-
-
Notifications
You must be signed in to change notification settings - Fork 18
Expand file tree
/
Copy pathDefault.aspx
More file actions
507 lines (424 loc) · 22.5 KB
/
Default.aspx
File metadata and controls
507 lines (424 loc) · 22.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="AuthenticatorAPI.Default" %>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Authenticator API.com - An API for Google Authenticator</title>
<link href='https://fonts.googleapis.com/css?family=Lato:400,300,400italic,700,900' rel='stylesheet' type='text/css'>
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="description" content="An easy and free way to implement two factor authentication (2FA) in your app.">
<meta name="author" content="Infinite Loop Development Ltd">
<!-- Bootstrap css -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css">
<link href="Techie.css" rel="stylesheet">
<!-- =======================================================
Theme Name: Techie
Theme URL: https://bootstrapmade.com/techie-free-skin-bootstrap-3/
Author: BootstrapMade
Author URL: https://bootstrapmade.com
======================================================= -->
<!-- Docs Custom styles -->
<style>
body,
html {
overflow-x: hidden;
}
body {
padding: 60px 20px 0;
}
footer {
border-top: 1px solid #ddd;
padding: 30px;
margin-top: 50px;
}
.row > [class*=col-] {
margin-bottom: 40px;
}
.navbar-container {
position: relative;
min-height: 100px;
}
.navbar.navbar-fixed-bottom,
.navbar.navbar-fixed-top {
position: absolute;
top: 50px;
z-index: 0;
}
.navbar.navbar-fixed-bottom .container,
.navbar.navbar-fixed-top .container {
max-width: 90%;
}
.btn-group {
margin-bottom: 10px;
}
.form-inline input[type=password],
.form-inline input[type=text],
.form-inline select {
width: 180px;
}
.input-group {
margin-bottom: 10px;
}
.pagination {
margin-top: 0;
}
.navbar-inverse {
margin: 110px 0;
}
</style>
</head>
<body>
<div class="container">
<!-- === Site Navigation === -->
<nav style="background:#f8f9fa; border-top:1px solid #dee2e6; border-bottom:1px solid #dee2e6; padding:10px 0; margin-bottom:24px;">
<div style="max-width:960px; margin:0 auto; padding:0 20px;">
<ul style="list-style:none; margin:0; padding:0; display:flex; flex-wrap:wrap; gap:4px;">
<li><a href="/" style="display:block; padding:7px 14px; border-radius:4px; text-decoration:none; color:#333; font-size:14px; font-weight:600;">🏠 Home</a></li>
<li style="position:relative;" class="nav-dropdown">
<a href="#" style="display:block; padding:7px 14px; border-radius:4px; text-decoration:none; color:#333; font-size:14px;">Integration Guides ▼</a>
<ul class="dropdown-menu" style="display:none; position:absolute; top:100%; left:0; background:#fff; border:1px solid #dee2e6; border-radius:4px; min-width:200px; padding:6px 0; z-index:100; box-shadow:0 4px 12px rgba(0,0,0,0.1); list-style:none; margin:0;">
<li><a href="/integrate-2fa-php.aspx" style="display:block; padding:8px 16px; text-decoration:none; color:#333; font-size:14px;">PHP</a></li>
<li><a href="/integrate-2fa-python.aspx" style="display:block; padding:8px 16px; text-decoration:none; color:#333; font-size:14px;">Python</a></li>
<li><a href="/integrate-2fa-csharp.aspx" style="display:block; padding:8px 16px; text-decoration:none; color:#333; font-size:14px;">C#</a></li>
<li><a href="/integrate-2fa-javascript.aspx" style="display:block; padding:8px 16px; text-decoration:none; color:#333; font-size:14px;">JavaScript / Node.js</a></li>
<li><a href="/integrate-2fa-java.aspx" style="display:block; padding:8px 16px; text-decoration:none; color:#333; font-size:14px;">Java</a></li>
</ul>
</li>
<li><a href="/what-is-totp.aspx" style="display:block; padding:7px 14px; border-radius:4px; text-decoration:none; color:#333; font-size:14px;">What is TOTP?</a></li>
<li><a href="/totp-vs-hotp.aspx" style="display:block; padding:7px 14px; border-radius:4px; text-decoration:none; color:#333; font-size:14px;">TOTP vs HOTP</a></li>
