Two-Factor Authentication API

Integrating iSMS 2FA Two-Factor Authentication into your web applications or services, will provide additional security to users while they use your applications.
A One-Time Pin code will be sent to user via SMS to verify their identity and resume the process.

Mobile Number Verification

For 2FA Two-Factor Authentication, the iSMS system will require the user to insert their mobile number, followed by a One-Time Pin code number. When the user is prompt, keying in the OTP code will verify the user is real with a valid mobile number.

Types of Forms

Login Forms, Account Settings Update

A typical form requires user to insert info such as name, email, mobile number, etc. Because of this, many tend to use the browser's autofill feature to fill in the forms quickly. Such informations are easily hijacked by malicious users. To verify the person submitting the form is the owner himself, an OTP will be sent to the user's mobile phone. This is extremely useful when users need to update their profile info safely.

Login Form

During the login process, after successfully entering username and password, application sends out PIN to the phone number the customer supplied during the 2FA activation process. If PIN is retyped back into the app, this confirms with some level of certainty that the real account owner is trying to log in, since they know the password and have the phone present at that moment.

Account Settings Update

Many users choose to remember passwords via browsers or other password manager tools. Remember me options are very often used on personal computers and if such computer ends up in the wrong hands, nothing prevents them from entering the account. This is why crucial settings like email for password recovery are protected with 2FA. If a malicious user tries to hijack the account by replacing the original email, 2FA PIN will be sent out, and unless the phone was stolen with the computer as well, email update will fail.

Transaction Confirmation

Two-Factor Authentication over API

Two-factor authentication (2FA) is an extra layer of security that requires users to use both their online password and mobile phone to verify their identity to access a service or web app. In addition to using their service credentials to access sensitive data, the user also receives a one-time PIN number on their token or via SMS or Voice.

The one-time PIN (OTP) number is generated and sent to the user’s mobile phone. The user receives the OTP and types it into the application to confirm their identity. If the PIN number that was sent out to the user matches the one that is received, the user is allowed to continue with the process.

2FA API for HTTPs GET Resource

Sample Request
                                                

                                                https://www.isms.com.my/2FA/request.php

Step1: Send a 2FA request.

Step2: Check the status code in the response and ensure that you sent the request to iSMS correctly.

Step3: iSMS delivers your OTP to your user's handset.

Step4: Your user enters this OTP into your application.

Step5: Verify the OTP via iSMS API

Implementation Steps

iSMS API - Send/Request OTP

Property Name	Type	Description	Sample
*un	String	Username of iSMS account
pass	String	Password of iSMS account
mobile	String	Destination addresses without country code, all number must not start from 0(example: 164502380).	164502380
country_code	String	Mobile Country Code, example: 60	60
sendid	String	Represents sender ID and it can be alphanumeric or numeric. Alphanumeric sender ID length should be between 3 and 11 characters (example: CompanyName).Numeric sender ID length should be between 3 and 14 characters.	62033
type	String	Type of SMS 1 -ASCII (English, Bahasa Melayu,etc) 2- Unicode(Chinese, Japanese,etc)	1
message	string	Text of the message that will be sent, OTP parameter =%OTP% NOTE:%OTP% will convert to 6 digits OTP random Number	Your XXX OTP Code is :%OTP%


                                            Sample Request
							
                                            https://www.isms.com.my/2FA/request.php?mobile=12345678&country_code=60&un=xxx&pass=xxx&type=1&sendid=MOBIWEB&message=your%20OTP%20CODE%20%OTP%


                                                        Server Response Detail: Success
							
                                                        {"status":"Success","code":"147623","uuid":"bd9a1ff0-4f2c-11eb-9b62-008cfaff44de","username":"mobiwebtest","sms_id":"1171081025","mobile":"+601711122334"}

Response Code	Description
status	Success
code	OTP Code
mobile	Destination Mobile
uuid	Message ID
sms_id	SMS Transaction ID


                                                        Server Response Detail: Fail

                                                        {"status":"Failed","message":"Incorrect OTP Code","uuid":"1a1e1b86-4f2d-11eb-9b62-008cfaff44de","sms_id":"1171081605","code":"408902","mobile":"+60175118885"}

Response Code	Description
status	Fail
message	Error Message
uuid	Message ID
sms_id	SMS Transaction ID
mobile	Destination Mobile
code	OTP Code

iSMS API - Verify OTP

Property Name	Type	Description	Sample
un	String	Username of iSMS account
pass	String	Password of iSMS account
mobile	String	Destination addresses without country code, all number must not start from 0 (example: 164502380).	164502380
country_code	String	Mobile Country Code, example: 60	60
sendid	String	Represents sender ID and it can be alphanumeric or numeric. Alphanumeric sender ID length should be between 3 and 11 characters(example: CompanyName). Numeric sender ID length should be between 3 and 14 characters.	62033
Interval	Integer	OTP expiry time by minute example: 3 = OTP expired in 3 minutes	3
method	String	Method of OTP Verification	verify
code	Integer	OTP Code	123456


                                                    Sample Request
							
                                                    https://www.isms.com.my/2FA/request.php?interval=3&mobile=12345678&country_code=60&un=xxxx&pass=xxxx&sendid=MOBIWEB&method=verify&code=515296


                                                            Server Response Detail: Success
							
                                                            {"status":"Verified","code":"515296","mobile":"+60175118885"}

Response Code	Description
status	Verified OTP
code	OTP Code
mobile	Destination Mobile


                                                            Server Response Detail: Fail

                                                            {"status":"Failed","message":"Code expired","code":"515296","mobile":"+60175118885"}

Response Code	Description
status	Failed to verify
Code	OTP Code
message	Error Message
mobile	Destination Mobile

iSMS API - Check Balance


                                                    Sample Request
							
                                                    https://www.isms.com.my/2FA/request.php?un=xxxxxx&pass=xxxxx&method=balance

Property Name	Type	Description	Sample
un	String	Username of iSMS account
pass	String	Password of iSMS account
method	String	Set method = balance	balance


                                                    Server Response Detail

                                                    {"method":"balance","balance":"81.0","expiration":"29 Apr 2021"}

Response Code	Description
method	Request method you use
balance	iSMS account balance
expiration	Account Expiry Date

Scroll