Skip to main content

Overview

This guide shows how to set up SMS-based two-factor authentication (2FA) using Plivo’s APIs and Node.js. Authentication with a one-time password (OTP) delivered to users via SMS is an effective way to secure your application.

Set up the demo application

First, clone the 2FA demo repository from GitHub and install the dependencies.
Next, edit config.js. Replace the auth placeholders with your credentials from the Plivo console. Add your Plivo phone number and set the phlo_id to null.

A review of the code

Here’s a walk-through of the key functions in the demo application.

Step 1: Generate the OTP

This function generates a random six-digit one-time password.

Step 2: Send an SMS with the OTP

This function sends an SMS message containing the OTP to the user’s number using Plivo’s Send Message API.

Failover: Make a voice call with the OTP

If the user doesn’t receive the SMS, they can request the OTP via a voice call using Plivo’s Make a Call API.

Step 3: Verify the OTP

This function checks if the OTP entered by the user matches the one stored in Redis.

Test

First, start the Redis server.
Then, run the application.
Use a tool like ngrok to expose your local server to the internet, then open the ngrok URL in your browser to see the demo app.