How to Build a 2FA Application the Low-Code Way Using PHLO

How to Build a 2FA Application the Low-Code Way Using PHLO

Two-factor authentication (2FA) protects organizations and individuals from unauthorized data access by requiring a level of authentication beyond username and password, to provide added security in the event that those credentials are compromised. One of the simplest ways to institute 2FA types is by sending a one-time password (OTP) sent through a separate communication channel — namely, SMS messaging.

Plivo makes it easy to add 2FA via OTP delivered over SMS to your applications. Whether your applications are coded in Python, Ruby, Node.js, PHP, or C#, we’ve got you covered with language-specific SDKs.

You can create and deploy a PHLO to handle 2FA with a few clicks on the PHLO canvas and trigger it with a few lines of code.


To get started, you need a Plivo account — sign up with your work email address if you don’t have one already. If this is your first time triggering a PHLO with Node.js, follow our instructions to set up a Node.js development environment.

Create the PHLO

Plivo provides a prototype for 2FA; all you have to do is select the PHLO and give it a friendly name.

Set up the demo application locally

Once you‘ve created the PHLO, download and modify the code to trigger it which is available in 5 different languages which are Python, Ruby, Node.js, PHP, or C#.

Update the config file

Edit the config file. Replace the auth placeholders with your authentication credentials from the Plivo console. Enter your PHLO ID, which you can find on the Plivo console. Replace the phone number placeholder with an actual phone number in E.164 format (for example, +12025551234).

Configuration file

Trigger PHLO

Send SMS and make a call

          def send_verification_code_phlo(self,dst_number,code,mode):
          payload = {
              "from": self.app_number,
              "to": dst_number,
              "otp": code,
              "mode": mode,
              phlo = self.client_phlo.phlo.get(self.phlo_id)
              response =**payload)
              return response
          except exceptions as e:
              return ("Error encountered", 400)

Verify the OTP

        def check_code(number, code):
            check_code(number, code) accepts a number and the code entered by the user and
            tells if the code entered for that number is correct or not

            original_code = current_app.redis.get("number:%s:code" % number)
            if original_code == code:  # verification successful, delete the code
                current_app.redis.delete("number:%s:code" % number)
                return (jsonify({"status": "success", "message": "codes match, number verified"}),200,)
            elif original_code != code:
                return (
                            "status": "rejected",
                            "message": "codes do not match, number not verified",
                return (jsonify({"status": "failed", "message": "number not found"}), 500)

The finished application should look like this.

Simple and reliable

Edit the sample application to see how simple it was to code. Our simple APIs work in tandem with our comprehensive global network. Plivo’s premium direct routes guarantee highest possible delivery rates and the shortest possible delivery times for your 2FA SMS and voice messages. See for yourself — sign up for a free trial account.

Get Volume Pricing

Thousands of businesses in more than 220 countries trust Plivo’s cloud communications platform

The best communications platform forthe world’s leading entertainment service

Frequently asked questions

No items found.
footer bg

Subscribe to Our Newsletter

Get monthly product and feature updates, the latest industry news, and more!

Thank you icon
Thank you!
Thank you for subscribing
Oops! Something went wrong while submitting the form.