Quickstart — your first integration
This section covers the minimum steps to make your first successful call. Full API documentation is available at https://api.tyntec.com/reference/silent-authentication/current.html#silent-authentication-api.
Before you start: you need your client_id, client_secret, and a registered redirect_uri. Contact your tyntec account manager to receive these.
Step 1 — Initiate the authentication flow
Redirect the user’s browser to the tyntec authorization endpoint.
GET https://api.tyntec.com/silent-auth/v1/oauth2/authorize
response_type = code
client_id = your_client_id
redirect_uri = your_callback_uri
scope = openid tt:phone_verify
state = random_csrf_token
login_hint = msisdn
Step 2 — Exchange the code for a token
After verification, tyntec redirects to your callback URL with a short-lived code. Exchange it server-side:
POST https://api.tyntec.com/silent-auth/v1/oauth2/token
grant_type = authorization_code
code = received_code
redirect_uri = your_callback_uri
client_id = your_client_id
client_secret = your_client_secret
A successful response returns an access_token (JWT) and refresh_token. The access_token contains the mobile_id claim. Decode it to check phone_number_verified, or call GET /oauth2/userinfo with the access_token as a Bearer token to retrieve the result as plain JSON without decoding the JWT.
Step 3 (optional) — Call /oauth2/userinfo
Instead of decoding the access_token JWT, you can call the UserInfo endpoint to retrieve the verification result as plain JSON:
GET https://api.tyntec.com/silent-auth/v1/oauth2/userinfo
Authorization: Bearer [access_token]
The response returns phone_number_verified (“true” or “false”), mobile_id, login_hint (the MSISDN from the request), and sub (a UUID on success, or “anonymous” on verification failure).