# Authy Users > \[!WARNING] > > As of November 2022, Twilio no longer provides support for Authy SMS/Voice-only customers. Customers who were also using Authy TOTP or Push prior to March 1, 2023 are still supported. The Authy API is now closed to new customers and will be fully deprecated in the future. > > For new development, we encourage you to use the [Verify v2 API](/docs/verify/api). > > Existing customers will not be impacted at this time until Authy API has reached End of Life. For more information about migration, see [Migrating from Authy to Verify for SMS](https://www.twilio.com/blog/migrate-authy-to-verify). Before you can secure a user with the Twilio Authy API, you need to create a `user`. The API requires you set an email, phone number and country code for each user. When a user is first created, you will receive an `authyid` which you must then store with the user's profile in your own database. *Do not lose this ID - you will use it every time you wish to authenticate a user!* Your users can change their phone number registered with the API without your knowledge by using the Authy [Mobile](https://authy.com/features/) or [Desktop](https://authy.com/features/multiple-devices/) Application. They may also use the [Authy.com phone change security review](https://forms.authy.com/phones/change). You can get webhooks of when this phone number changes via our [Webhooks API](/docs/authy/api/webhooks). ## Add a User \[#enabling-new-user] Create an Authy User ```py # Download the SDK from https://github.com/twilio/authy-python from authy.api import AuthyApiClient # Your API key from twilio.com/console/authy/applications # DANGER! This is insecure. See https://twil.io/secure authy_api = AuthyApiClient('api_key') user = authy_api.users.create( email='new_user@example.com', phone='405-342-5699', country_code=57) if user.ok(): print user.id # user.id is the `authy_id` needed for future requests else: print user.errors() ``` ```cs using System; using System.Net.Http; using System.Collections.Generic; class Program { static void Main(string[] args) { // Your API key from twilio.com/console/authy/applications // DANGER! This is insecure. See https://twil.io/secure var AuthyAPIKey = "your_api_key"; using (var client = new HttpClient()) { client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey); var requestContent = new FormUrlEncodedContent(new[] { new KeyValuePair("user[email]", "new_user@example.com"), new KeyValuePair("user[cellphone]", "405-342-5699"), new KeyValuePair("user[country_code]", "1"), }); HttpResponseMessage response = client.PostAsync( "https://api.authy.com/protected/json/users/new", requestContent).Result; HttpContent responseContent = response.Content; Console.WriteLine(responseContent.ReadAsStringAsync().Result); } } } ``` ```java // Install the Authy Java SDK from github.com/twilio/authy-java import com.authy.AuthyApiClient; import com.authy.api.*; public class Example { // Your API key from twilio.com/console/authy/applications // DANGER! This is insecure. See https://twil.io/secure public static final String API_KEY = "your_api_key"; public static void main(String[] args) { AuthyApiClient client = new AuthyApiClient(API_KEY); Users users = client.getUsers(); User user = users.createUser( "new_user@example.com", "405-342-5699", "57"); if (user.isOk()) { System.out.println(user.getId()); } else { System.out.println(user.getError()); } } } ``` ```php registerUser('new_user@example.com', '405-342-5699', 57); // email, cellphone, country_code if($user->ok()) { printf($user->id()); } else { foreach($user->errors() as $field => $message) { printf("$field = $message\n"); } } ``` ```rb # Download the SDK from https://github.com/twilio/authy-ruby require 'authy' # Your API key from twilio.com/console/authy/applications # DANGER! This is insecure. See https://twil.io/secure Authy.api_key = 'your_api_key' Authy.api_uri = 'https://api.authy.com' authy = Authy::API.register_user(:email => 'new_user@example.com', :cellphone => "405-342-5699", :country_code => "57") if authy.ok? puts authy.id else puts authy.errors end ``` ```bash curl -XPOST "https://api.authy.com/protected/json/users/new" \ -H "X-Authy-API-Key: d57d919d11e6b221c9bf6f7c882028f9" \ --data-urlencode 'user[email]=user@domain.com' \ --data-urlencode 'user[cellphone]=317-338-9302' \ --data-urlencode 'user[country_code]=54' ``` ```json { "message": "User created successfully.", "user": { "id": 123 }, "success": true } ``` A user may have multiple email addresses but only one phone is associated with each `authy_id`. Two separate API calls to register a user with the same device and different emails will return the same `authy_id` and store both emails for that user. ```bash POST https://api.authy.com/protected/{FORMAT}/users/new ``` ### Parameters \[#enabling-new-user-parameters] | Name | Type | Description | | :---------------------------- | :----------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | user\[email] | String (required) | More than one email can be stored per AuthyID, but only the initially created email will display in the Dashboard until it is removed. ([📇 PII](/docs/glossary/what-is-personally-identifiable-information-pii#pii-fields) ) | | user\[cellphone] | String (required) | Foreign key for the AuthyID (the AuthyID will be the primary key going forward). You can use dashes, periods, spaces or nothing to separate parts of the cell phone number. ([📇 PII](/docs/glossary/what-is-personally-identifiable-information-pii#pii-fields) ) | | user\[country\_code] | String (required) | Numeric calling country code of the country Eg: 1 for the US. 91 for India. 52 for Mexico. See: [Country code list dropdown](https://github.com/twilio/authy-form-helpers#get-the-countries-dropdown) ([🏢 not PII](/docs/glossary/what-is-personally-identifiable-information-pii#fields-marked-not-pii) ) | | send\_install\_link\_via\_sms | Boolean (optional) | Enable or disable an sms message with a link to download the Authy App. See [Sending Install Link](#sending-install-link) for detailed behavior. Default can be set from the [console](https://www.twilio.com/console/authy/applications). ([🏢 not PII](/docs/glossary/what-is-personally-identifiable-information-pii#fields-marked-not-pii) ) | ### Response \[#enabling-new-user-response] | Name | Type | Description | | :------ | :------ | :---------------------------------------------------------------------------------------------------------------------------------------------------------- | | user | User | user object contains the AuthyID of the created user. ([🏢 not PII](/docs/glossary/what-is-personally-identifiable-information-pii#fields-marked-not-pii) ) | | message | String | A message indicating the result of the operation. ([🏢 not PII](/docs/glossary/what-is-personally-identifiable-information-pii#fields-marked-not-pii) ) | | success | Boolean | True if the request was successful. ([🏢 not PII](/docs/glossary/what-is-personally-identifiable-information-pii#fields-marked-not-pii) ) | Email and phone number must be valid for the request to succeed. An invalid request will produce the following error response: ```json { "message": "User was not valid", "success": false, "errors": { "email": "is invalid", "message": "User was not valid" }, "email": "is invalid", "error_code": "60027" } ``` ### Sending Install Link The `send_install_link_via_sms` parameter will override behavior set in the console. [Check your application's settings](https://www.twilio.com/console/authy/applications). **Note: the parameter is ignored and no install link will be sent if the user has synced a device with the Authy servers in the previous 90 days.** You can see `last_sync_date` for a user's devices via the [User Status endpoint](/docs/authy/api/users#request-user-status). If you want to send an install link regardless, we recommend using [Twilio Programmable SMS](/docs/messaging) (note: requires a Twilio Phone Number). Include the URL **[https://authy.com/download/](https://authy.com/download/)** which will autodetect the device type and redirect the user to the appropriate download link. See the [SMS docs for more information](/docs/messaging/tutorials/how-to-send-sms-messages). ## \[Optional] Allow user to set up other authenticator apps like Google Authenticator Enrolling a user (if you use the same phone number they used to sign up for the Authy App) automatically adds your application to their Authy App. You do not need to do any additional work to support TOTP tokens in the Authy app. To support additional Authenticator apps, like Google Authenticator, display a QR code to your users that contain a compatible