Contact Sales

All fields are required

Create a Multi-Factor Authentication AI Digital Employee | SignalWire
Developers

Create a Multi-Factor Authentication AI Digital Employee

Verify user identity with an AI Agent, SignalWire's MFA API, and REST API

FreeSWITCH Enterprise Support Lead

Len Graham

When so much of our lives exist across a vast expanse of online platforms, the need for robust security measures has never been more vital. This is where Multi-Factor Authentication (MFA) comes into play, adding an extra layer of security to digital endeavors.

Enabling MFA provides a higher level of security where users have to provide their password in addition to a one-time password sent via SMS to their mobile phones to access their accounts. The SignalWire MFA API allows you to easily add that layer of security to both new and existing applications, regardless of language or platform.

In this post, we’ll explore a code snippet written in Perl for a digital employee example built with SignalWire AI Agent along with the MFA API and REST API. With these tools, you can build a voice assistant that can send one-time six digit tokens via SMS and verify a user’s identity.

The Workflow

The send_mfa function and the verify_mfa operate within a web application framework, extracting necessary information from incoming requests and utilizing SignalWire's messaging platform to dispatch the MFA token. Here's a step-by-step breakdown of how it works:

  1. Initialization: The script begins by initializing necessary components and decoding incoming request data to extract the user's phone number and other relevant data.

  2. SignalWire REST API Setup: It then prepares the SignalWire REST API with necessary credentials, including the account SID, auth token, and the space URL.

  3. Sending the SMS: With the API ready, the script sends an HTTP POST request to SignalWire's MFA endpoint. This request includes the user's phone number, the sender's phone number (the number assigned to the AI Agent), and parameters specifying the token's length, validity period, and maximum attempt count.

  4. Handling the Response: Upon receiving the response from SignalWire, the script decodes it to determine the outcome. If successful, it sends a confirmation back to the user, indicating that the 6-digit number has been sent. In case of failure, it notifies the user to try again. The user will have 4 attempts to give the AI agent the correct 6-digit number in order to mitigate the risk of a computer-generated attempt at guessing this number.

  5. Broadcasting the Outcome: Throughout the process, the script also broadcasts updates to a specified agent ID, ensuring transparency and allowing for real-time tracking of the verification process.

The send_mfa Function

The send_mfa function is the point in the MFA process designed to send a 6-digit token to the user via text message. This function is part of a Perl script that interfaces with SignalWire's REST API and the MFA API, leveraging its capabilities to enhance user security through MFA.

Code Snippet Analysis

The Perl script showcases the practical implementation of the send_mfa function, from initializing the web application components to sending the SMS and handling the response.

SignalWire::ML and SignalWire::RestAPI facilitate interaction with SignalWire's messaging and REST API, enabling the script to send SMS messages and handle responses effectively.

The script dynamically adjusts the response based on the success or failure of the SMS sending operation, providing clear feedback to the user. Meanwhile, parameters like token_length, valid_for, and max_attempts add layers of security and flexibility, allowing for customization based on specific requirements.

Note that the "to" number is the user's phone number, and the "from" number is the sender's number, with the sender being the AI agent.

The verify_mfa Function

The verify_mfa function is designed to validate a token previously sent to the user, acting as the final gatekeeper before granting access. Verification ensures that the user not only possesses the correct credentials, but also holds the token sent to their device, adding an extra layer of security.

Code Snippet Analysis

The provided Perl code illustrates the practical application of the verify_mfa function, showcasing the seamless integration of MFA verification into a web application's authentication flow.

The script adeptly handles the verification response, adjusting its actions based on the outcome to provide immediate feedback. By verifying tokens through a secure API call, the verify_mfa function reinforces the security of the authentication process, ensuring only verified users proceed.

AI Agent Prompt

The prompt is the backbone of an AI Agent’s personality. It allows you to assign a name, language, and any skills or specialities to the agent. This prompt is written in plain language and structured in Markdown.

This is the space where we instruct the AI agent on the conversation flow and explain that it will be sending and verifying MFA requests.

In addition to describing the verify_mfa function and the send_mfa function to the AI assistant, we can also instruct it to stay on task and strictly follow a conversational script or flow.

SignalWire’s AI Agent for Voice allows you to build and deploy your own digital employee. Powered by advanced natural language processing (NLP) capabilities, your digital employee will understand caller intent, retain context, and generally behave in a way that feels “human-like.”

Start building for free today by signing up for a SignalWire Space, exploring our developer documentation, and bringing your questions to our community on Slack.

Related Articles