
Phone Intelligence API
The Phone Intelligence API allows an application developer to retrieve information about a specific number such as its type (VoIP, landline or mobile) and carrier.
getPhoneInformation({ countryCode, phone }, [options, callback])
Verify a phone number by sending it a verification code by SMS or call. Custom messages for the SMS are currently not working so support has not been added.
Arguments
args
(Object): the required arguments object.args.countryCode
(string): the phone's country code in ISO 3166 alpha 2 format (recommended format, e.g.US
) or a numeric country calling code (use at your own risk).args.phone
(string): the phone's number to retrieve information about.[options]
(Object): the options object.[options.ip]
(string): the IP of the user requesting to retrieve information about the phone.[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires const response = await client; console;
Using promises
client ;
Using callbacks
client;
Using cli
❯ AUTHY_KEY=foobar authy phone get information 7754615609 US
OneTouch API
Authy OneTouch is an API that allows application developers to create simple approval requests so that users can frictionless approve or deny such request. It can be used for a variety of purposes, such as authentication (e.g. login approval) or validation (e.g. financial transaction approval).
When the user takes actions, Authy sends a GET or POST callback to a URL defined on the application dashboard. The request, which can optionally be cryptographically verified, allows for immediate reaction. An alternate polling method can also be used.
createApprovalRequest({ authyId, details, logos, message }, [options, callback])
Create an approval request for the given Authy Id and send it to the user as a push notification.
Arguments
args
(Object): the required arguments object.args.authyId
(string): the user's Authy Id.args.message
(string): the message shown to the user upon receiving the approval request.[details]
(Object): the details object.[details.hidden]
(Object): a dictionary of hidden details associated with the approval request.[details.visible]
(Object): a dictionary of visible details associated with the approval request.[logos]
(array): the custom logos collection.[logos.<n>]
(Object): a custom logo object.[logos.<n>.res]
(string): the target resolution of the custom logo (one ofdefault
,low
,med
orhigh
).[logos.<n>.url]
(string): the url of the custom logo image.[options]
(Object): the options object.[options.ttl]
(integer): the number of seconds that the approval request will be available for being responded. If set to0
, the approval request won't expire.[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires const response = await client; console;
Using promises
client;
Using callbacks
client;
Using cli
❯ AUTHY_KEY=foobar authy onetouch create 1635 \ 'Login requested for a CapTrade Bank account.' \ --hidden.ip_address 10.10.3.203 \ --logos.0.res default \ --logos.0.url 'https://example.com/logos/default.png' \ --logos.1.res low \ --logos.1.url 'https://example.com/logos/low.png' \ --visible.'Account Number' 981266321 \ --visible.location 'California, USA' \ --visible.username 'Bill Smith' \ --ttl 120
getApprovalRequest({ id }, [callback])
Get information about an approval request.
Arguments
args
(Object): the required arguments object.args.id
(string): the id of the approval request.[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires const response = await client; console;
Using promises
client ;
Using callbacks
client;
Using cli
❯ AUTHY_KEY=foobar authy phone get status 550e8400-e29b-41d4-a716-446655440000
verifyCallback({ body, headers, method, protocol, url }, [callback])
Authy callbacks contain a header (X-Authy-Signature
) with an HTTP HMAC signature of the request. This signature can be used to verify the authenticity of the request.
Currently, GET requests cannot be validated, as only POST requests contain such signature.
If you have configured your Authy application to receive callbacks for OneTouch approval requests, you should verify their authenticity.
Arguments
args
(Object): the required arguments object.args.body
(Object): the parsed body of the request.args.headers
(Object): the headers of the request.args.method
(string): the method of the request (GET
orPOST
).args.protocol
(string): the protocol of the request (http
orhttps
).args.url
(string): the url of the request (e.g./callback/onetouch
).[callback]
(Function): a callback, otherwise a Promise is returned.
Example
babel
)
Using await/async (requires await client; console;
Using promises
client;
Using callbacks
client;
Tests
To test using a local installation of node.js
:
npm test
To test using Docker exclusively:
docker-compose run --rm sut
Release
npm version [<newversion> | major | minor | patch] -m "Release %s"
License
MIT