Level up your Twilio API skills in TwilioQuest, an educational game for Mac, Windows, and Linux. Download Now


Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?


Adding two-factor authentication to your application is the easiest way to increase security and trust in your product without unnecessarily burdening your users. This quickstart guides you through building a Node.js, AngularJS, and MongoDB application that restricts access to a URL. Four Authy API channels are demoed: SMS, Voice, Soft Tokens and Push Notifications.

Ready to protect your toy app's users from nefarious balaclava wearing hackers? Dive in!


Create a new Twilio account (you can sign up for a free Twilio trial), or sign into an existing Twilio account.


Once logged in, visit the Authy Console. Click on the red 'Create New Aplication' (or big red plus ('+') if you already created one) to create a new Authy application then name it something memorable.

Authy create new application

You'll automatically be transported to the Settings page next. Click the eyeball icon to reveal your Production API Key.

Account Security API Key

Copy your Production API Key to a safe place, you will use it during application setup.


When a user registers with your application, a request is made to Twilio to add that user to your App, and a user_id is returned. In this demo, we'll store the returned user_id in a MongoDB database.

Instructions for installing MongoDB vary by platform. Follow the instructions you need to install locally.

After installing, launch MongoDB. For *NIX and OSX, this may be as easy as:


Setup Authy on Your Device

This two-factor authentication demos two channels which require an installed Authy app to test: Soft tokens and push authentications. While SMS and voice channels will work without the client, to try out all four authentication channels download and install the Authy app for Desktop or Mobile:


Clone our Node.js repository locally, then enter the directory. Install all of the necessary node modules:

npm install

Next, open the file .env.example. There, edit the ACCOUNT_SECURITY_API_KEY, pasting in the API Key from the above step (in the console), and save the file as .env.

Depending on your system, you need to set the environmental variables before you continue. On *NIX, you can run:

source .env

On Windows, depending on your shell, you will have to use SET.

Alternatively, you could use a package such as autoenv to load it at startup.

        Account Security ConsoleからAPIキーを入力し、オプションでポートを変更します。

        Add Your Application API Key

        Account Security ConsoleからAPIキーを入力し、オプションでポートを変更します。

        Once you have added your API Key, you are ready to run! Launch Node with:

        node .

        If MongoDB is running and your API Key is correct, you should get a message your new app is running!

        Try the Node.js Two-Factor Demo

        With your phone (optionally with the Authy client installed) nearby, open a new browser tab and navigate to http://localhost:1337/register/

        Enter your information and invent a password, then hit 'Register'. Your information is passed to Twilio (you will be able to see your user immediately in the console), and the application is returned a user_id.

        Now visit http://localhost:1337/login/ and login. You'll be presented with a happy screen:

        Token Verification Page

        If your phone has the Authy app installed, you can immediately enter a soft token from the client to Verify. Additionally, you can try a push authentication simply by pushing the labeled button.

        If you do not have the Authy app installed, the SMS and voice channels will also work in providing a token. To try different channels, you can logout to start the process again.

              Demonstrating SMS, Voice, and Push Notification Two-Factor channels. (Soft Tokens can be entered directly.)


              Demonstrating SMS, Voice, and Push Notification Two-Factor channels. (Soft Tokens can be entered directly.)

              And there you go, two-factor authentication is on and your Node.js app is protected!


              Now that you are keeping the hackers out of this demo app using two-factor authentication, you can find all of the detailed descriptions for options and API calls in our Authy API Reference. If you're also building a registration flow, also check out our Twilio Verify product and the Verification Quickstart which uses this codebase.

              For additional guides and tutorials on account security and other products, in Node.js and in our other languages, take a look at the Docs.

              Rate this page:


              誰しもが一度は考える「コーディングって難しい」。そんな時は、お問い合わせフォームから質問してください。 または、Stack Overflow でTwilioタグのついた情報から欲しいものを探してみましょう。