Token2 Cloud API

Token2 API is a RESTful API for enabling two-factor authentication of users of a website or a web application. To start using Token2 API, you will need to create an account and add a site. This API uses keys that are different for each site.
We also have samples of using Token2 API in different programming languages (such as PHP and C#), as well as plugins for WordPress and Drupal available.
This page is about Token2 Cloud API. Refer to this page for Token2 TOTPRadius Web API.

Create a user

API call to create and return a unique ID as well as secret key for a Token2 enabled user.
https://api.token2.com/createuser?api=[api_key]&phone=[mobile_phone]&email=[email]&type=[authentication type]&pin=[pin code]&format=[response format]

This API call requires the following arguments to be provided:
  • api - the API key for the website. Can be obtained by clicking on the site's name in the control panel
  • phone - the mobile phone number of the user in e.164 format. This number will be used to send OTP by SMS and to reset access for mobile application users
  • email - User's email address
  • type - Authentication type to be used. Following values are possible: 0 - mobile application only (default), 1 - SMS based , 2 - email based (for testing purposes only, not recommended for production use)
  • pin - PIN code, required for mobile application users (can be set to a random 4 digit value for SMS based authentication type)
  • format - format of the response data. Values: 1- json, 2- xml, 3- simplified plain text (true or false, no details or description), 0- serialized data (default)
Response
This call return the following data upon successful execution:
  • response - result's description (e.g. "user created")
  • userid - user's unique ID. This ID will need to be stored and associated with your local user database. User ID is required to validate/generate/send OTP codes
  • success - returns "true" if the user was successfully created and assigned a unique Token2 ID
  • hash - User's secret key to be added to the Token2 Mobile Application
  • hashqr - QR Code image URL of user's secret key to be scanned using Token2 Mobile Application

Validate an OTP

API call to validate an OTP password provided by user.
https://api.token2.com/validate?api=[api key]&token=[token]&userid=[User's Token2 ID]&format=[response format]

This API call requires the following arguments to be provided:
  • api - the API key for the website. Can be obtained by clicking on the site's name in the control panel
  • userid - User's Token2 ID.
  • token - OTP to be verified
  • format - format of the response data. Values: 1- json, 2- xml, 3- simplified plain text (true or false, no details or description), 0- serialized data (default)
Response
This call return the following data upon successful execution:
  • response - result's description in English (e.g. "OTP generated and sent by SMS")
  • userid - User's Token2 ID
  • siteid - Site ID
  • validation - returns "true" if OTP provided via API is valid, or "false" if not valid. Use this value to check if user should be authenticated.

Generate and Send OTP by SMS

This API call is used to send OTP by SMS for SMS based authentication type.
https://api.token2.com/send?api=[api key]&userid=[User's Token2 ID]

This API call requires the following arguments to be provided:
  • api - the API key for the website. Can be obtained by clicking on the site's name in the control panel
  • userid - User's Token2 ID.
Response
This call return the following data upon successful execution:
  • response - result's description in English (e.g. "OTP generated and sent by SMS")
  • userid - User's Token2 ID
  • siteid - Site ID
  • success - returns "true" if OTP was successfully generated and sent