TOTP secret. The API will return a link to a valid QR code. Instructions for generating that QR code are in the [One-Time Passcodes reference documentation.](/docs/authy/api/one-time-passwords#authenticator-app-generated-time-based-one-time-passwords) ## Add a user without providing email or phone number You might not have the email and the phone number of the user, or if you do, you might not want to share it with Twilio for compliance reasons. For those cases you can use our Authy App based onboarding flow. **The end user must have the Authy App installed and registered, meaning the end user has already provided their phone number and email to us.** > \[!NOTE] > > This feature is only supported in the following versions of the Authy App. End users will have to update their mobile applications to the following versions: > > * iOS 22.4+ > * Android 23.8+ ### Create a JWT No-PII user registration JWT ```json // Example Payload { "iss": "My Authy App", "iat": 1554395479, "exp": 1554395879, "context": { "custom_user_id": "3YgAIZklGPHmwpJfIC0PDy0E7l763OF3BHZo1p2xKhY", "authy_app_id": "1111111" } } // Example Header { "alg": "HS256", "typ": "JWT" } ``` ```json // JWT signed with key 'obK3KxxxxxxxxxxxxxxxxxxxxC' "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJNeSBBdXRoeSBBcHAiLCJpYXQiOjE1NTQzOTU0NzksImV4cCI6MTU1NDM5NTg3OSwiY29udGV4dCI6eyJjdXN0b21fdXNlcl9pZCI6IjNZZ0FJWmtsR1BIbXdwSmZJQzBQRHkwRTdsNzYzT0YzQkhabzFwMnhLaFkiLCJhdXRoeV9hcHBfaWQiOiIxMTExMTExIn19.6pBOX0UL7jTmrudWGsJjT07GD8DlAP6uVlpHVZwJPTs" ``` First, create a [JWT](https://en.wikipedia.org/wiki/JSON_Web_Token). The token will be used to tie the end user's Authy ID to your application. The token must: 1. Follow [RFC 7519](https://datatracker.ietf.org/doc/html/rfc7519). 2. Be signed with your application's [Production API Key](/docs/authy/api#authy-api-keys) found in the Twilio [console](https://www.twilio.com/console/authy/applications/). 3. Contain the following: ### Payload ```json { "iss": "{authy_app_name}", "iat": "{issue date in NumericDate}", "exp": "{expiration date in NumericDate}", "context": { "custom_user_id": "{custom_user_id}", "authy_app_id": "{app_authy_id}" } } ``` ### Header HS256 is the only algorithm supported. ```csharp { "alg": "HS256", "typ": "JWT" } ``` | | | | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **iss** | The issuer param in the JWT payload MUST be the Application name, other value will raise an error in the validation. | | **iat** | The date the JWT is issued. The difference between **iat** and **exp** cannot be more than 15 minutes. | | **exp** | The expiration time of the JWT. Used to prevent the JWT from being reused in the future. Maximum expiration time allowed is 15 minutes after the current time. | | **custom\_user\_id** | Provided by you, uniquely identifies a user. We are not expecting PII or any sensitive data, so please **do not provide phone numbers, emails, SSN, or other identifying information** . If you only have PII to identify your users we recommend to either: • Create a de-identified ID like a UUID • De-identify the PII by sending us the HMAC of the PII. Use URL safe Base64 encoding. | | **authy\_app\_id** | The application id can be retrieved from console by going to [Applications](https://www.twilio.com/console/authy/applications) selecting the Application, and browsing to settings. | During development, you can validate your JWT using [https://jwt.io/](https://jwt.io/). **[The example can be found here.](https://jwt.io/#debugger-io?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJNeSBBdXRoeSBBcHAiLCJpYXQiOjE1NTQzOTU0NzksImV4cCI6MTU1NDM5NTg3OSwiY29udGV4dCI6eyJjdXN0b21fdXNlcl9pZCI6IjNZZ0FJWmtsR1BIbXdwSmZJQzBQRHkwRTdsNzYzT0YzQkhabzFwMnhLaFkiLCJhdXRoeV9hcHBfaWQiOiIxMTExMTExIn19.6pBOX0UL7jTmrudWGsJjT07GD8DlAP6uVlpHVZwJPTs)** ### Create a QR Code Next, create a QR string with the following format: ```bash authy://account?token={JWT} ``` ```text title="Example No-PII user registration QR String" // JWT created using example payload above // signed with example API key 'obK3KxxxxxxxxxxxxxxxxxxxxC' authy://account?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJNeSBBdXRoeSBBcHAiLCJpYXQiOjE1NTQzOTU0NzksImV4cCI6MTU1NDM5NTg3OSwiY29udGV4dCI6eyJjdXN0b21fdXNlcl9pZCI6IjNZZ0FJWmtsR1BIbXdwSmZJQzBQRHkwRTdsNzYzT0YzQkhabzFwMnhLaFkiLCJhdXRoeV9hcHBfaWQiOiIxMTExMTExIn19.6pBOX0UL7jTmrudWGsJjT07GD8DlAP6uVlpHVZwJPTs ``` ### Generate the QR Code from the transaction string Note: we do not recommend storing the QR code since it can potentially leak sensitive data. Instead, we recommend: 1. Sending the QR code as a base64 encoded image in your HTML 2. Generating the QR code from your application with a library like [github.com/skip2/go-qrcode](https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_url-3Fq-3Dhttp-3A__github.com_skip2_go-2Dqrcode-26sa-3DD-26ust-3D1552925750139000-26usg-3DAFQjCNFHnLhh736rQauZ-2DIRPte2dsmnWfA\&d=DwMFaQ\&c=x_Y1Lz9GyeGp2OvBCa_eow\&r=leI7Dp63vTbpZqkO-L0qk-g5DpNpbi9MdGHfE4q6-8g\&m=4J53eUnsCQ5lIRQZ-J_8vrnRzQiWtC5x14d2fO4im08\&s=E3bw0NByrmm_WZrSyYdAL2EpsChF92NtD1x8uuXjscA\&e=). For testing, you can use an online generator like [https://www.qr-code-generator.com/](https://www.qr-code-generator.com/). After the QR code is generated display it so your user can scan it with the Authy App. > \[!NOTE] > > Keep in mind the QR codes expire, so don't display it for more time than the assigned expiration. The mobile device requires internet connectivity to complete the flow. ### No-PII Registration: Get the User's Authy ID After the end user scans the QR code there are two ways to get the user's Authy ID (required for subsequent verification challenges). 1. Poll registration status 2. Subscribe to a registration webhook ### 1. Poll registration status ```bash GET https://api.authy.com/protected/{FORMAT}/registrations/status?custom_user_id={CUSTOM_USER_ID} ``` **URL** | Name | Description | | ----------------------- | ------------------------------------------------------------------ | | `FORMAT` String | The format to expect back from the REST API call. `json` or `xml`. | | `CUSTOM_USER_ID` String | ID provided by you to uniquely identify a user. (🏢 not PII ) | ### Response Parameters | Name | Description | | ----------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `status` String | Possible responses: "pending", the user didn't scan the QR code yet. "expired", the received JWT was expired, it was either created with a short duration or the user took to long to scan. "completed", the user was successfully added. Make sure you keep your time in sync with an NTP server. | | `authy_id` Number | Uniquely identifies a user in the Authy API. Use this ID to call other Authy API endpoints. | Get No-PII User Registration Status ```py # Download the SDK from https://github.com/twilio/authy-python from authy.api import AuthyApiClient # Your API key from twilio.com/console/authy/applications # DANGER! This is insecure. See https://twil.io/secure authy_api = AuthyApiClient('api_key') # NOTE: this feature only available in authy-python version 2.2.5+ user = authy_api.users.registration_status( custom_user_id='3YgAIZklGPHmwpJfIC0PDy0E7l763OF3BHZo1p2xKhY') if user.ok(): print user.id # user.id is the `authy_id` needed for future requests else: print user.errors() ``` ```bash curl "https://api.authy.com/protected/json/registrations/status?custom_user_id=3YgAIZklGPHmwpJfIC0PDy0E7l763OF3BHZo1p2xKhY" \ -H "X-Authy-API-Key: d57d919d11e6b221c9bf6f7c882028f9" ``` ```json { "registration": { "status": "completed", "authy_id": 11111111 }, "success": true } ``` ### 2. Subscribe to a registration webhook You can subscribe to a [webhook](/docs/authy/api/webhooks) that will notify you in real time when the registration is successful or not. The payload for event `user_registration_completed`: ```bash "method": "POST", "params": { "events": [ { "event": "user_registration_completed", "time": "2019-04-09T22:26:10.503Z", "objects": { "app": { "b_custom_code_allowed": false, "b_custom_message_allowed": false, "s_account_sid": "AC5f123456eabfa99ee3441ef1e84ad528", "s_device_app": null, "s_errors": "", "s_id": "54321", "s_name": "Application Name", "s_type": null }, "registration": { "s_app_id": 54321, "s_authy_id": 123456, "s_custom_id": "885de433faedf8475426f11baeee2424f88fd935" }, "user": { "as_authy_ids": [ "123456" ], "b_banned": false, "s_authy_id": "123456", "s_country_code": "57", "s_errors": "", "s_locale": "en", "s_phone_number": "953a0fd8c9ec2a9f16a5ce58183cfa03" } }, "request": { "id": "413fd53c-09af-43d6-8390-c346de8ccf0c", "ip": "IPv4_99a65f1a9e58fe49150aed5a188459b9b0b47157" }, "public": true } ], "webhook_id": "WH_50087ea9-9568-4839-9191-b43908a4abd4" }, "url": "https://example.io/webhook" } ``` The payload for event `user_registration_failed`: ```bash { "method": "POST", "params": { "events": [ { "event": "user_registration_failed", "time": "2019-04-09T22:26:10.503Z", "objects": { "app": { "b_custom_code_allowed": false, "b_custom_message_allowed": false, "s_account_sid": "AC5f586933eabfa99ee3441ef1e84ad528", "s_device_app": null, "s_errors": "", "s_id": "54321", "s_name": "Application Name", "s_type": null }, "error": { "s_code": "60000" } }, "request": { "id": "413fd53c-09af-43d6-8390-c346de8ccf0c", "ip": "IPv4_99a65f1a9e58fe49150aed5a188459b9b0b47157" }, "public": true } ], "webhook_id": "WH_50087ea9-9568-4839-9191-b43908a4abd4" }, "url": "https://example.io/webhook" } ``` ## Request User Status \[#request-user-status] Get User Status ```py # Download the SDK from https://github.com/twilio/authy-python from authy.api import AuthyApiClient # Your API key from twilio.com/console/authy/applications # DANGER! This is insecure. See https://twil.io/secure authy_api = AuthyApiClient('api_key') status = authy_api.users.status(authy_id) if status.ok(): print(status.content) ``` ```cs using System; using System.Net.Http; using System.Collections.Generic; class Program { static void Main(string[] args) { // Your API key from twilio.com/console/authy/applications // DANGER! This is insecure. See https://twil.io/secure var AuthyAPIKey = "your_api_key"; using (var client = new HttpClient()) { client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey); var authy_id = 1234; HttpResponseMessage response = client.GetAsync( $"https://api.authy.com/protected/json/users/{authy_id}/status").Result; HttpContent responseContent = response.Content; Console.WriteLine(responseContent.ReadAsStringAsync().Result); } } } ``` ```java // Install the Authy Java SDK from github.com/twilio/authy-java import com.authy.AuthyApiClient; import com.authy.api.*; public class Example { // Your API key from twilio.com/console/authy/applications // DANGER! This is insecure. See https://twil.io/secure public static final String API_KEY = "your_api_key"; public static void main(String[] args) { AuthyApiClient client = new AuthyApiClient(API_KEY); Users users = client.getUsers(); UserStatus status = users.requestStatus(authyId); if (status.isOk()) { System.out.println(status.toMap()); } else { System.out.println(status.getError()); } } } ``` ```php userStatus($authy_id); print_r($status->bodyvar("status")); ``` ```rb # Download the SDK from https://github.com/twilio/authy-ruby require 'authy' # Your API key from twilio.com/console/authy/applications # DANGER! This is insecure. See https://twil.io/secure Authy.api_key = 'your_api_key' Authy.api_uri = 'https://api.authy.com' response = Authy::API.user_status(:id => authy_id) if response.ok? puts response.status else puts response.errors end ``` ```bash curl "https://api.authy.com/protected/json/users/123/status" \ -H "X-Authy-API-Key: d57d919d11e6b221c9bf6f7c882028f9" ``` ```json { "status": { "authy_id": 123, "confirmed": true, "registered": true, "country_code": 1, "phone_number": "XXX-XXX-1111", "email": "user@domain.com", "devices": [ "desktop", "iphone" ], "has_hard_token": false, "account_disabled": false, "detailed_devices": [ { "creation_date": 1540576334, "device_id": 123123, "device_type": "authy", "last_sync_date": 1540576768, "os_type": "desktop", "registration_device_id": null, "registration_method": "sms", "enabled_unlock_methods": "", "last_unlock_method_used": "unknown", "last_unlock_date": "unknown" }, { "creation_date": 1540594738, "device_id": 456456, "device_type": "authy", "last_sync_date": 1540601752, "os_type": "ios", "registration_device_id": null, "registration_method": "sms", "enabled_unlock_methods": "pin, fingerprint", "last_unlock_method_used": "pin", "last_unlock_date": 1540601752 } ], "deleted_devices": [ { "creation_date": 1540481558, "deletion_date": 1540481571, "device_id": 789789, "device_type": "authy", "last_sync_date": 1540481560, "os_type": "desktop", "registration_device_id": 123123, "registration_method": "push" } ], }, "message": "User status.", "success": true } ``` > \[!WARNING] > > The user status endpoint will only return a subset of the information for a given user, until that user has verified a