How do I send a user token via SMS with Authy and PHP?

Question

I am trying to run a demo for Authy in PHP. I have installed the Authy library with Composer, so now I can register a user using hardcoded values like this:

$authy_api = new Authy\AuthyApi('<TESTING API KEY>', 'http://sandbox-api.authy.com'); // actual key omitted -- using the key generated for testing, not the one for production

$user = $authy_api->registerUser('something@something.com', '999-999-9999', 30); // actual credentials omitted

if($user->ok()){
    echo "Success!";
    $id = $user->id();
    echo($id);  
}

When the above script runs, a 5-digit user id is indeed generated, so all seems to be going well, yet the SMS is never delivered to my phone.

One possible problem could be that my number is already registered as the app phone (associated with the admin account), so since (per the docs) each phone number has to uniquely identify a user, maybe mine was already registered for this app and therefore no need arose to send a new token. Should that be the case, the id of the user object may be the previously registered one.

The problem remains with other phone numbers however. So now I'm lost.

Answer 1

Turns out, there was nothing wrong with the code per se.

It's just the Sandbox API does not actually go through with sending the SMS. It only simulates the process for testing purposes, so that the authentication flow is the same as with the production API.

When I switched to production API URL and key, I was able to receive the SMS on my phone.

Answer 2

Guybrush

Two things are causing your lack of SMS.

1. Your code example is only for the registration of a user. You need to then call a second API to send the SMS.

https://docs.authy.com/totp.html#requesting-sms-codes

2. However, the above API call may not result in an SMS. You are indeed correct that the fact the cell number you are using is associated with your Authy app would by default, not cause an SMS message. The idea here is that because Authy customers have to pay for SMS messages on top of the Authy transaction, those users with the mobile app don't need an SMS.

However this behaviour can be overridden.

So your final code would be;

$authy_api = new Authy\AuthyApi('<TESTING API KEY>', 'http://sandbox-api.authy.com'); // actual key omitted -- using the key generated for testing, not the one for production

$user = $authy_api->registerUser('something@something.com', '999-999-9999', 30); // actual credentials omitted

if($user->ok()){  
    echo "Success!";
    $id = $user->id();
    echo($id);  

    // Now send SMS, force sending a message even if the user has the Authy mobile app installed
   $sms = $authy_api->requestSms('authy-id', array("force" => "true"));    }

Simon

Answer 3

 $authy_api = new AuthyApi(AUTHY_API_KEY, "https://api.authy.com");
 $user = $authy_api->registerUser($email, $phone_number, $country_code);   //// Register User
 if($user->ok()) {
     $sms = $authy_api->requestSms($user->id()); //// Send SMS
     return $sms->ok();
}