Implement SMS OTP Authentication Flow
You can easily implement a phone number based login and authentication flow with Streambird OTP API. Alternatively, you can also use our one-time passcode API to complement your existing authentication flow as a multi-factor authentication as shown here.
This example assumes that you are using the Streambird Auth API in your backend using your Streambird ApiKey
that has access to your entire App
on Streambird.
1 - Implement OTP UI
Implement two UI screens to enable OTP
UI to enter phone number
UI to enter phone number
2 - Register or Create user
Each user must be stored on Streambird Auth, so we recommend ensuring that you store our auto generated User ID from the response into your database/backend in a column or field against that user (as long as you can associate your user with the auto generated ID returned by Streambird).
We will ensure that each mobile number or email is ONLY attached to a single user at any time. We will be using the LoginOrCreateUserBySMS, if a user is found with the provided phone number, it will be returned and OTP (one-time passcode) sent out, otherwise, a new user will be created on the fly (aka JIT, Just in time).
3 - Verify OTP
In the previous step, Streambird Auth will return a response like the following,
{
"phone_number_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
"user_active": true,
"user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}
The phone_number_id
will be used as the method_id
in the VerifyOTP endpoint.
If you send in session_token
or session_expires_in
parameters, a new session will then be created or extended for the given user and the session token returned.
{
"method_id": "pn_24oXBLRv6BoHXbNZoTAZkAFlRsy",
"method_type": "phone_number",
"session_token": "Fe8byh3HfbdopzNBu36hSMBDYDZGJAegwE9PvA3R0Ynqw1GBMpnABxuOveA0sAhU",
"user_id": "user_24wFP9pDa9YiMJLun94iKykoZs2"
}
You can then return your existing access token or session cookie to your user like you currently do in your application.
In the case where the user typed in invalid OTP, we will return
{
"status_code": 400,
"error_message": "Invalid OTP Code.",
"error_type": "invalid_otp"
}
You can return or display this error to your user via your API or application.
Voila! You have now integrated 2-factor Authentication (2FA/MFA) and Signup into your application without building and maintaining additional infrastructures. Let us take care of Authentication and you can focus on your core product.
This session_token
returned can also be used and stored with the user browser-side via cookie/localStorage if you want to use our Sessions API provided by Streambird to manage sessions lifecyle for your User.