# PSD2 Compliant Authentication with Authy > \[!WARNING] > > As of November 2022, Twilio no longer provides support for Authy SMS/Voice-only customers. Customers who were also using Authy TOTP or Push prior to March 1, 2023 are still supported. The Authy API is now closed to new customers and will be fully deprecated in the future. > > For new development, we encourage you to use the [Verify v2 API](/docs/verify/api). > > Existing customers will not be impacted at this time until Authy API has reached End of Life. For more information about migration, see [Migrating from Authy to Verify for SMS](https://www.twilio.com/blog/migrate-authy-to-verify). The European [Payment Services Directive (PSD2) regulation](https://en.wikipedia.org/wiki/Payment_Services_Directive) requires Strong Customer Authentication (SCA) for all transactions over €30 by 31 December 2020 ([14 September 2021 for the UK](https://www.fca.org.uk/firms/strong-customer-authentication)). This page will show you how to implement a compliant solution for your application using the Authy API. [For more detail on PSD2, SCA, and dynamic linking, check out this post](https://www.twilio.com/blog/dynamic-linking-psd2). The Authy API supports 3 channels for PSD2 compliant authorization. ## SMS Authorization for PSD2 Use the `action` and `action_message` parameter to tie the verification to a specific transaction. The same values are required to verify the token. Resources: * [SMS one-time password documentation](/docs/authy/api/one-time-passwords) * [Python PSD2 tutorial including SMS](https://www.twilio.com/blog/psd2-python-flask-authy-push) ![Comparison of SMS messages with and without action\_message for PSD2 compliance, showing security code details.](https://docs-resources.prod.twilio.com/455c2e3eaf5194e7fdc6af4efb4d0039eefac15c7d6f7b38c58b9a98123bb93f.png) SMS Authorization - PSD2 Compliant ```bash curl -X GET \ 'https://api.authy.com/protected/json/sms/123?action=hermione@hogwarts.ac.uk713.00&action_message=Verify%20payment%20to%20hermione@hogwarts.ac.uk%20for%20713.00%20Galleons&force=true' \ -H 'X-Authy-Api-Key: d57d919d11e6b221c9bf6f7c882028f9' ``` ```json { "success": true, "message": "SMS token was sent", "cellphone": "+1-XXX-XXX-XX77" } ``` ## Push Authorization for PSD2 Display transaction details in the Authy App. Each authorization is signed by the end user's device and linked to that specific transaction. Resources: * [Push Authentication documentation](/docs/authy/api/push-authentications) * [PSD2 Compliant Authorization: Verifying Sensitive Actions with Python, Flask and Authy Push](https://www.twilio.com/blog/psd2-python-flask-authy-push) ![Payment approval request for 713 Galleons to Hermione Granger on March 15, 2019.](https://docs-resources.prod.twilio.com/5eb077dd1c8edb5bca08ec67818c12335e1eda55e37ebfc4bfe271b0ee21351c.png) Authy Push Authorization - PSD2 Compliant ```bash curl -X POST \ https://api.authy.com/onetouch/json/users/123/approval_requests \ -H 'X-Authy-Api-Key: d57d919d11e6b221c9bf6f7c882028f9' \ --data-urlencode 'message=Please approve the following payment.' \ --data-urlencode 'details[Account Number]=8230985' \ --data-urlencode 'details[Payee]=Hermione Granger' \ --data-urlencode 'details[Amount]=713.00' \ --data-urlencode 'details[Currency]=Galleons' \ --data-urlencode seconds_to_expire=120 ``` ```json { "approval_request": { "uuid": "8ee3aa70-4567-1234-9876-0a3cd2a2f8ba" }, "success": true } ``` ## Soft Token (TOTP) Authorization for PSD2 Offline support with transactional TOTP codes in the Authy app. Transaction details are mixed with the application secret to create a unique code tied to the transaction. Resources: * [Transactional Time-based One-Time Passwords documentation](/docs/authy/api/transactional-time-based-one-time-passwords) ![App interface showing TOTP token and transaction details with QR code scanning prompt.](https://docs-resources.prod.twilio.com/cf7b5e50ab5c853560ede7002c5dadc1bc82340c444383e29d6ee4e26b1ea737.png)