GuidesAPI ReferenceCommunity
GuidesCommunityLog In

Authorize using SMS


Legacy Warning

Using SMS for Two-factor is considered e legacy feature. It is widely unsafe as it relies on the network provider and GSM technologies to ensure security. It also delivers a terrible user experience as the messages may take a lot of time to arrive, resulting in users frequently receiving expired tokens.

You should consider migrating to Google Authenticator. For more information, contact the integration support.

Before you begin, make sure you have a valid Consumer account with at least one verified mobile Phone number. For more information checkout the Phone Verification guide.

Enabling Two Factor Authorization

Start by configuring your two-factor secret generation. It will handle safely all your One Time Passwords (OTP) using .a robust security approach.

// Configure user account for 2FA secret generation
await bitcapital.twoFactor().configure({
  type: 'sms',
  // A sample user ID
  user: 'aa316e7b-54ca-4843-bad3-da9b03c96dda'

Sending One Time Passwords (OTPs)

With a valid User account, previously configured for Two Factor over SMS, send a token using the User ID.

// Sends OTP token over SMS
await bitcapital.twoFactor().sms({
  user: 'aa316e7b-54ca-4843-bad3-da9b03c96dda'

Authorizing requests using OTPs

Once enabled, you'll need to authorize some requests to the API using an OTP, previously sent over SMS. This token has an expiration period and cannot be used more than once.

Use it as a x-bitcapital-otp header in the needed API actions.

const reqOptions = {
  headers: 'x-bitcapital-otp': '123456'

const source = '9b1d1baa-a7a6-4cd9-ac40-616514d548b7';

// Pay 100 BRLD to Bob
const bob = {
  asset: 'root', // 'root' for BRLD, or the asset code
  amount: '100',
  destination: '82b24cfc-8421-419c-9ff8-333d0e91cdaa', // Bob Wallet ID

// Perform P2P transaction
const transaction = await bitcapital.payments()
  .pay({ source, recipients: [bob]}, reqOptions);

Legacy Mode

As legacy mode, you can use Phone Verification token as the X-Bitcapital-OTP header to authorize payments and financial operations for consumers in selected instances where this is enabled.

Did this page help you?