<li><a href="/why-sms-2fa-is-insecure.aspx" style="display:block; padding:7px 14px; border-radius:4px; text-decoration:none; color:#333; font-size:14px;">Why SMS 2FA is Insecure</a></li>
<li><a href="/faq.aspx" style="display:block; padding:7px 14px; border-radius:4px; text-decoration:none; color:#333; font-size:14px;">FAQ</a></li>
</ul>
</div>
</nav>
<script>
// Simple dropdown toggle
document.querySelectorAll('.nav-dropdown > a').forEach(function (toggle) {
toggle.addEventListener('click', function (e) {
e.preventDefault();
var menu = this.nextElementSibling;
menu.style.display = menu.style.display === 'block' ? 'none' : 'block';
});
});
document.addEventListener('click', function (e) {
if (!e.target.closest('.nav-dropdown')) {
document.querySelectorAll('.dropdown-menu').forEach(function (m) { m.style.display = 'none'; });
}
});
</script>
<div class="jumbotron">
<img src="auth.png" style="float: left; margin-top:30px" width="50"/><h1 >Authenticator API.com</h1>
<p>An API for Google Authenticator</p>
<p><a class="btn btn-primary btn-lg" data-toggle="modal" data-target="#pairModal" role="button">Pair</a>
<a class="btn btn-primary btn-lg" data-toggle="modal" data-target="#ValidateModal" role="button">Validate</a>
</p>
</div>
<!-- COMPONENTS =========================================================== -->
<!-- Navs -->
<div class="row">
<div class="col-sm-12 col-lg-12">
<h2>Demo code</h2>
<div class="row">
<div class="col-sm-12 col-lg-12">
<p class="lead text-muted">To use Google Authenticator as a two-factor authentication method, you must first pair with the user's Google Authenticator App, by displaying a QR code to them. This QR code is generated using a secret code that only you know. When
the user logs in, they must enter the code displayed on their authenticator app, which you validate against the secret code used earlier.
</p>
<div class="tabbable">
<ul class="nav nav-tabs">
<li class="active"><a href="#tab11" data-toggle="tab">Pairing</a></li>
<li><a href="#tab12" data-toggle="tab">Validation</a></li>
</ul>
<div class="tab-content">
<div class="tab-pane active" id="tab11">
<p>You can use the <a href="/api.asmx?op=Pair">web service to pair</a>, or call "https://www.authenticatorApi.com/pair.aspx" with the following parameters:</p>
<ul>
<li><b>AppName</b> - Your application name, something brief, but recognizable</li>
<li><b>AppInfo</b> - Typically the user's name</li>
<li><b>SecretCode</b> - A secret code that only you know</li>
</ul>
<br/>
<i>Example:</i>
<pre>
<a href="https://www.authenticatorApi.com/pair.aspx?AppName=MyApp&AppInfo=John&SecretCode=12345678BXYT" target="_blank">https://www.authenticatorApi.com/pair.aspx?AppName=MyApp&AppInfo=John&SecretCode=12345678BXYT</a>
</pre>
</div>
<div class="tab-pane" id="tab12">
<p>You can use the <a href="/api.asmx?op=ValidatePin">web service to validate a pin</a>, or call "https://www.authenticatorApi.com/Validate.aspx" with the following parameters:</p>
<ul>
<li><b>Pin</b> - The user's pin</li>
<li><b>SecretCode</b> - The secret code used using Pairing</li>
</ul>
<br/>
<i>Example:</i>
<pre>
<a href="https://www.authenticatorApi.com/Validate.aspx?Pin=123456&SecretCode=12345678BXYT" target="_blank">https://www.authenticatorApi.com/Validate.aspx?Pin=123456&SecretCode=12345678BXYT</a>
</pre>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- Navbar -->
</div>
</div>
<!-- /container -->
<div class="container">
<hr>
<!-- What is 2FA -->
<div class="row">
<div class="col-sm-12 col-lg-12">
<h2>What is Two-Factor Authentication (2FA)?</h2>
<p class="lead text-muted">
Two-factor authentication (2FA) is a security mechanism that requires users to provide two separate
forms of verification before gaining access to an account or system. The first factor is typically
something the user knows — such as a password — while the second factor is something the
user possesses, such as a time-sensitive code generated by an authenticator app.
