Getting started with Circle Lite

Before you Start

This application will be created using an apache server. You will need to download XAMPP or similar software.


You will also need to add your application to the Circle Access Console. This can be done through the following guide.


Circle Access

Select the option to add email to register your email address

After entering your email you will be provided an authentication code. Enter the code and tap Process Verification.

You are now ready to set-up 2FA


to set-up the application files first navigate to your XAMPP htdocs folder

Default: C:\xampp\htdocs

Create a folder for your project, for this example I created circleaccessdemo

Download the following project files and extract it into the project folder

This contains all of the Circle API functions for creating your 2FA.

In the Includes sub folder open your config.php file you should see the following:

define('APP_NAME', '<>');
define('APP_KEY', '<>');
define('READ_KEY', '<>');
define('WRITE_KEY', '<>');

You will want to replace the <> with the information from your application.

This can be found at


Click on info

And you will see the following:

Creating MFA

In your project folder create a new file named redirection.php

First we will add the following prerequisites:

include_once ("./includes/circleApi.php");

Next we will add the following variables that will pull the information from the URL used for authenticating the user:

$userID = $_REQUEST["userID"];
$sessionID = $_REQUEST["sessionID"];
$sessionInfo = getSession($sessionID);
$userFromSession = $sessionInfo["data"]["userID"];
$isUserOkay = $userID == $userFromSession;

We will add the following to check that the user has a an email address set-up on the Circle Access App:

    header("Location: https://internal.circlesecurity.ai/api/circleaccess/missing/?return_url=http://localhost/circleaccessdemo/");

We will then take the Hashed users email.

$userHashedEmailFromSession = $sessionInfo["data"]["userHashedEmails"];

Normally the following steps would utilize a Database. However we will go without it for this example.

Instead, we will manually set the email like this:

$myEmail = "[email protected]";
$myHashedEmail = hashText($myEmail);
$emailExists = false;
foreach ($userHashedEmailFromSession as $sessionHashedEmail) {
    if ($sessionHashedEmail == $myHashedEmail) {
        $emailExists  = true;

Finally, we will verify that the user email address matches and redirect them to another page. In this case it's loggedin.php

if ($isUserOkay){
    if($userHashedEmailFromSession == "" || $emailExists == false){
        header("Location: https://internal.circlesecurity.ai/api/circleaccess/missing/?return_url=http://localhost/circleaccessdemo/");

    $_SESSION["userID"] = $userID; 
    header("Location: loggedin.php");
    echo "your real call failed";

We will now create the loggedin.php page ourselves. On this page we will verify that the user ID is correct.



if (isset($_SESSION["userID"])) {
 echo "welcome to logged in website";


To verify that everything is working open XAMPP and click start for Apache.

Open your web browser and in the URL enter


replace the <foldername> with the name of your project folder. You should see something like this.

Click on the button, and you will be given a QR code.

On your mobile device tap the Authenticate in the Circle Access app. Then tap Scan to Start.

Scan the QR code for the authentication to start.

Once the authentication has completed your web page will change and you will see the following: