Connect

Connect your application to the mobile network for real-time fraud detection and frictionless authentication. Query SIM swap, call forwarding, and device swap signals before every sensitive action — or go fully passwordless with Silent Authentication, which verifies users automatically in the background without sending a single OTP. Simple API calls, no user interaction required.

Quick Start

Quickstart — your first integration

This section covers the minimum steps to make your first successful call. Full API documentation is available at https://api.tyntec.com/reference/silent-authentication/current.html#silent-authentication-api.

Before you start: you need your client_id, client_secret, and a registered redirect_uri. Contact your tyntec account manager to receive these.

Step 1 — Initiate the authentication flow

Redirect the user’s browser to the tyntec authorization endpoint.

GET https://api.tyntec.com/silent-auth/v1/oauth2/authorize
  response_type = code
  client_id     = <your_client_id>
  redirect_uri  = <your_callback_uri>
  scope         = openid tt:phone_verify
  state         = <random_csrf_token>
  login_hint    = <msisdn>

Step 2 — Exchange the code for a token

After verification, tyntec redirects to your callback URL with a short-lived code. Exchange it server-side:

 POST https://api.tyntec.com/silent-auth/v1/oauth2/token

  grant_type    = authorization_code
  code          = <received_code>
  redirect_uri  = <your_callback_uri>
  client_id     = <your_client_id>
  client_secret = <your_client_secret>

A successful response returns an access_token (JWT) and refresh_token. The access_token contains the mobile_id claim. Decode it to check phone_number_verified, or call GET /oauth2/userinfo with the access_token as a Bearer token to retrieve the result as plain JSON without decoding the JWT.

Step 3 (optional) — Call /oauth2/userinfo

Instead of decoding the access_token JWT, you can call the UserInfo endpoint to retrieve the verification result as plain JSON:

GET https://api.tyntec.com/silent-auth/v1/oauth2/userinfo
Authorization: Bearer <access_token>

The response returns phone_number_verified (“true” or “false”), mobile_id, login_hint (the MSISDN from the request), and sub (a UUID on success, or “anonymous” on verification failure).