</p>
<p>
By requiring both factors, 2FA dramatically reduces the risk of unauthorised access, even if a
user’s password has been compromised. Authenticator app-based 2FA is considered significantly
more secure than SMS-based alternatives, which are vulnerable to SIM-swapping and interception attacks.
</p>
</div>
</div>
<hr>
<!-- What is TOTP -->
<div class="row">
<div class="col-sm-12 col-lg-12">
<h2>What is TOTP?</h2>
<p class="lead text-muted">
TOTP stands for <strong>Time-based One-Time Password</strong>, the open standard (defined in
<a href="https://datatracker.ietf.org/doc/html/rfc6238" target="_blank" rel="noopener">RFC 6238</a>)
that underpins Google Authenticator, Authy, Microsoft Authenticator, and most other authenticator apps.
</p>
<p>
A TOTP code is derived from a shared secret key and the current Unix timestamp, producing a new 6-digit
code every 30 seconds. Because codes expire rapidly and the shared secret never travels over the network
during login, TOTP is highly resistant to phishing and replay attacks. The algorithm is an open standard,
meaning any compliant implementation — including this API — is fully interoperable with
Google Authenticator and other TOTP-compatible apps.
</p>
</div>
</div>
<hr>
<!-- About the API -->
<div class="row">
<div class="col-sm-12 col-lg-12">
<h2>About This API</h2>
<p class="lead text-muted">
AuthenticatorAPI.com provides a simple, free, hosted REST API that allows developers to add
Google Authenticator-compatible two-factor authentication to any application, regardless of
programming language or platform.
</p>
<p>
There are no SDKs to install and no libraries to manage — just standard HTTP GET requests.
The API exposes two core operations:
</p>
<div class="row">
<div class="col-sm-6">
<div class="panel panel-default">
<div class="panel-heading"><strong>Pairing</strong></div>
<div class="panel-body">
Generates a QR code that the user scans with their Google Authenticator app. The QR code
encodes your application name, a user identifier, and a shared secret that you supply.
Once scanned, the authenticator app begins generating TOTP codes tied to that secret.
</div>
</div>
</div>
<div class="col-sm-6">
<div class="panel panel-default">
<div class="panel-heading"><strong>Validation</strong></div>
<div class="panel-body">
Verifies that a 6-digit PIN entered by a user matches the expected TOTP value for a given
secret at the current moment in time. The API handles the time-window logic, accepting
codes from a small interval around the current 30-second window to account for clock drift.
</div>
</div>
</div>
</div>
</div>
</div>
<hr>
<!-- How it works -->
<div class="row">
<div class="col-sm-12 col-lg-12">
<h2>How It Works</h2>
<p class="lead text-muted">Integrating Google Authenticator into your app takes just a few steps:</p>
<ol>
<li>When a user opts in to 2FA, your application calls the <strong>Pair</strong> endpoint with your
app name, a user identifier, and a secret code that you generate and store securely.</li>
<li>The API returns a QR code image URL that you display to the user.</li>
<li>The user opens their Google Authenticator app, taps the <strong>+</strong> button, and scans
the QR code.</li>
<li>From that point on, whenever the user logs in, they enter the 6-digit code currently shown
in their authenticator app.</li>
<li>Your application calls the <strong>Validate</strong> endpoint with the entered PIN and the
original secret code.</li>
<li>The API returns <code>true</code> or <code>false</code> — and you grant or deny access
accordingly.</li>
</ol>
</div>
</div>
<hr>
<!-- Use cases -->
<div class="row">
<div class="col-sm-12 col-lg-12">
<h2>Use Cases</h2>
<p class="lead text-muted">
AuthenticatorAPI.com is suitable for any scenario where you need to add a second layer of
authentication without building TOTP logic from scratch.
