Add 2FA to your Application with the Verify API and Golang SDK

When you've worked hard at building a web application that offers real value to your users, it can be really disheartening to see it abused. Leaked credentials, fake signups ... there is always a small minority seeking to use your platform for their own nefarious purposes. While it's next to impossible to prevent this from happening at some level, you can deter all but the most committed abusers by implementing two-factor-authentication (2FA).`Two-factor authentication is an extra layer of protection that requires your user to provide something more than just a username and password to use your service. This is typically access to a mobile device that can receive a security code that they then enter into your application as part of the registration or login process.`The Vonage Verify API makes it really straightforward to implement 2FA in your applications, which is what we're hoping to demonstrate in today's post. We'll be building a simple site for a fictitious company called Acme Inc, which requires users to register using their mobile device to add some level of protection against fraudulent use.`To complete this tutorial, you will need a Vonage API account. If you don’t have one already, you can sign up today and start building with free credit.`We're going to be using the Verify API to require users to prove that they own the device they want to register for our service with. The Verify API makes the whole two-factor authentication process really straightforward.`The Vonage Go SDK makes it easy to integrate 2FA into your application, and we'll be demonstrating how to use it in this tutorial.`To configure the Vonage Go SDK, you need to provide your API key and secret, which can be found in the Developer Dashboard. You don't want to just put those credentials directly in your code, because anyone who has access to your key and secret can make API calls at your expense.`We'll be using a .env file to store our API credentials securely.`To build the UI, we need to create several pages: the home page, registration page, verification code entry page, check code page, and clear route. We'll use Go templates to render these pages.`The base layout template includes an HTML header, CSS link, and a template directive that populates the page body with content from other templates.`We'll also add some CSS styles to make our application look like it was created by someone who cares.`To manage the user's session, we need to rely on cookie-based sessions. We'll use the Gorilla sessions module to handle this for us.`The home route handler checks if the registered session value is set and redirects to the registration page if not. The register route displays a form for users to enter their name and phone number, which are stored in the session cookie.`When the user submits the registration form, we initiate the verification process by calling the /verify route. This sends a code to the user's mobile device via SMS.`The verify route handler checks if the submitted form data is valid and initiates the verification process using the Vonage Go SDK. If everything goes smoothly, it redirects to the enter code page.`The check code route handler matches the entered PIN code with the one sent by the Verify API and stores the user's details in the session cookie if they match. If not, it logs an error message to the console.`Finally, we create a clear route that deletes the session cookie so users can "unregister" themselves from our application.`The complete application is launched when you run go run main.go and visit http://localhost:5000 in your browser.`This tutorial demonstrates how easy it is to use the Verify API and Go SDK to enable two-factor authentication in your applications. With a few lines of code, we've created a fully functional 2FA system that protects our users from malicious activities.`The demo could use some improvements, such as displaying a more graceful exit when the user enters an incorrect PIN code or providing a way for users to enter their phone numbers in a more user-friendly format. However, this is just one possible direction for future development.`To find out more about the Go SDK and Verify API, check out the following resources: