Fyno Verify
Fyno Verify offers a fully managed API for seamless multichannel user verification via OTP.
Elevate your onboarding and login process with a single API that handles the entire OTP generation, delivery and verification process in a secure way.
Why Fyno Verify?
Verification is an essential first step in your online relationship with a user. By verifying that a new user is who they say they are, you can reduce spam and fraud on your site while ensuring the user's security.
Fyno Verify supports SMS, Email, WhatsApp, Push, InApp and Voice.
How to configure Fyno Verify
-
Go to Workspace Settings → Add On's.
-
Enable Fyno Verify toggle.
-
In the pop-up, configure your settings for OTP.
- Choose between a numeric or an alphanumeric OTP.
- Specify the desired number of characters for the OTP. You can choose between 3 and 6 characters
- Define the OTP validation time. You can choose between 60 seconds and 48 hours.
- Set the number of allowed retries. You can choose between 1 and 10 retries
- Decide whether to use the same OTP for selected channels or opt for different OTPs.
- Pick the notification events (multi-select) that should trigger the Verify API.
-
Select
Yes
in 'Use destination as id', if you want to send the destination(email/phone no etc) as id in the request once OTP is entered by the users in your app/website. -
If you choose
No
in 'Use destination as id', then you need to sendrequest_id
as part of Fyno Verify API request to verify the OTP.
Sample Fyno Verify API requests
- If 'Use destination as id' is
No
and 'Same OTP for all channels' thenhttps://api.fyno.io/v1/{{WSID}}/live/verify/validate?request_id=0b59df61-c587-4f44-a669-f0177a161b81&otp=2811
For instance, if a user from Bank XYZ attempts to log in using their customer ID, the bank will send an OTP via SMS and email. The user can retrieve the OTP from either channel and enter it on the bank's login page.
- If the OTP validation is successful, Fyno will update it as 'Verified' for both Email and SMS in logs.
- If the OTP validation fails, Fyno will update it as 'Failed to Verify' for both Email and SMS in logs.
- If 'Use destination as id' is
No
and 'Different OTP for all channels' then
https://api.fyno.io/v1/{{WSID}}/live/verify/validate?request_id=0b59df61-c587-4f44-a669-f0177a161b81&otp=2811
For instance, if a user from Bank XYZ attempts to log in using their customer ID, the bank will send different OTP via SMS and email, say '4561' in SMS and '7891' in Email.
- If the user enters '4561' and OTP validation is successful, Fyno will update it as 'Verified' for SMS in logs.
- If the user enters '7891' and OTP validation is successful, Fyno will update it as 'Verified' for Email in logs.
- If the OTP validation fails, Fyno will update it as 'Failed to Verify' for both Email and SMS in logs.
- If 'Use destination as id' is
Yes
and 'Same OTP for all channels', thenhttps://api.fyno.io/v1/{{WSID}}/live/verify/validate?otp=2811&destination=91xxxxxxxxxx
'
For instance, if a user from Bank ABC attempts to log in using their customer ID, the bank will send an OTP via SMS and email. The user can retrieve the OTP from either channel and enter it on the bank's login page.
- If the OTP validation is successful, Fyno will update it as 'Verified' for both Email and SMS in logs.
- If the OTP validation fails, Fyno will update it as 'Failed to Verify' for both Email and SMS in logs.
- If 'Use destination as id' is
Yes
and 'Different OTP for all channels', then
https://api.fyno.io/v1/{{WSID}}/live/verify/validate?otp=2811&destination=91xxxxxxxxxx
'
For instance, if a user from Bank ABC attempts to log in using their customer ID, the bank will send different OTP via SMS and email, say '4561' in SMS and '7891' in Email.
- If the user enters '4561' and OTP validation is successful, Fyno will update it as 'Verified' for SMS in logs.
- If the user enters '7891' and OTP validation is successful, Fyno will update it as 'Verified' for Email in logs.
- If the OTP validation fails, Fyno will update it as 'Failed to Verify' for both Email and SMS in logs.
WSID
- Workspace Id
Use {{$fyno.$otp}} as the OTP placeholder in your Fyno template.
How Fyno Verify Works - A User's Perspective
For instance, brand ABC is using Fyno Verify to authenticate their users.
- User enters their phone number or email in the ABC's app/website.
- ABC triggers Fyno’s Notification event from their backend which generates an OTP
- Fyno sends the OTP via selected channel(s) configured in the notification event to the user
- User enters the OTP in the brand ABC's app/website.
- ABC backend calls Fyno Verify API to validate the OTP(sample request in the previous section)
- Fyno verifies the user-entered OTP and forwards the response to the ABC's application, yielding four potential outcomes/statuses:
200: { "status": "ok", "_message": "verified" }
400: { "status": "error", "_message": "verify-attempt-failed", "attempt_left": 2 }
400: { "status": "error", "_message": "verify-attempt-exceeded", "attempt_left": 0 }
400: { "status": "error", "_message": "Not a valid request" }
- If the OTP validation fails, the user will have the opportunity to retry. The number of retries allowed is based on the option configured.
- Once the user has exhausted all the retries, it is at the discretion of brand ABC to determine the waiting period before allowing the same user to retry.
Updated about 1 year ago