For Agents
Register a user for two-factor authentication, send an SMS or voice OTP, verify a TOTP token, and trigger a OneTouch push approval. Useful for maintaining existing Authy 2FA integrations.
Get started with Authy API in minutes using your preferred integration method.
# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
"jentic": {
"url": "https://api.jentic.com/mcp",
"auth": "oauth"
}
}
# Then ask your agent:
"send an SMS two-factor code"
# → Jentic returns the GET /events tool with parameter schema, agent executes.What an agent can do with Authy API API.
Register a user for 2FA with POST /protected/json/users/new using their phone and country code
Verify a TOTP code submitted by a user via GET /protected/json/verify/{token}/{authy_id}
Send a one-time password by SMS via GET /protected/json/sms/{authy_id}
Send a one-time password by voice call via GET /protected/json/call/{authy_id}
GET STARTED
Use for: Enroll a user for two-factor authentication, Send an SMS one-time password to a user, Verify a TOTP code from an authenticator app, Trigger a OneTouch push approval on a user's phone
Not supported: Does not handle primary password login, user directories, or fraud scoring — use for two-factor authentication, OTP delivery, and phone verification only.
Jentic publishes the only available OpenAPI document for Authy API, keeping it validated and agent-ready.
Jentic publishes the only available OpenAPI specification for Authy API, keeping it validated and agent-ready. Authy is Twilio's two-factor authentication API, providing TOTP enrolment, SMS and voice OTP delivery, phone number verification, and OneTouch push approvals. It is intended for applications that need to add a second factor on top of an existing username-and-password login. Note that Authy has been deprecated by Twilio since November 2022 in favour of Twilio Verify; new integrations should use Twilio Verify, but this spec remains useful for maintaining existing Authy deployments.
Run standalone phone verification flows via /protected/json/phones/verification/start and /check
Trigger a OneTouch push approval and poll its status via /onetouch/json/approval_requests
Retrieve application details and statistics from /protected/json/app/details and /stats
Patterns agents use Authy API API for, with concrete tasks.
★ SMS-based two-factor authentication
Add a second factor to an existing login by sending an SMS code after the password check. Register the user once with POST /protected/json/users/new (which returns an authy_id), then on each login call GET /protected/json/sms/{authy_id} to send a fresh code and GET /protected/json/verify/{token}/{authy_id} to validate the code the user entered. Total integration is typically a day or two for a single login surface.
Register the user with their phone number, then on login call /sms/{authy_id} and verify the user-supplied token at /verify/{token}/{authy_id}
OneTouch push approval for sensitive actions
Replace SMS with a richer in-app push approval for high-value actions like wire transfers or password changes. POST /onetouch/json/users/{authy_id}/approval_requests sends a notification to the user's Authy app with a custom message and metadata; GET /onetouch/json/approval_requests/{uuid} polls until the user approves or denies. Push approval avoids SMS interception risks and gives the user full context about what they are approving.
POST /onetouch/json/users/{authy_id}/approval_requests with a message and details, then poll /approval_requests/{uuid} until status is approved or denied
Standalone phone-number verification
Verify that a user owns the phone number they entered during signup, without enrolling them in full 2FA. POST /protected/json/phones/verification/start sends a code by SMS or voice and GET /protected/json/phones/verification/check validates the code. This is a simpler flow than full Authy registration and is useful for account recovery or KYC-light steps.
POST /protected/json/phones/verification/start with phone_number and country_code, then GET /protected/json/phones/verification/check with the code the user entered
Agent-driven step-up authentication
An AI agent performing a sensitive action on behalf of a user can request a step-up via OneTouch before proceeding. The agent calls POST /onetouch/json/users/{authy_id}/approval_requests, surfaces the details to the user via push, and only continues when the approval status flips to approved. Through Jentic the X-Authy-API-Key is held in the credential vault, so the agent never sees the raw API key.
Send a OneTouch approval request describing the action, then poll the approval until the user accepts or rejects before continuing
12 endpoints — jentic publishes the only available openapi specification for authy api, keeping it validated and agent-ready.
