Skip to main content
Version: Python

Magical Auth

The Magical Auth API is a complete 2FA solution that allows you to verify a user via their phone. Magical Auth automatically detects the user's device capabilities and selects the most secure method of verification available all while providing a seamless and invisible user experience.

The Magical Auth service has 2 main endpoint:

  • Start Verification: This endpoint allows you to start the verification process. You can provide a phone number and the system will initiate the verification process based on the user's device capabilities.
  • Check Code: This endpoint allows you to check the code provided by the user. This can be a silent 2FA code or a code sent to the user's device / email / sms.

Overview

When you start the verification process you will get back a response with the type of verification chosen by the system based on the user's device capabilities. The verification channels can be:

  • SIM based verification - The system will validate the user based on the SIM card in the device (silent).
  • IP based verification - The system will validate the user based on the IP address of the device on the mobile network (silent).
  • RBM based verification - The system will validate the user based on an RBM message sent to the device (silent).
  • SMS based verification - The system will validate the user based on an SMS message sent to the device.
  • Email based verification - The system will validate the user based on an email sent to the user's email address.

In all flows, you will end up with a code / token to check the verification status. You can use the verifyAuth endpoint to check if the code is valid and if the verification was successful.