1

I am creating a sign up route where I will ask for phone number first and then, after verification, I will get the other information. I am using twilio Authy for that purpose. From the documents, i have noticed that email address is a required field while registering a user. Is there any way by which I can register a user without email address or can i use a default email address for every user?

aditya matthews
  • 13
  • 3

1 Answers1

1

Twilio developer evangelist here.

You can add an Authy user without taking personally identifiable information following the process in the documentation here. Note that the user will have to be using the Authy app.

To do so, you need to create a JWT containing the following information:

{
  "iss": "{authy_app_name}",
  "iat": {issue date in NumericDate},
  "exp": {expiration date in NumericDate},
  "context": {
    "custom_user_id": "{custom_user_id}",
    "authy_app_id": "{app_authy_id}"
  }
}

Then add the JWT to a URL that you turn into a QR code. The URL format should be:

authy://account?token={JWT}

You can then poll or set up to receive a webhook to get notified of the user's authy_id once they have scanned the QR code. You can read more on this in the documentation.

Let me know if that helps at all.

philnash
  • 70,667
  • 10
  • 60
  • 88
  • what if user is not using any Authy app ? – Aniket Sep 02 '21 at 07:10
  • Then follow the instructions under ["Allow user to set up other authenticator apps"](https://www.twilio.com/docs/authy/api/users#optional-allow-user-to-set-up-other-authenticator-apps-like-google-authenticator) in the documentation. – philnash Sep 02 '21 at 07:14
  • still for that user must have authy app and his authy id ! – Aniket Sep 02 '21 at 07:26
  • The user does not need the Authy app, but you do have to [create a user through the API](https://www.twilio.com/docs/authy/api/users#enabling-new-user) first, to get their Authy ID, and then [generate a QR code for them](https://www.twilio.com/docs/authy/api/one-time-passwords#other-authenticator-apps). This method does require personally identifiable information though. If you want to do 2FA with a QR code and without capturing an email/phone number, you won’t be able to use the Authy API. For new use-cases, we actually recommend the [Verify API](https://www.twilio.com/docs/verify/api) now. – philnash Sep 02 '21 at 07:34