Integrate APIs

We will describe how to set up and implement your system to integrate with BOTP APIs to use the BOTP services.

Implement your QR

First, you have to implement an API for generating a QR image. In particular, your user would initially scan a QR image to register the BOTP Authenticator to your service as an authenticator app. The content of the QR image must be the following URL.

https://your-service-website.com/api/2fa?address=YOUR_BC_ADDRESS&username=USERNAME

Here is the generated QR image. We recommended that the QR image has a small size and a low correction level to reduce the shoulder surfing attack.

After a successful QR scan, the BOTP system would receive this URL from the user. We would change nothing except the address parameter from YOUR_BC_ADDRESS to USER_BC_ADDRESS, and call that new URL. This is also the second API your system must implement, to receive the information of users who registered BOTP Authenticator.

...?address=USER_BC_ADDRESS&username=USERNAME

Integrate with BOTP APIs to validate OTP

Next, you have to integrate with our APIs to authenticate the 2FA process. But in advance, you have to get your API-Key in BOTP Dashboard > Settings > Profile

When the second-factor authentication is needed, your system calls the sendMessage API first sends a transaction message to the users. In particular, each message contains userAddress (user blockchain address), notifyMessage (transaction message that shows up to the user), and message (private message to generate OTP code, and is not shown up).

POST https://botp-backend-logic-api.herokuapp.com/api/v1/message/sendMessage
{
  "APIKey": "aa8ea422-49c9-42b6-b645-b5654aa56639",
  "ObjectListParams": [
    {
      "userAddress": "0xDB026e60C1083375167094ae3531352f47f05b0F",
      "message": "keythinh1",
      "notifyMessage": "[khiem-2] Test analyser1"
    },
    {
      "userAddress": "0xC0c0b84907b5b93aAF37936eC5d9D1fDF7A60aD5",
      "message": "keythinh2",
      "notifyMessage": "[khiem-2] Test analyser2"
    }
  ]
}

Finally, when the user enters the OTP received from the BOTP app, your system doesn't need to verify it by hand, but by calling our agentValidateOTP API. We recommended the SHA-512 algorithm to generate OTP.

POST https://botp-backend-logic-api.herokuapp.com/api/v1/otp/agentValidateOTP
{
  "APIKey": "2c6b9e65-4018-44bf-b130-aa3e3ce7d937",
  "ObjectListParams": [
    {
      "userAddr": "0xf0465189F703fAb578e2A040C6906460463115d9",
      "OTP": "3982995",
      "message": "agennenwgwj"
    }
  ],
  "period": 120,
  "digits": 7,
  "algorithm": "SHA-512"
}

Done! Now your system will have an increment protect layer on any transaction by BOTP.

Last updated