Implementation of Two-Factor Authentication (2FA) Using a REST API-Based WhatsApp Gateway to Prevent Fake Bidders on an Online Auction Platform

Penulis

  • Rizky Parlika Universitas Pembangunan Nasional “Veteran” Jawa Timur Penulis
  • Hamdi Indra Universitas Persada Bunda Penulis
  • Tegar Satria Kirana Universitas Pembangunan Nasional “Veteran” Jawa Timur Penulis

DOI:

https://doi.org/10.66485/jsti.v1i2.19

Kata Kunci:

Two-Factor; Authentication; WhatsApp Gateway; REST API; Webhook.

Abstrak

Account security and identity validity are crucial aspects of online auction platforms to prevent price manipulation by fake bidders. Conventional authentication methods are often vulnerable to cyber-attacks or compromise user convenience for the sake of security. This study aims to implement a Two-Factor Authentication (2FA) system on the Mokasindo auction platform using WhatsApp Gateway integrated via REST API technology. The development method includes Webhook mechanisms for real-time user phone number validation and AJAX Short Polling techniques to deliver auto-login features without page refreshing. Black Box testing results indicate that the system successfully verifies user identity accurately and mitigates the risk of fictitious account registration. This implementation offers an optimal balance between system security and User Experience (UX), with an average recorded verification process latency of only 3.5 seconds. This solution proves effective in creating a more secure, responsive, and trustworthy auction ecosystem for users.

Referensi

Amin, N., & Salim, S. A. (2025). RESEARCH IN MANAGEMENT OF TECHNOLOGY AND RMTB The Relationship between Security Satisfaction in Digital Wallet Services. 6(2), 374–387.

Amin, R. K., Khayat, G. A. El, Sahn, F. El, & Amer, A. A. (2025). Enhancing E-Banking Security and Personalization through Convolutional Neural Network-Based Facial Recognition. 3. https://doi.org/10.3844/jcssp.2025.2323.2336

Asfari, D. Y., Ruslan, D. D., Syahira, A., & Amir, A. S. (2025). Students and Fake News : Exploring Digital Literacy and Information Security Among Young Adults. 1(6), 198–204.

Ashari, I. F., Zuhdi, M. F., Gagaman, M. T., & Denira, S. T. (2022). Kolepa Mobile Application Development Based on Android Using SCRUM Method ( Case Study : Kolepa Minigolf and Coffe Shop ). 6(1), 104–112.

Blessing, J., Hugenroth, D., Anderson, R. J., & Beresford, A. R. (2021). SoK : Web Authentication in the Age of End-to-End Encryption.

Brown, J. (2025). LSU Scholarly Repository From Devices to the Cloud : Digital Forensics in the Changing Social Media Landscape FROM DEVICES TO THE CLOUD : DIGITAL FORENSICS IN THE CHANGING SOCIAL MEDIA.

Care, E. (2025). Digitalization for Improving Elder Care.

Daffalla, A., Bohuk, M., Dell, N., Tech, C., Bellini, R., Ristenpart, T., Tech, C., & Symposium, U. S. (2023). Account Security Interfaces : Important , Unintuitive , and Untrustworthy.

Gsu, S. (2025). Deciding to Fail : Three Essays.

Imanova, S., & Mahmudova, S. (2025). Cyberattacks and social media account security 1. 105–113. https://doi.org/10.21303/2313-8416.2025.003766

Jeevarathinam, A., & Akilan, E. (2025). Graphical Click Point Authentication : Enhancing Resistance against Shoulder Surfing. 8(3). https://doi.org/10.15680/IJMRSET.2025.0803209

Kashmar, N., Adda, M., Atieh, M., & Ibrahim, H. (2016). ACCESS CONTROL IN CYBERSECURITY AND SOCIAL MEDIA. 2002, 69–105.

Kumar, A., Somya, J., Sahoo, R., & Kaubiyal, J. (2021). Online social networks security and privacy : comprehensive review and analysis. Complex & Intelligent Systems, 0123456789. https://doi.org/10.1007/s40747-021-00409-7

Kurniawan, R. D., Yohannis, A., & Atmojo, W. T. (2025). Sentiment Analysis of Getcontact Application Reviews on Google Play Store Using Naive Bayes Algorithm. 6(4), 2848–2858.

Mehta, A., Vora, D., & Khatri, J. (2021). A Review of Social Engineering Attacks and their Mitigation Solutions. 10(10), 215–220.

Mostafa, E., Hassan, M. M., & Said, W. (2023). An Interactive Multi-Factor User Authentication Framework in Cloud Computing. 23(8).

Nabeel Al-Qirim, Kamel Rouibah, Hasan Abbas, Y. H. (2022). Factors Affecting the Success of Social Commerce in Kuwaiti Microbusinesses : 30(1), 1–31. https://doi.org/10.4018/JGIM.313944

Nasution, A. B., Yugo, A., & Hrp, N. (2024). Implementation of OTP Code as Application Login Verification Via Whatsapp Implementasi Kode OTP Sebagai Verifikasi Login Aplikasi Via Whatsapp. 3(4), 395–402.

Nonye Benedeth Ezeaka, E. E. I. (2024). INFLUENCE OF WHATSAPP ONLINE PHISHING MESSAGES ON DATA SECURITY AMONG UNDERGRADUATES IN ANAMBRA STATE. 7(4), 273–282. https://doi.org/10.52589/AJSSHR-LR7BIBZD

Nyasvisvo, B., & Chigada, J. M. (2023). Phishing Attacks : A Security Challenge for University Students Studying Remotely Phishing Attacks : A Security Challenge for University Students Studying Remotely. 15(2).

Pandey, S., & Chauhan, N. (2025). Eliminating Credential Risk : A Lightweight Data Access System For Public Devices. 706–710. https://doi.org/10.48175/IJARSCT-25689

Pardede, I. A., & Marbun, N. (2024). Journal of Computer Networks , Architecture and High Performance Computing Design of Goods Inventory Information System Using Visual Basic . Net ( Case Study : CV . Barokah Medan ) Journal of Computer Networks , Architecture and High Performance Computing. 6(3), 967–975.

Parlika, R. (2020). IMPLEMENTASI API REGION VISUAL BASIC 6 UNTUK MEMBENTUK HURUF IMPLEMENTASI API REGION VISUAL BASIC 6 UNTUK MEMBENTUK. December. https://doi.org/10.36564/njca.v5i2.191

Rights, M. (2023). City , University of London Institutional Repository City , University of London Blockchain based ecosystems : a complex systems approach.

Waldemar Karwowski, P. M. (2022). Human-Computer Interaction and Cybersecurity Handbook.

Unduhan

Diterbitkan

2026-04-30

Terbitan

Vol 1 No 2 (2026): April 2026

Bagian

Articles

Lisensi

Hak Cipta (c) 2026 Rizki Parlika, Hamdi Indra, Tegar Satria Kirana

Creative Commons License

Artikel ini berlisensiCreative Commons Attribution-ShareAlike 4.0 International License.