2FA Use Cases

This page provides details about the use cases for the 2FA API. Use the examples we provide here to build more complex applications. Use cases include:

• Send a 2FA OTP. – Add an extra layer of security to your application with an OTP.
• Send an OTP with Limits. – Add limits to the OTP you send. For example, block a phone number from requesting too many replacement OTPs within a set timeframe.
• Verify an OTP. – Verify that the verification code was sent to the destination.
• Cancel an OTP. – Quickly cancel an OTP you send.
• Retrieve Session Detail Record. – Get details about OTPs you send from your account.
• Retrieve a Record for a Single OTP. – Pull details about a specific OTP you send from your account.
• Get Usage Records for OTPs. – Find out the total number of OTPs you send for a specific channel (SMS, TTS).
• Get Usage Records for a Channel. – Retrieve all the usage records for a specific channel (SMS, TTS).
• Return Usage Records on a Schedule. – If you want usage records delivered on a set schedule, set that up here.
• Limit Number of OTPs. – See how you can use limits to prevent too many OTPs from being sent to the same phone number.
• Update a Limit for OTPs. – After you set a limit, update it with new requirements.
• Delete a Limit You Created for OTPs. – Remove a limit you created.
• Retrieve a List of Limits for OTPs. – Retrieve an exhaustive list of limits you created.
• Retrieve Limit Details by Limit Id. – Provide the unique ID for a limit and retrieve details about that limit.
• Create a Workflow – Combine different ways of sending an OTP to ensure your customer receives their code.
• Update a Workflow – Update a workflow by adding an event or changing/adding a description.
• Delete a Workflow – Remove workflows you don’t need anymore.
• Get a List of Workflows – Retrieve a list of all workflows for an account or sub-account.
• Get a Single Workflow – Get an individual workflow by its unique ID.

If you want to send regular SMS, please see the SMS/Bulk SMS API page.

Send a 2FA OTP

This example shows how to send a simple 2FA OTP to a customer. The settings are all default values. For the body parameter, put your message. For the verification code use {code}. Mitto will generate a random six digit code. For more details, see Send an OTP Endpoint.

Request

Response

{
"code":200,
"message":"OK",
"requestID":"OTPYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"
}

Send an OTP with Limits

Learn how to send an OTP where you place limits. For example, if you wanted to prevent a phone number from requesting too many OTPs within a set timeframe. This example shows you two limits, limit_on_ip and limit_on_phone. Limits are custom created by you. For more details, see Limit API Use Endpoint.

Request

Response

{
"code":200,
"message":"OK",
"requestID":"OTPYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"
}

Verify an OTP

Verify that the OTP you sent arrived via the channel you used (SMS, Voice).

Request

Response

{
"code":200,
"message":"OK",
"requestID":"OTPYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"
}

Cancel an OTP

By default, if you send a new OTP right after another OTP, Mitto cancels the first OTP. However, if you added the guardTime parameter to a sent OTP, then the first OTP stays valid for the length of the guardTime. In this case, you may want to cancel the first OTP. This example shows you how to cancel. You must have the requestId for the OTP you sent. For more details, refer to the Cancel an OTP Endpoint section.

Request

Response

If cancel is successful, you should see below response:
{
"code":200,"message":"canceled","requestID":"OTPabc2128918293123413216549879"
}

Retrieve Session Detail Record

You can retrieve information about OTPs sent during a session and filter what comes back. For details about filter options, refer to the Retrieve Session Detail Records Endpoint section.

