Magical Auth
The Magical Auth API is a complete 2FA solution that allows you to verify a user via their phone. Magical Auth automatically detects the user's device capabilities and selects the most secure method of verification available all while providing a seamless and invisible user experience.
The Magical Auth service has 2 main endpoint:
- Start Verification: This endpoint allows you to start the verification process. You can provide a phone number and the system will initiate the verification process based on the user's device capabilities.
- Check Code: This endpoint allows you to check the code provided by the user. This can be a silent 2FA code or a code sent to the user's device / email / sms.
Overview
When you start the verification process you will get back a response with the type of verification chosen by the system based on the user's device capabilities. The verification channels can be:
- SIM based verification - The system will validate the user based on the SIM card in the device (silent).
- IP based verification - The system will validate the user based on the IP address of the device on the mobile network (silent).
- RBM based verification - The system will validate the user based on an RBM message sent to the device (silent).
- SMS based verification - The system will validate the user based on an SMS message sent to the device.
- Email based verification - The system will validate the user based on an email sent to the user's email address.
In all flows, you will end up with a code / token to check the verification status. You can use the verifyAuth
endpoint to check if the code is valid and if the verification was successful.