ℹ️ The Auron SMS Server is now Auron Omni. Learn more here.

How can we help?

Add 2FA / MFA or OTP to your application

There are three common ways to strengthen the security of your login page:

  • 2-factor authentication (2FA)
  • Multi-factor authentication (MFA)
  • One-time passwords (OTP)

All of these methods rely on sending a code to a known phone number or email address of your user. Users verify access by entering the code they receive.

It makes sense to use Auron Omni for this. With Auron Omni, you can configure and change which SMS provider sends the message. You can also set up fallbacks to a different SMS provider, a GSM modem, or even email. This keeps your solution reliable and resilient.

Setting this up with Auron Omni is straightforward. In this article, we guide you through the steps. We assume you already have a login page in PHP and only need to add the part that sends and verifies authorization codes.

1. Set up your SMS channel(s)

Start by setting up a connection to your SMS provider. In most cases, you connect directly over the internet using SMPP or HTTP. For low volumes, you can also use a GSM modem or an Android phone.

A key benefit of Auron Omni is the ability to use multiple SMS channels. You can configure a fallback channel if one goes down. You can also route messages based on region to use the most cost-effective provider.

SMPP Channel

SMPP Channel

In this case, we set up a connection to the test and demonstration gateway.

2. Set up the HTTP API

Auron Omni includes an HTTP API channel that is ideal for connecting directly from your web application.

HTTP API Channel

HTTP API Channel

You can use XML or JSON formatted requests to send SMS messages. It works with almost any programming language.

3. Send the authorization code

With the SMS and API channels in place, you can send and receive SMS messages through Auron Omni. In this step, you generate an authorization code and send it to the user.

This part depends on your web application. If you use PHP, it may look like this:

   // Generate a temporary authorization code
   $sNewCode = '';
   for ($i=0;$i<6;$i++)
   {
     $n = rand(0, 16);
     $sNewCode = $sNewCode.($n < 10 ? chr($n + 48): chr($n + 55));
   } 

   // Store the authorization code in your session 
   $_SESSION['code'] = $sNewCode; 
   $_SESSION['cval'] = date_add(date_create('now'), 
     date_interval_create_from_date_string('5 minutes')); 

   // The base URL is the Auron Omni + channel 
   $BASEURL = "http://localhost:7000/HTTP_API1"; 

   // Use the create.json to send an SMS using JSON 
   $url = $BASEURL . "/messagedb/create.json"; 

   // Send the SMS by creating the message as 'SCHEDULED'. 
   $objMessage = array( "message" => array(array( 
           "TypeID"                 => "SMS"
         , "StatusID"               => "SCHEDULED"
         , "ToAddress"              => $sToAddress
         , "Body"                   => 'Your authorization code: '.$sNewCode
     ))
   );
   
   // Make the API call
   $result = http_call($url, json_encode($objMessage));
   if ($result === FALSE) 
   {
     echo("<h2 style='color: #f00;'>Error while connecting to HTTP API. " . 
          " Please make sure you have an HTTP API channel configured.</h2>"); 
     exit; 
   }

This example generates a random access code and sends it through Auron Omni.

4. Verify the authorization code

The next step is for users to verify their authorization code.

In PHP, this can be as simple as:

   $sVerifyCode = $_SESSION['code'];
   if ($sVerifyCode != $sCode)
   {
     echo("<h2 style='color: #f00;'>Error: Invalid authorization code!</h2>"); 
     exit; 
   }

And that’s it.

You have now sent and verified your 2FA, MFA, or OTP authorization code.