token or approved/denied a OneTouch request. Once a user is created and registered with your application, you can request information on that user from Twilio. Using the User status call, you will receive: | Response Parameter | Description | | ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `country_code` | Country code of the phone number. | | `phone_number` | Last 4 digits of phone number (`XXX-XXX-1234`). `None` if the user was registered [without](/docs/authy/api/users#add-a-user-without-providing-email-or-phone-number) providing phone number. | | `email` | Email provided when the user was added. None If user was added [without](/docs/authy/api/users#add-a-user-without-providing-email-or-phone-number) email this field will be empty. | | `devices` | List of devices, options are: `android`, `android_tablet`, `ios`, `iphone`, `iphone_sdk`, chrome, `authy_chrome`, `sms`, `android_sdk` | | `detailed_devices` | List of devices including detailed registration information. See [Detailed Devices](#trust-chain-for-added-devices-and-detailed-device-response-fields) below. | | `deleted_devices` | Useful for determining a chain of trust. See [Authy trust-chain for added devices](https://www.twilio.com/blog/twilio-blog-authy-trust-chain-for-added-devices) for more information. Devices deleted before June 15th 2019 won't be returned. | | `multidevice_updated_at` | Unix timestamp of the last time the user changed the multidevice toggle status (true/false) on any device | | `mutidevice_enabled` | `true` if multidevice is enabled, `false` if multidevice is disabled. | | `registered` | `true` when the Authy Mobile/Desktop App was registered. | | `confirmed` | `true` when the user has used a valid code before. | ### Trust-chain for Added Devices and detailed device response fields Determine which end-user apps to trust for authentication. Our API records uniquely identifiable numbers for every installed app, as well as the sequence of app installs and the methods of installation. More information in our blog post: [Authy trust-chain for added devices](https://www.twilio.com/blog/twilio-blog-authy-trust-chain-for-added-devices). Information returned in the `detailed_device` section of the user `status` endpoint includes: * `registration_method`: how the device was added (`sms`, `call`, `push`). * `last_sync_date`: Unix timestamp of last time the device was synced with Authy servers. * `registration_device_id`: device ID of the approving device if `registration_method` is `push`. New as of 2019-06-15, devices added before this date will be `null`. See [Authy trust-chain for added devices](https://www.twilio.com/blog/twilio-blog-authy-trust-chain-for-added-devices) for more information * `enabled_unlock_methods`: one or more of `pin`, `faceid`, `fingerprint`, `password, none`, `unknown`. Refers to the unlock method for the entire app, not just the settings page. * Only available for iOS app version 22.8+, Android app version 23.9.3+, and Desktop app version v1.8.0+ * Not available for Chrome app * If an unlock method is enabled for iOS app, the linked Apple Watch app will still display non-transactional TOTP codes without requiring an unlock, but it will not allow a user to accept a push request. * `last_unlock_method`: enabled method last used. * `last_unlock_date`: Unix timestamp of last time the device was unlocked. ```bash GET https://api.authy.com/protected/{FORMAT}/users/{AUTHY_ID}/status ``` ### URL | Name | Description | | :----------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `FORMAT` String | The format to expect back from the REST API call. `json` or `xml`. | | `AUTHY_ID` Integer | The Authy ID of the user. Create an Authy ID by [registering a user](/docs/authy/api/users). Note that password delivery may be upgraded to use the Authy application; see response parameters below. | ### Parameters \[#trust-chain-for-added-devices-parameters] | Name | Description | | :---------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------- | | `user_ip` String | IP of the user requesting to see the application details. Optional. ([📇 PII](/docs/glossary/what-is-personally-identifiable-information-pii#pii-fields) ) | ### Response \[#trust-chain-for-added-devices-response] | Name | Description | | :---------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------ | | `status` Hash | Information about the user. ([🏢 not PII](/docs/glossary/what-is-personally-identifiable-information-pii#fields-marked-not-pii) ) | | `message` String | A message indicating the result of the operation. ([🏢 not PII](/docs/glossary/what-is-personally-identifiable-information-pii#fields-marked-not-pii) ) | | `success` Boolean | True if the request was successful. ([🏢 not PII](/docs/glossary/what-is-personally-identifiable-information-pii#fields-marked-not-pii) ) | ### Remove a User Remove a User ```py # Download the SDK from https://github.com/twilio/authy-python from authy.api import AuthyApiClient # Your API key from twilio.com/console/authy/applications # DANGER! This is insecure. See https://twil.io/secure authy_api = AuthyApiClient('api_key') deleted = authy_api.users.delete(authy_id) if deleted.ok(): print deleted.content ``` ```cs using System; using System.Net.Http; using System.Collections.Generic; class Program { static void Main(string[] args) { // Your API key from twilio.com/console/authy/applications // DANGER! This is insecure. See https://twil.io/secure var AuthyAPIKey = "your_api_key"; using (var client = new HttpClient()) { client.DefaultRequestHeaders.Add("X-Authy-API-Key", AuthyAPIKey); var authy_id = 1234; HttpResponseMessage response = client.PostAsync( $"https://api.authy.com/protected/json/users/{authy_id}/remove", null).Result; HttpContent responseContent = response.Content; Console.WriteLine(responseContent.ReadAsStringAsync().Result); } } } ``` ```java // Install the Authy Java SDK from github.com/twilio/authy-java import com.authy.AuthyApiClient; import com.authy.api.*; public class Example { // Your API key from twilio.com/console/authy/applications // DANGER! This is insecure. See https://twil.io/secure public static final String API_KEY = "your_api_key"; public static void main(String[] args) { AuthyApiClient client = new AuthyApiClient(API_KEY); Users users = client.getUsers(); Hash response = users.deleteUser(authyId); if (response.isOk()) { System.out.println(response.getMessage()); } else { System.out.println(response.getError()); } } } ``` ```php deleteUser($authy_id); if ($deleted->ok()) { printf($deleted->message()); } ``` ```rb # Download the SDK from https://github.com/twilio/authy-ruby require 'authy' # Your API key from twilio.com/console/authy/applications # DANGER! This is insecure. See https://twil.io/secure Authy.api_key = 'your_api_key' Authy.api_uri = 'https://api.authy.com' response = Authy::API.delete_user(:id => authy_id) if response.ok? puts response.message else puts response.errors end ``` ```bash curl -XPOST "https://api.authy.com/protected/json/users/123/remove" \ -H "X-Authy-API-Key: d57d919d11e6b221c9bf6f7c882028f9" ``` ```json { "message": "User removed from application", "success": true } ``` If you want to remove a user from your application you can use the Remove API. *Note: removing a user will immediately disable token verifications.* Best practice is to remove a user if they disable Two-factor Authentication or remove an account with your App. If you accidentally remove a user, you can recover users through the Console - but we suggest that you instead go through your registration flow again. ```bash curl -X POST https://api.authy.com/protected/{FORMAT}/users/{USER ID}/remove -H "X-Authy-API-Key: {KEY}" ``` #### Parameters \[#remove-user-parameters] | Name | Type | Description | | :------- | :---------------- | :-------------------------------------------------------------------------------------------------------------------------- | | user\_ip | String (optional) | The ip requesting to remove the user ([📇 PII](/docs/glossary/what-is-personally-identifiable-information-pii#pii-fields) ) | #### Response \[#remove-user-response] | Name | Type | Description | | :------ | :------ | :-------------------------------------------------------------------------------------------------------------------------------------------------------- | | success | Boolean | True if the user was scheduled for deletion. ([🏢 not PII](/docs/glossary/what-is-personally-identifiable-information-pii#fields-marked-not-pii) ) | | message | String | A messaging indicating the result of the operation. ([🏢 not PII](/docs/glossary/what-is-personally-identifiable-information-pii#fields-marked-not-pii) ) |