Request

Response

Example response:
{
"page":0,
"num_pages":3,
"page_size":2,
"total":6,
"start":0,
"end":1,
"uri":"/2fa/search",
"first_page_uri":"/2fa/search?pageSize=2&page=0&accountSid=ACae6e420f425248d6a26948c17a9e2acf&status=success",
"previous_page_uri":null,
"next_page_uri":"/2fa/search?pageSize=2&page=1&accountSid=ACae6e420f425248d6a26948c17a9e2acf&status=success",
"twoFaOtpSdrs":[
{
"sid":"OTP2a73130a3c7d492c93d0b1234596f308",
"service":"2FA",
"accountSid":"ACae6e420f425248d6a26948c17a9e2acf",
"dateCreated":"2019-08-20 10:28:08",
"dateUpdated":"2019-08-20 10:28:49",
"status":"success",
"uri":"/2fa/search/OTP2a73130a3c7d492c93d0b1234596f308",
"checks":[
{
"sid":"OTC2c58e792946b4fc389d7711cafaa5e83",
"dateReceived":"2019-08-20 10:28:49",
"status":"valid",
"code":"312209"
}
],
{
"sid":"OTP02a7c56a08374eedb8789a1a038e7aae",
"service":"2FA",
"accountSid":"ACae6e420f425248d6a26948c17a9e2acf",
"dateCreated":"2019-08-20 02:43:11",
"dateUpdated":"2019-08-20 02:43:52",
"status":"success",
"uri":"/2fa/search/OTP02a7c56a08374eedb8789a1a038e7aae",
"checks":[
{
"sid":"OTC969ccb83b3cf40328c66719039c3b337",
"dateReceived":"2019-08-20 02:43:31",
"status":"invalid",
"code":"847992"
},
{
"sid":"OTC6991f661e3354a6fa1e0393c95168069",
"dateReceived":"2019-08-20 02:43:52",
"status":"valid",
"code":"347469"
}
],
"events":[
{
"sid":"OTEb6f211a28ed0412bb2c097a428d2ad5a",
"dateCreated":"2019-08-20 02:43:11",
"channel":"sms",
"sender":"12012751398",
"recipient":"919960639901",
"targetSid":"SM286fa07039ab498d80bd44d4cc91ac3c",
"channelStatus":"failed",
"channelErrorCode":null,
"channelErrorMessage":null
}
]
}
]
}

Retrieve a Record for a Single OTP

This example shows you how to retrieve details about a single OTP you sent. You need the requestId from the response when you requested the OTP. Place the request ID in the OTPSid spot in the URL. For more details see the Retrieve Session Detail Records Endpoint section.

Request

Response

Example response:
{
{
"sid":"OTPe2bd1d6583194aa1aa3892cea1e6d824",
"service" : "2FA",
"accountSid":"ACae6e420f425248d6a26948c17a9e2acf",
"dateCreated":"2019-07-22 04:40:31",
"dateUpdated":"2019-07-22 04:40:31",
"status":"expired",
"uri":"/2fa/search/OTPe2bd1d6583194aa1aa3892cea1e6d824",
"checks":[],
"events":[
{
"sid":"OTE243d763ffe7747b9a56d395a9e6a7923",
"dateCreated":"2019-07-22 04:40:31",
"channel":"sms",
"sender":"120120105123",
"recipient":"120120105124",
"targetSid":"SMd0a8b9819dfa42548bd3c306daade4f3",
"channelStatus":"undelivered",
"channelErrorCode":"30008",
"channelErrorMessage":"Unknown error"
}
]
}
}

Get Usage Records for OTPs

This example shows you how to find out how many OTPs you sent through any usage channel (SMS, TTS) for a variety of time periods. For more details see the API Usage Endpoint section.

Request

Response

{
"usageRecords":[
{
"channel":"All",
"description":"Total OTP sent, irrespective of channel or retry",
"accountSid":"ACae6e420f425248d6a26948c17a9e2acf",
"startTime":"2020-01-01",
"endTime":"2020-01-31",
"count":"14",
"unit":"OTP",
"uri":"/2fa/usage/records?startTime=2020-01-01&endTime=2020-01-31&accountSid=ACae6e420f425248d6a26948c17a9e2acf"
}
]
}

Get Usage Records For a Channel

You can retrieve usage records for SMS  (sms) or TTS (call) OTPs you’ve sent. This example shows you how you would retrieve records for the month of January, 2020.

