Multi-Factor Authentication Quickstart


To get started, please read and familiarize yourself with the SMFA (Syniverse Multi-factor Authentication) Service offering Overview guide and API resource documents. Both documents are available in the SDC portal and can be accessed under the Documents menu.

Once registration is completed through the SDC (Syniverse Developer Community) portal, login to SDC.

After login, proceed to subscribe or verify subscription to the MFA service offering by following the instructions below:

  • Subscribe to MFA
    • Navigate to Service Offering in the SDC portal
    • If you are already subscribed, you should see "Subscribed accounts ; 1"

    • If not, click Multi-Factor Authentication Service
    • Expand "Subscriptions" menu
    • Click "Subscribe..." and select "Initial account for [Your username]" or your Account if different from your initial account
    • Accept Terms of Service
    • Verify that your "Initial account for [Your username]" is listed in Subscriptions
  • Create a Service Application
    • Click "Create new"
    • Give your Application a name and description, Click Save
    • Click icon next to your app name and select "Edit"
    • Expand "Account & APIs" menu
    • Select the "Initial account for [Your username]" from drop down menu
    • Turn "SMFA" and "Whitelisting Services" On
    • Expand "Auth Keys"
    • You can Re-Generate the Access token (optional)
    • Copy and store keys in a safe place
    • Click "Save"

Now you are ready to use the MFA service.

Syniverse Multi-factor authentication service APIs can be used to Create a MFA app and users, Associate a mobile user, Validate the user and thereafter authenticated those registered users against your applications. Tokens generated for authenticating users can be delivery via SMS, Voice (Text to Speech) or via Push notification delivery service.

To invoke the SMFA service using SMS token Delivery, Customers will need a Sender ID (Shortcode) or if recipients are in US, may use a default Public channel provided by Syniverse.

To execute a MFA call, Customers will need to have the following information ready:

  • SMFA Base URL: https://api.syniverse.com/scg-external-api/api/v1
  • A Channel ID or a Sender ID. SCG provides a Public Channel ID for your convenience. Please note that if you are Authenticating user outside of the US, a Private Sender ID (Longcode/shortcode) is required.
  • Bearer Token: This is your Access token that is generated with your registered application.

Using your application, below are the sequence of events to perform a MFA:



1. Create MFA application with public channel or Sender ID

The MFA application should include the following:

  • "name" = name of your application
  • "description" = description of your MFA application service
  • "auth_code_length" = Number of characters you want your code to be.
  • "auth_token_type" = token type which could be (NUMERIC, COMPLEX, ALPHA, ALPHANUMERIC)
  • "auth_token_validity_duration" = validity period of your token (in secs)
  • "message_from" = This is the sender ID (Shortcode, Longcode, PUSH ) you have provisioned for your MFA application to deliver token to the end-user's address
  • "associate_template" = Body message you want to use to compose the token delivery instructions to the user. Includes inline template attributes ${display_name} and ${PIN}
  • "login_template" = Body message to subsequently use in composing a delivery token message to the user
curl -X POST -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" -d {"name":"Kolanator_MFA Service","description":"Kolanator website mfa service","auth_code_length":6, "auth_token_type":"NUMERIC","auth_token_validity_duration":"600","message_from":"NdET2v9bQGVws4DOJyM758","associate_template":"Please verify your mobile number by entering the ${display_name} validation code ${pin}. Reply STOP to end ", "login_template":"Your ${display_name} validation code is ${pin}. Enter the code in the next ${validity_duration} min. Reply STOP to end ' <a href="https://api.syniverse.com/mfa/v1/applications">https://api.syniverse.com/mfa/v1/applications</a>


Response: {XkpeXN1wkJK4ay0wKcwvC1}

2. Associate a user with your application

This associates a user’s mobile number with the application that was created. You need to use the identifier that was created when the application was created.

You will need the following values:

  • Application ID - from when the MFA was created (XkpeXN1wkJK4ay0wKcwvC1)
  • User ID - A unique identifier that you can create for the user you are trying to associate with your application. This could be the name of the user, or an account number, e.g David_Smith
curl -X POST -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" -d '{"display_name":"Kolanator", "address":"+14085551212"}' <a href="https://api.syniverse.com/mfa/v1/applications/XkpeXN1wkJK4ay0wKcwvC1/users/Kola/associate">https://api.syniverse.com/mfa/v1/applications/XkpeXN1wkJK4ay0wKcwvC1/users/David_Smith/associate</a>


3. Validate a user

This validates that the user’s mobile number is authenticated with your application.

curl -X POST \
  <a href="https://api.syniverse.com/mfa/v1/applications/">https://api.syniverse.com/mfa/v1/applications/</a>XkpeXN1wkJK4ay0wKcwvC1/users/David_Smith/validate \
  -H 'Authorization: Bearer Token' \
  -H 'Content-Type: application/json' \
 -d '{"validation_code":"839020"}'


4. Login start

This is the subsequent call made to authenticated the user anytime they log in to your application. This call is optional and solely dependent on your authentication policy

curl -X POST -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" -d '{"display_name":"Kolanator"}' <a href="https://api.syniverse.com/mfa/v1/applications/XkpeXM1wkJK4ay0wKcwvC1/users/kola/login_start">https://api.syniverse.com/mfa/v1/applications/XkpeXM1wkJK4ay0wKcwvC1/users/David_Smith/login_start</a>


For more information on how to use the resources, please check out the MFA reference guide