TOKEN2 Cloud API

• • •

HOW API WORKS

TRY IT!

PRICING

---

About Token2 Cloud API

Token2 API is a RESTful API for enabling two-factor authentication of users of a website or a web application. To start using Token2 API, you will need to create an account and add a site. This API uses keys that are different for each site.
We also have samples of using Token2 API in different programming languages (such as PHP and C#), as well as plugins for WordPress and Drupal available.

---

Create a user

API call to create and return a unique ID as well as secret key for a Token2 enabled user.

https://api.token2.com/createuser?api=[api_key]&phone=[mobile_phone]&email=[email]&type=[authentication type]&pin=[pin code]&format=[response format]

This API call requires the following arguments to be provided:

• api - the API key for the website. Can be obtained by clicking on the site's name in the control panel
• phone - the mobile phone number of the user in e.164 format. This number will be used to send OTP by SMS and to reset access for mobile application users
• email - User's email address
• type - Authentication type to be used. Following values are possible: 0 - mobile application only (default), 1 - SMS based , 2 - email based (for testing purposes only, not recommended for production use)
• pin - PIN code, required for mobile application users (can be set to a random 4 digit value for SMS based authentication type)
• format - format of the response data. Values: 1- json, 2- xml, 3- simplified plain text (true or false, no details or description), 0- serialized data (default)

Response
This call return the following data upon successful execution:

• response - result's description (e.g. "user created")
• userid - user's unique ID. This ID will need to be stored and associated with your local user database. User ID is required to validate/generate/send OTP codes
• success - returns "true" if the user was successfully created and assigned a unique Token2 ID
• hash - User's secret key to be added to the Token2 Mobile Application
• hashqr - QR Code image URL of user's secret key to be scanned using Token2 Mobile Application

---

Validate an OTP

API call to validate an OTP password provided by user.

https://api.token2.com/validate?api=[api key]&token=[token]&userid=[User's Token2 ID]&format=[response format]

This API call requires the following arguments to be provided:

• api - the API key for the website. Can be obtained by clicking on the site's name in the control panel
• userid - User's Token2 ID.
• token - OTP to be verified
• format - format of the response data. Values: 1- json, 2- xml, 3- simplified plain text (true or false, no details or description), 0- serialized data (default)

Response
This call return the following data upon successful execution:

• response - result's description in English (e.g. "OTP generated and sent by SMS")
• userid - User's Token2 ID
• siteid - Site ID
• validation - returns "true" if OTP provided via API is valid, or "false" if not valid. Use this value to check if user should be authenticated.

---

Generate and Send OTP by SMS

This API call is used to send OTP by SMS for SMS based authentication type.

https://api.token2.com/send?api=[api key]&userid=[User's Token2 ID]

This API call requires the following arguments to be provided:

• api - the API key for the website. Can be obtained by clicking on the site's name in the control panel
• userid - User's Token2 ID.

Response
This call return the following data upon successful execution:

• response - result's description in English (e.g. "OTP generated and sent by SMS")
• userid - User's Token2 ID
• siteid - Site ID
• success - returns "true" if OTP was successfully generated and sent

---

Documentation

• API Samples
• Wordpress Plugin
• Drupal Plugin