Authentication Methods
This article explains the different authentication methods your customers may encounter during the authorization process and how they relate to the data access methods used by UtilityAPI.
UtilityAPI supports a variety of authentication methods depending on the utility, the data access method, and the authentication options supported by the utility’s platform.
📘 What is authentication?
Authentication is how a utility account holder (UAH) proves their identity when authorizing access to their utility account. This is a required step in every authorization flow and may involve entering login credentials, verifying their identify via email or phone, or answering specific account-related questions.
🔌 How authentication relates to data access methods
Each data access method (Web Portal Adapter, Green Button Proxy, Green Button Hosting, and Green Button Hosting) supports one or more authentication methods, depending on what is made available by the utility.
For example:
-
Web portal adapter at PG&E requires login credentials + multifactor authentication
-
Green Button Oauth at Peninsula Clean Energy uses one-time passcode (OTP) via email or text
-
Green Button Hosting always uses the login credentials provided by the utility account holder
✅ Supported Authentication Methods
Below is a list of all authentication methods currently supported across UtilityAPI’s data access methods.
| Authentication Method | Description |
|---|---|
| Login Credentials | The utility account holder enters their username and password for their utility account. This is the most common authentication method. |
| One-Time Passcode (OTP) via Email | A temporary verification code is sent to the utility account holder’s email address. They must enter this code to complete authorization. |
| One-Time Passcode (OTP) via Text | A verification code is sent via SMS to the customer’s phone number on file with the utility. |
| Last Bill Lookup | The customer is asked to provide details from their most recent utility bill (e.g., billing amount, service date, invoice number). |
| Account Number Verification | The customer is required to enter their utility account number, often paired with ZIP code or address for verification. |
| Phone Number Lookup | The customer provides their phone number, which is matched against the utility’s records. Often used with an OTP. |
| Email Lookup | The customer provides their email address registered with the utility. This may trigger an OTP verification. |
| Address Lookup | The customer enters their service address to help match their utility account. May be used in combination with other methods. |
| Multi-Factor Authentication (MFA) | A second layer of authentication used alongside another method (typically Login Credentials). A code is sent via email, SMS, or authenticator app to complete verification. |
ℹ️ MFA is not a standalone authentication method. It is layered on top of another method, such as Login Credentials or OTP.
🔒 What if MFA is required but not supported by a data access method?
Some utilities require MFA, but UtilityAPI’s data access methods do not yet support MFA entry during the authorization flow. In these cases, the utility account holder (UAH) must disable MFA in their utility account settings in order to complete the authorization process.
You can view list of utilities that do not yet support MFA authentication.