Request

Response

{"usageRecords":
[{
"category":"call",
"description":"Total calls made for OTP",
"accountSid":"ACae6e420f425248d6a26948c17a9e2acf",
"startDate":"2019-07-01",
"endDate":"2019-07-23",
"count":"1249",
"unit":"Calls",
"uri":"/2fa/usage/record?channel=call&startDate=2019-07-01&endDate=2019-07-23"
}]}

Return Usage Records On a Schedule

You can return usage records on a schedule. In the URL, add a sub resource. For a list of sub resources, refer to the API Usage Endpoint section.

Request

Response

{
"usageRecords":[
{
"channel":"All",
"description":"Total OTP sent, irrespective of channel or retry",
"accountSid":"ACae6e420f425248d6a26948c17a9e2acf",
"startTime":"2019-08-05",
"endTime":"2019-08-05",
"count":"7",
"unit":"OTP",
"uri":"/2fa/usage/records/daily?channel=All&startTime=2019-07-24&accountSid=ACae6e420f425248d6a26948c17a9e2acf"
},
{
"channel":"All",
"description":"Total OTP sent, irrespective of channel or retry",
"accountSid":"ACae6e420f425248d6a26948c17a9e2acf",
"startTime":"2019-08-19",
"endTime":"2019-08-19",
"count":"4",
"unit":"OTP",
"uri":"/2fa/usage/records/daily?channel=All&startTime=2019-07-24&accountSid=ACae6e420f425248d6a26948c17a9e2acf"
},
{
"channel":"All",
"description":"Total OTP sent, irrespective of channel or retry",
"accountSid":"ACae6e420f425248d6a26948c17a9e2acf",
"startTime":"2019-08-20",
"endTime":"2019-08-20",
"count":"3",
"unit":"OTP",
"uri":"/2fa/usage/records/daily?channel=All&startTime=2019-07-24&accountSid=ACae6e420f425248d6a26948c17a9e2acf"
}
]
}

Limit Number of OTPs

Limiting OTPs can help you safeguard against malicious attacks like bots trying to sign in from one specific IP address or someone trying to generate too many OTPs. Mitto allows you to set a limit to the number of OTPs that can be sent to a specific number or IP address. There are additional kinds of limits you may want to create so for more information please refer to the Limit API Use Endpoint section.

Request

Response

Successful Response Example:

{
"data": {
"sid": "LMe7d332c72d2f40b9bfe8982425af14bc",
"name": "limit_on_phonenumber",
"buckets": "[{ \"name\":\"bucket1\", \"max\":\"1\", \"interval\":\"30\"},{ \"name\":\"bucket2\",
\"max\":\"2\", \"interval\":\"300\"}]",
28
"description": "limit on Phone Number",
"accountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"uri": "/2fa/limits/search/LMe7d332c72d2f40b9bfe8982425af14bc"
},
"code": 200,
"message": "OK"
}

Unsuccessful Response Example:
{
"code": 492,
"message": "Limit with that Name already exists",
"requestID": null
}

Update a Limit for OTPs

After you create a limit, you may want to alter it. This example shows you how to update an existing limit. For more information, refer to the Limit API Use Endpoint section.

Request

Response

Successful Response Example:

{
"data": {
"sid": "LM88170d5b0e1f4eb3ad724ffc8131c9c1",
"name": "limit_on_Session",
"buckets": "[{\"name\":\"bucket1\", \"max\":\"1\", \"interval\":\"30\"},{\"name\":\"bucket2\",
\"max\":\"2\", \"interval\":\"300\"}]",
"description": "limit on Phone Number of receiver blabla",
"accountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"uri": "/2fa/limits/search/LM88170d5b0e1f4eb3ad724ffc8131c9c1"
},
"code": 200,
"message": "OK"
}

Unsuccessful Response Example:

{
"code": 493,
"message": "Invalid Limit Id",
"requestID": null
}

Delete a Limit You Created For OTPs

If you want to remove a limit you created, this example will show you how. For more information about creating and working with limits, refer to the Limit API Use Endpoint section.

