2FA Codes

Send two-factor authentication codes via SMS. Secure logins and transactions with one-time passwords delivered instantly to your users.

What is 2FA?

Two-factor authentication (2FA) adds an extra layer of security by requiring users to verify their identity with a one-time code sent to their phone. TeamMessage delivers these codes via SMS – your application generates the code, we deliver it.

Typical flow:

  1. User logs in with username and password
  2. Your application generates a 6-digit code
  3. Your application sends the code via TeamMessage
  4. User receives SMS and enters the code
  5. Your application verifies the code and grants access

Sending 2FA Codes

Use the HTTP API to send verification codes programmatically. The API is designed for instant delivery with minimal latency.

Example API call:

POST /api/v1/sms/send/
{
  "team_id": "100042",
  "team_name": "myteam",
  "recipients": ["+4917012345678"],
  "message": "Your verification code is: 847293"
}

Tip

Keep 2FA messages short and clear. Include only the code and a brief context, such as 'Your verification code is: 123456'. Long messages may be split across multiple SMS parts.

Best Practices

Code Format

Use numeric codes that are easy to read and type on mobile devices:

  • 6 digits – Standard for most applications (e.g., 847293)
  • Spaces optional – Some prefer '847 293' for readability
  • No ambiguous characters – Avoid letters that look like numbers (O/0, I/1, l/1)

Code Expiration

Set appropriate expiration times for your codes:

  • Login verification – 5-10 minutes
  • Transaction confirmation – 2-5 minutes
  • Password reset – 15-30 minutes

Note

Code generation and expiration are handled by your application. TeamMessage is responsible for fast, reliable delivery.

Rate Limiting

Protect against abuse by limiting how many codes can be sent to the same number:

  • Implement rate limits in your application (e.g., max 5 codes per phone number per hour)
  • Use TeamMessage's rate limiting feature as a safety net
  • Monitor for unusual patterns that might indicate abuse

Voice Delivery

For critical verifications, consider voice delivery instead of SMS. TeamMessage can call the user's phone and read the code aloud.

  • Ideal for users who prefer spoken codes
  • Works on landlines that cannot receive SMS
  • Higher attention for time-sensitive transactions

Tip

Voice delivery is especially useful for high-value transactions where security is paramount. Contact support to enable voice delivery for your account.

Receiving 2FA Codes

TeamMessage can also receive incoming SMS messages – perfect for businesses that need to centrally collect 2FA codes sent to a company phone number.

Typical use case:

Your company registers for an online service using a central phone number. When the service sends a verification code via SMS, TeamMessage receives it and forwards it to your email inbox or ticketing system.

This is useful when:

  • Multiple employees need access to shared accounts
  • You want to integrate SMS codes into existing email workflows
  • Security policies require centralized code management
  • You need an audit trail of received codes

Note

Receiving SMS requires an SMS gateway with a dedicated phone number. Contact support to set up inbound SMS forwarding for your account.

Message Templates

Keep your 2FA messages consistent and professional:

Good examples:

  • Your verification code is: 847293
  • 847293 is your login code. Valid for 5 min.
  • Confirm your transfer: Code 847293

Note

Never include sensitive information like account numbers or transaction amounts in 2FA messages. The code alone should be sufficient.

Integration Options

Send 2FA codes using any of these methods:

  • REST API – Modern JSON-based API for programmatic integration
  • Legacy HTTP – Compatible with existing integrations using sendtmsg.php
  • Email Gateway – Send an email to your team address for simple integrations

For detailed API documentation, see REST API.

Menu