Skip to main content
Use the Wavix 2FA API to generate one-time passwords (OTPs), send them via voice or SMS, and validate responses. Wavix automatically fails over between channels. For example, it calls a user if an SMS fails to ensure reliable delivery.
The 2FA API is available exclusively for Flex Pro users.

How Wavix 2FA works

To use the 2FA API, you must first create a 2FA Service. Each service defines:
  • The length of one-time passwords
  • Active delivery channels: voice, SMS, or both
  • Automatic failover settings
  • Phone number validation settings
You only need to create a service once. You can use it to send and verify as many OTPs as needed.
When you send an OTP via voice, Wavix calls the user and reads the code once they answer. Messages are read in English.

Verification flow

The following diagram provides a high-level view of the interaction between the User, your Application, and Wavix: The general 2FA flow is outlined below:
  1. A user provides their phone number to your application (e.g. through a form).
  2. You call the Wavix 2FA API to create a Verification.
  3. Wavix generates a unique OTP and sends it via the specified channel.
  4. The user enters the code in your application.
  5. You call the Wavix 2FA API to verify the code against the Verification ID.
  6. Wavix returns the results (success or failure).

Service restrictions

To prevent abuse, the following limits apply:
  1. Expiration: Codes are valid for 5 minutes.
  2. Validation attempts: You have a maximum of 5 attempts to validate a single code.
  3. Resend limit: You can send a maximum of 5 codes within a single Verification session.

Next steps

  • Service setup: A guide to creating and configuring a 2FA service in the Wavix portal.
  • API integration: A technical guide to implementing the verification flow in your application.