Two-way Strong ¦ Sign In ¦ New User

Application Programming Interface (API)



User Account


Test Environment

Web Application



Session Check

Session Check (Static)


Logout (Static)

Mobile Application

Mobile Login Check

Key Data Fields

Response Messages

Demo Examples

Powered By (Credit)

Technical Support



This technical manual describes how to integrate the Two-way Strong User Authentication System into Web applications and mobile apps. For Web applications, software developers use the Two-way Strong Application Programming Interface (API). For mobile apps, software developers add additional computer program code in their mobile apps to interact with the Two-way Strong User Authenticator. This manual is primarily for software developers.


The objective is to create an environment where computer users can log in to multiple software applications with both convenience and security. A typical user may have a dozen user accounts, each one of which requires a complex password to remember. Instead of having several accounts, the user can have one user account provided by Two-way Strong to log in to all the applications that are configured to connect to the Two-way Strong User Authentication System. Two-way Strong manages user account provisioning and management on behalf of other developers and organizations, ensuring that all registered user accounts are maintained by real persons. Software developers can reduce administrative overhead in maintaining and verifying user accounts that they would otherwise have to manage on their own without Two-way Strong. Two-way Strong helps developers to authenticate users with greater security on one hand, and on the other, helps registered users to log in to all their applications with convenience.

Web Operating Environment Use Case

A user may frequently use an online banking site, an e-commerce site, a social media site, and a secured site developed by their employer. All of these Web applications can be configured to use the Two-way Strong API. Once all applications have been configured, the user registered with Two-way Strong only needs to log in once to the first site that they use. Two-way Strong verifies the user's account and creates a unique session that by default remains active for six hours. Subsequent logins to other sites are done automatically through the Two-way Strong's session check mechanism. The same user authentication process that is used at the first login instance is applied to reverify the user's account upon access to subsequent sites.

Mobile Smartphone Operating Environment Use Case

A user may frequently use several mobile apps that require a user name and password. All of these mobile applications can be configured to connect to the Two-way Strong User Authenticator. The Two-way Strong User Authenticator is a mobile app that routinely connects to Two-way Strong's remote servers to check the validity of the user's account and to reverify the identity and authenticity of the user's account. Once all mobile apps have been configured, the user does not need to enter any user name and password into the configured apps. Upon access to a configured mobile app, user authentication is executed automatically to recheck the user's account and identity. The registered user will be denied access, if Two-way Strong returns a message that the account is invalid or no longer active.