METHOD
PATH
DESCRIPTION
/protected/json/users/new
Register a user for 2FA
/protected/json/verify/{token}/{authy_id}
Verify a TOTP token
/protected/json/sms/{authy_id}
Send an SMS OTP
/protected/json/call/{authy_id}
Send a voice OTP
/onetouch/json/users/{authy_id}/approval_requests
Trigger a OneTouch approval
/onetouch/json/approval_requests/{uuid}
Poll a OneTouch approval status
/protected/json/phones/verification/start
Start a phone verification flow
/protected/json/users/new
Register a user for 2FA
/protected/json/verify/{token}/{authy_id}
Verify a TOTP token
/protected/json/sms/{authy_id}
Send an SMS OTP
/protected/json/call/{authy_id}
Send a voice OTP
/onetouch/json/users/{authy_id}/approval_requests
Trigger a OneTouch approval
Three things that make agents converge on Jentic-routed access.
Credential isolation
Authy X-Authy-API-Key values are stored encrypted in the Jentic credential vault. Agents send 2FA requests through Jentic and the key is injected as a header — it never enters the agent's prompt context.
Intent-based discovery
Agents search Jentic for intents like 'send an SMS 2FA code' or 'trigger a push approval' and Jentic returns the matching Authy operation with its input schema, so the agent does not need to read the deprecated Twilio Authy docs.
Time to first call
Direct Authy integration: 1-2 days to wire up registration, OTP delivery, and verification with retry handling. Through Jentic: under an hour — search, load the schema, execute.
Alternatives and complements available in the Jentic catalogue.
Twilio API
Twilio Verify is the supported successor to Authy for 2FA and phone verification
Choose Twilio Verify for any new 2FA integration; this Authy spec is for maintaining existing deployments only
Sinch API
Sinch offers SMS and voice OTP delivery with global carrier reach
Choose Sinch when global SMS deliverability or per-region routing matters more than the OneTouch push experience
Auth0 Management API
Auth0 handles primary authentication while Authy adds a second factor
Pair Auth0 for password and social login with Authy for the SMS or push second factor on sensitive flows
Specific to using Authy API API through Jentic.
Why is there no official OpenAPI spec for Authy API?
Twilio does not publish an OpenAPI specification for Authy. Jentic generates and maintains this spec so that AI agents and developers can call Authy API via structured tooling. It is validated against the live API and kept up to date. Get started at https://app.jentic.com/sign-up.
What authentication does the Authy API use?
Authy uses an API key sent in the X-Authy-API-Key header on every request. The key is issued per Authy application in the Twilio console. Through Jentic the API key is stored in the credential vault and injected at call time, so agents never see the raw key value.
Is the Authy API still supported?
Twilio deprecated the Authy API in November 2022 in favour of Twilio Verify. Existing Authy applications continue to function, but new integrations should target Twilio Verify. This spec is most useful for maintaining or migrating existing Authy deployments.
How do I send a 2FA SMS code with the Authy API?
After registering the user with POST /protected/json/users/new and storing the returned authy_id, call GET /protected/json/sms/{authy_id} to deliver a fresh OTP. Validate the user's submitted code with GET /protected/json/verify/{token}/{authy_id} where {token} is the code.
How do I trigger a OneTouch push approval through Jentic?
Search Jentic for 'send a push approval request', load the POST /onetouch/json/users/{authy_id}/approval_requests operation, and execute it with the user's authy_id, a message, and a details object. Poll /onetouch/json/approval_requests/{uuid} for the result. Get started at https://app.jentic.com/sign-up.
What are the rate limits for the Authy API?
Authy applies per-account quotas managed in the Twilio console rather than the OpenAPI spec. SMS and voice OTP throughput is throttled by carrier limits as well; if you hit a 429, back off exponentially and review the application's quota in the Twilio dashboard.
/onetouch/json/approval_requests/{uuid}
Poll a OneTouch approval status
/protected/json/phones/verification/start
Start a phone verification flow