Level up your Twilio API skills in TwilioQuest, an educational game for Mac, Windows, and Linux. Download Now


Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?


Before sending a One-Time Password:

  1. Create an Authy Application (see Applications documentation)
  2. Create a User (see Users documentation)

Push authentication offers seamless user experience for second-factor and passwordless authentication and offers the highest level of cryptographic security. All requests are fully encrypted, end to end and allow for non-repudiated transactions.

For users with the ability to install an app on their mobile device or computer, these ApprovalRequests can be sent and verified through our REST API. For information on other channels such as SMS or soft tokens, see the Authy API One-time Passwords documentation.


これによって指定されたAuthy IDに対して新規の承認リクエストを作成し、AuthyモバイルApp、デスクトップApp、およびSDKの組み込まれたAppへのプッシュ通知とともにエンドユーザーに対して送信されます。 GoogleまたはAppleのプッシュチャネルを通じては、トランザクションの件名のみが送信されます。 プッシュ通知が失敗または遅延した場合でも、ユーザーはAuthy AppまたはSDKの組み込まれたAppを手動で開くことで保留されたトランザクションを取得できます。

POST https://api.authy.com/onetouch/{FORMAT}/users/{AUTHY_ID}/approval_requests


名前 Type 概要
FORMAT 文字列 REST API呼び出しからの返却に想定されるフォーマットです。 jsonまたはxmlのいずれかです。
AUTHY_ID integer The Authy ID of the user to send a Push Authentication. Create an Authy ID by registering a user.


名前 概要
Shown to the user when the push notification arrives. (📇 PII )
Hash (optional)
Dictionary containing any ApprovalRequest details you'd like to present to the user to assist their decision to approve or deny a transaction. We automatically add a timestamp to transactions. See below for an example on how to use details. (📇 PII )
Hash (optional)
Dictionary containing the approval request details hidden to user. This information will be preserved in transaction records but not presented to the user, so it may be useful for your business logic and routing. (📇 PII )
Hash (optional)
A dictionary containing override logos that will be shown to user in the push authentication transaction details. By default, we send the logos uploaded through the console. (🏢 not PII )
The number of seconds a transaction is valid without user response (pending) before expiring. Defaults to 86400 (one day); 0 will never expire. This should not be set too low as users need time to evaluate a request. (🏢 not PII )


名前 概要
Hash containing the keys & values for the ApprovalRequest. (📇 PII )
Unique transaction ID of the ApprovalRequest. You'll need the uuid to query the request status or tie future callbacks to this ApprovalRequest. (🏢 not PII )
The date and time that we created the ApprovalRequest. (🏢 not PII )
Tracks the current state of the ApprovalRequest between pending a user response, approved, denied, or expired. (🏢 not PII )

        This request generates a push notification that looks like this:

        Authy push authentication request from Cap Trade bank


        By default, all the ApprovalRequests created will be shown to the user using the logo defined in your application in the console. However, you can provide a custom image at the time of the request.

        The logos parameter is expected to be an array of objects, each object with two fields: res (for resolution) and url (the location where you host your logo). If you include the logos parameter, we expect it to include a res with value default.

        Options for the res field are:

        default fallback logo if logo for device resolution is not provided
        low for devices with low resolution
        med for devices with medium resolution
        high for devices with high resolution

        All image URLs must be served over HTTPS and not HTTP. Due to mobile platform restrictions, image requests must be over a secure channel.


        ApprovalRequestステータスの確認には2つの方法があります。 下記のエンドポイントをポーリングしてApprovalRequestのステータスを確認するか、Webhookコールバックを使用できます。 ポーリングは、使用やテストを始めるのにもっとも手っ取り早い方法です。

        ポーリングの実装を行うには、ステータスが変化するまで下記のエンドポイントを繰り返し叩きます。 最良のユーザー体験のため、ポーリングは毎秒行うことを推奨します。

        GET https://api.authy.com/onetouch/{FORMAT}/approval_requests/{PUSH_UUID}


        名前 概要
        REST API呼び出しからの返却に想定されるフォーマットです。 json or xml.
        The approval request ID. (Obtained from the response to an ApprovalRequest) (🏢 not PII )


        名前 概要
        Hash containing the status of the approval request and other attributes as you can see in the example below. Possible values of nested status key are pending, expired, approved, or denied. "device" key only included in response when status is approved or denied. (📇 PII )

              Push Authentication Callbacks

              In your final application, we recommend exposing a URL to Twilio and using webhooks. With a webhook, we will call your URL immediately when a user reacts to an ApprovalRequest. Webhooks are a more scalable solution than polling. For redundancy you can implement both webhook callbacks and long-polling.

              Learn more about how to validate incoming Twilio Authy API requests and how to implement Authy Webhooks. You can set a callback URL in the Push Authentication tab of your Authy Application in the console.

              Authy push authentication callback in console settings

              Rate this page:


              誰しもが一度は考える「コーディングって難しい」。そんな時は、お問い合わせフォームから質問してください。 または、Stack Overflow でTwilioタグのついた情報から欲しいものを探してみましょう。