Request

Response

Successful Response Example:

{
"data": {
"sid": "LM4d9cfa53230848199d787a99f1b431a4",
"name": "limit_on_IP",
"buckets": "[{ \"name\":\"bucket1\", \"max\":\"1\", \"interval\":\"30\"},{ \"name\":\"bucket2\",
\"max\":\"2\", \"interval\":\"300\"}]",
"description": "limit on IP",
"accountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"uri": "/2fa/limits/search/LM4d9cfa53230848199d787a99f1b431a4"
},
"code": 200,
"message": "OK"
}

Unsuccessful Response Example:

{
"code": 493,
"message": "Invalid Limit Id",
"requestID": null
}

Retrieve a List of Limits For OTPs

You can retrieve an exhaustive list of the limits you created, or filter to retrieve a subset. For more details about limits, please refer to the Limit API Use Endpoint section.

Request

Response

{
"data": {
"result": [
{
"sid": "LM88170d5b0e1f4eb3ad724ffc8131c9c1",
"name": "limit_on_Session",
"buckets": "[{\"name\":\"bucket1\", \"max\":\"1\",
\"interval\":\"30\"},{\"name\":\"bucket2\", \"max\":\"2\", \"interval\":\"300\"}]",
"description": "limit on Phone Number of receiver blabla",
"accountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"uri": "/2fa/limits/search/LM88170d5b0e1f4eb3ad724ffc8131c9c1"
},
{
"sid": "LMe7d332c72d2f40b9bfe8982425af14bc",
"name": "limit_on_phonenumber",
"buckets": "[{ \"name\":\"bucket1\", \"max\":\"1\", \"interval\":\"30\"},{
\"name\":\"bucket2\", \"max\":\"2\", \"interval\":\"300\"}]",
"description": "limit on Phone Number",
"accountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"uri": "/2fa/limits/search/LMe7d332c72d2f40b9bfe8982425af14bc"
}
],
"pageSize": 10,
"total": 2,
"page": 0,
"numPages": 1,
"start": 0,
"end": 1,
"firstPageUri": "/2falimits/search/?pageSize=10&page=0",
"uri": "/2falimits/search/?pageSize=10&page=0"
},
"code": 200,
"message": "OK"
}

Retrieve OTP Limit Details by Limit ID

This example shows you how to retrieve details for a specific limit. For more details about limits, please refer to the Limit API Use Endpoint section.

Request

Response

{
"data": {
"sid": "LM88170d5b0e1f4eb3ad724ffc8131c9c1",
"name": "limit_on_Session",
"buckets": "[{\"name\":\"bucket1\", \"max\":\"1\", \"interval\":\"30\"},{\"name\":\"bucket2\",
\"max\":\"2\", \"interval\":\"300\"}]",
"description": "limit on Phone Number of receiver blabla",
"accountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"uri": "/2fa/limits/search/LM88170d5b0e1f4eb3ad724ffc8131c9c1"
},
"code": 200,
"message": "OK"
}

Create a Workflow

If you want to combine different channels for sending an OTP into a single workflow, start by creating a workflow. This example shows you how with a CURL request.

Request

Success Response

{
"data": {
"sid": "WFe7d332c72d2f40b9bfe8982425af14bc",
"name": "Workflow SSV",
"channels":[
{
"channel":"sms",
"interval":"0"
},
{
"channel":"sms",
"interval":"60"
},
{
"channel":"voice",
"interval":"60"
}
]
"description": "Workflow to send SMS, SMS and then Voice",
"accountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"accountEmail": "jane.doe@yourcompany.com",
"targetAccountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"targetAccountEmail": "jane.doe@yourcompany.com",
"uri": "/2fa/workflows/search/WFe7d332c72d2f40b9bfe8982425af14bc"
},
"code": 200,
"message": "OK"
}

Unsuccessful Response

{
"code": 495,
"message": "Workflow with that name already exists",
"requestID": null
}

Update a Workflow

Add an event to an existing workflow, or add/change the description for the workflow.