</p>
<div class="row">
<div class="col-sm-3">
<h4><span class="glyphicon glyphicon-globe"></span> Web Applications</h4>
<p>Protect admin panels, customer accounts, or sensitive data with a simple API call during login.</p>
</div>
<div class="col-sm-3">
<h4><span class="glyphicon glyphicon-lock"></span> Internal Tools</h4>
<p>Add 2FA to internal dashboards or employee portals without complex infrastructure or dependencies.</p>
</div>
<div class="col-sm-3">
<h4><span class="glyphicon glyphicon-wrench"></span> Legacy Systems</h4>
<p>Retrofit two-factor authentication onto existing systems that don’t natively support it.</p>
</div>
<div class="col-sm-3">
<h4><span class="glyphicon glyphicon-flash"></span> Rapid Prototyping</h4>
<p>Add working 2FA to a prototype in minutes using any language that can make HTTP GET requests.</p>
</div>
</div>
</div>
</div>
<hr>
<!-- Security -->
<div class="row">
<div class="col-sm-12 col-lg-12">
<h2>Security Considerations</h2>
<p class="lead text-muted">
When implementing two-factor authentication, keep the following best practices in mind:
</p>
<ul>
<li><strong>Keep your secret codes secure.</strong> The secret code used during pairing should be
stored in your database in encrypted form and never exposed to the client or included in
client-side code.</li>
<li><strong>Use HTTPS.</strong> Always call the API over HTTPS to prevent the secret code from
being intercepted in transit.</li>
<li><strong>Generate unique secrets per user.</strong> Each user should have their own randomly
generated secret code, so that a compromise of one account does not affect others.</li>
<li><strong>The API is stateless.</strong> AuthenticatorAPI.com does not store your secret codes.
They are used transiently during each request to generate or validate a TOTP value and are
never logged or persisted.</li>
<li><strong>Use a cryptographically random secret.</strong> Generate your secret codes using a
secure random number generator. A Base32-encoded string of at least 16 characters is recommended
for adequate entropy.</li>
</ul>
</div>
</div>
<hr>
<!-- Open Source -->
<div class="row">
<div class="col-sm-12 col-lg-12">
<h2>Open Source</h2>
<p>
The full source code for this API is available on
<a href="https://github.com/infiniteloopltd/AuthenticatorAPI.com" target="_blank" rel="noopener">GitHub</a>.
You are welcome to inspect the implementation, self-host it, or contribute improvements. The codebase
serves as a useful reference for anyone wanting to understand how TOTP generation and validation works
in practice, and is freely available under an open licence.
</p>
</div>
</div>
</div>
<!-- /content container -->
<footer class="text-center">
<p> <a href="https://github.com/infiniteloopltd/AuthenticatorAPI.com">Open Source</a> on GitHub | <a href="/Sponsors.aspx">With thanks to our GitHub Sponsors</a></a></a></p>
<p>© <%=DateTime.Now.Year %> <a href="http://www.infiniteloop.ie">Infinite Loop Development Ltd</a> |
<a href="/contact.aspx">Contact Us</a> |
<a href="/privacy.aspx">Privacy Policy</a>
</p>
</footer>
<!-- Main Scripts-->
<script
src="https://code.jquery.com/jquery-1.11.1.min.js"
integrity="sha256-VAvG3sHdS5LqTT+5A/aeq/bZGa/Uj04xKxY8KM/w9EE="
crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/js/bootstrap.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/bootbox.js/5.3.2/bootbox.min.js"></script>
<script src="app.js"></script>
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3658396-50"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-3658396-50');
</script>
<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- TweetJS.com -->
<ins class="adsbygoogle"
style="display:block"
data-ad-client="ca-pub-6435000594396515"
data-ad-slot="8229950486"
data-ad-format="auto"
data-full-width-responsive="true"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
<!-- Modal -->
<div id="pairModal" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Pairing with secret code "1234"</h4>
</div>
<div class="modal-body">
<center>
<%=PairingHtml %>
</center>
<p>Open your Google Authenticator App, and press the "+" icon in the top right, and then press "Scan Barcode"</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
<!-- Modal -->
<div id="ValidateModal" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Validating against secret code "1234"</h4>
</div>
<div class="modal-body">
<form class="form-horizontal">
<fieldset>
<!-- Text input-->
<div class="form-group">
<label class="col-md-4 control-label" for="pin">6 digit Pin</label>
<div class="col-md-4">
<input id="pin" name="pin" type="text" placeholder="6 digit Pin" class="form-control input-md">
</div>
</div>
<!-- Button -->
<div class="form-group">
<label class="col-md-4 control-label" for="btnValidate"></label>
<div class="col-md-4">
<button id="btnValidate" name="btnValidate" class="btn btn-primary">Validate</button>
</div>
</div>
</fieldset>
</form>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
</body>
</html>