Skip to main content
Once you have created a 2FA Service, use the methods below to implement the verification flow in your application.

Send a verification code

To send a code, create a Verification. Wavix automatically generates and sends the OTP. 
POST https://api.wavix.com/v1/two-fa/verification
Authorization: Bearer your_api_key
Content-Type: application/json
Request body: 
{
   "service_id": "7204a030201211ee9fb47d093f2f127c",
   "to": "37128782931",
   "channel": "sms"
}
  • service_id: The unique ID of your 2FA Service.
  • to: The destination phone number in E.164 format.
  • channel: Use sms or voice.
Response example: 
{
   "success": true,
   "service_id": "7204a030201211ee9fb47d093f2f127c",
   "destination": "37128782931",
   "session_id": "5f1a8680201511eeafdfcfc3dedfac51",
   "created_at": "2023-07-11T18:04:25.786Z",
   "number_lookup": {
      "number_type": "mobile",
      "country": "LV",
      "current_carrier": "Latvijas Mobilais Telefons"
   }
}
  • session_id: Use this ID to validate the OTP or resend the code.
  • number_lookup: Returned only if Number validation is enabled for the service.

Resend a verification code

If a user doesn’t receive the initial code or you want to try a different delivery method, use the resend method. While Wavix supports automatic channel failover, this method gives you manual control to resend a code via a specific channel (sms or voice). 
POST https://api.wavix.com/v1/two-fa/verification/{session_id}
Authorization: Bearer your_api_key
Content-Type: application/json
Request body: 
{
   "channel": "voice"
}

Validate an OTP

In order to validate an OTP entered by a user, use the method below: 
POST https://api.wavix.com/v1/two-fa/verification/{session_id}/check
Authorization: Bearer your_api_key
Content-Type: application/json
Request body: 
{
   "code": "749503"
}
Response: 
{
    "is_valid": true
}

Additional operations

Cancel a Verification

You can cancel a Verification to invalidate all codes and prevent further resends. 
PATCH https://api.wavix.com/v1/two-fa/verification/{session_id}/cancel
Authorization: Bearer your_api_key

Query service logs

Retrieve active Verifications and their associated events. 
GET https://api.wavix.com/v1/two-fa/service/{service_id}/sessions?from=2023-07-01&to=2023-07-31
Authorization: Bearer your_api_key
To see specific events for a session: 
GET https://api.wavix.com/v1/two-fa/session/{session_id}/events
Authorization: Bearer your_api_key
Event types:
  • Number lookup: Wavix checked if the destination number is valid.
  • Code sent via SMS: OTP sent via text.
  • Code sent via voice: OTP sent via automated call.
  • Verification: A code validation attempt.