Request

Success Response

{
"data": {
"sid": "WFe7d332c72d2f40b9bfe8982425af14bc",
"name": "Workflow SSV",
"channels":[
{
"channel":"sms",
"interval":"0"
},
{
"channel":"sms",
"interval":"60"
},
{
"channel":"voice",
"interval":"120"
}
]
"description": "Workflow to send SMS, SMS and then Voice after double the time period",
"accountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"accountEmail": "jane.doe@yourcompany.com",
"targetAccountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"targetAccountEmail": "jane.doe@yourcompany.com",
"uri": "/2fa/workflows/search/WFe7d332c72d2f40b9bfe8982425af14bc"
},
"code": 200,
"message": "OK"
}

Unsuccessful Response

{
"code": 499,
"message": "Invalid Workflow Id",
"requestID": null
}

Delete a Workflow

Remove a workflow if you don’t need it anymore.

Request

Success Response

{
"data": {
"sid": "WFe7d332c72d2f40b9bfe8982425af14bc",
"name": "Workflow SSV",
"channels":[
{
"channel":"sms",
"interval":"0"
},
{
"channel":"sms",
"interval":"60"
},
{
"channel":"voice",
"interval":"120"
}
]
"description": "Workflow to send SMS, SMS and then Voice after double the time period",
"accountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"accountEmail": "jane.doe@yourcompany.com",
"targetAccountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"targetAccountEmail": "jane.doe@yourcompany.com",
"uri": "/2fa/workflows/search/WFe7d332c72d2f40b9bfe8982425af14bc"
},
"code": 200,
"message": "OK"
}

Unsuccessful Response

{
"code": 499,
"message": "Invalid Workflow Id",
"requestID": null
}

Get a List of Workflows

Retrieve a list of available workflows for an account or sub-account.

Request

Response

{
"data": {
"result": [
{
"sid": "WFe7d332c72d2f40b9bfe8982425af14bc",
"name": "Workflow SSV",
"channels":[
{
"channel":"sms",
"interval":"0"
},
{
"channel":"sms",
"interval":"60"
},
{
"channel":"voice",
"interval":"120"
}
]
"description": "Workflow to send SMS, SMS and then Voice after double the time period",
"accountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"accountEmail": "jane.doe@yourcompany.com",
"targetAccountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"targetAccountEmail": "jane.doe@yourcompany.com",
"uri": "/2fa/workflows/search/WFe7d332c72d2f40b9bfe8982425af14bc"
},
{
"sid": "WFe7d332c72d2f40b9bfe8982425af14bd",
"name": "Workflow SVV",
"channels":[
{
"channel":"sms",
"interval":"0"
},
{
"channel":"voice",
"interval":"60"
},
{
"channel":"voice",
"interval":"60"
}
]
"description": "Workflow to send SMS, Voice and then Voice",
"accountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"accountEmail": "jane.doe@yourcompany.com",
"targetAccountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"targetAccountEmail": "jane.doe@yourcompany.com",
"uri": "/2fa/workflows/search/WFe7d332c72d2f40b9bfe8982425af14bd"
}
],
"pageSize": 10,
"total": 2,
"page": 0,
"numPages": 1,
"start": 0,
"end": 1,
"firstPageUri": "/workflows/search/?pageSize=10&page=0",
"uri": "/workflows/search/?pageSize=10&page=0"
},
"code": 200,
"message": "OK"
}

Get a Single Workflow

Retrieve a single workflow for an account or sub-account using that workflow’s unique ID.

Request

Response

{
"data": {
"sid": "WFe7d332c72d2f40b9bfe8982425af14bc",
"name": "Workflow SSV",
"channels":[
{
"channel":"sms",
"interval":"0"
},
{
"channel":"sms",
"interval":"60"
},
{
"channel":"voice",
"interval":"60"
}
]
"description": "Workflow to send SMS, SMS and then Voice",
"accountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"accountEmail": "jane.doe@yourcompany.com",
"targetAccountSid": "AC23f1b11bbb99a46436c365cb7bec246e",
"targetAccountEmail": "jane.doe@yourcompany.com",
"uri": "/2fa/workflows/search/WFe7d332c72d2f40b9bfe8982425af14bc"
},
"code": 200,
"message": "OK"
}