✨Integrate APIs
We will describe how to set up and implement your system to integrate with BOTP APIs to use the BOTP services.
Implement your QR
First, you have to implement an API for generating a QR image. In particular, your user would initially scan a QR image to register the BOTP Authenticator to your service as an authenticator app. The content of the QR image must be the following URL.
Here is the generated QR image. We recommended that the QR image has a small size and a low correction level to reduce the shoulder surfing attack.
After a successful QR scan, the BOTP system would receive this URL from the user. We would change nothing except the address
parameter from YOUR_BC_ADDRESS
to USER_BC_ADDRESS
, and call that new URL. This is also the second API your system must implement, to receive the information of users who registered BOTP Authenticator.
Integrate with BOTP APIs to validate OTP
Next, you have to integrate with our APIs to authenticate the 2FA process. But in advance, you have to get your API-Key in BOTP Dashboard > Settings > Profile
When the second-factor authentication is needed, your system calls the sendMessage
API first sends a transaction message to the users. In particular, each message contains userAddress
(user blockchain address), notifyMessage
(transaction message that shows up to the user), and message
(private message to generate OTP code, and is not shown up).
Finally, when the user enters the OTP received from the BOTP app, your system doesn't need to verify it by hand, but by calling our agentValidateOTP
API. We recommended the SHA-512
algorithm to generate OTP.
Done! Now your system will have an increment protect layer on any transaction by BOTP.
Last updated