The Two Factor API is used to perform the Two Factor authentication for the provided token. Two Factor authentication will only be required once for each token/deviceId combination.
The Two Factor authentication consists of these steps:
- Initiate SMS text message to the share user.
- Prompt the user for the Two Factor code
- Verify the Two Factor Code
Initiate Two Factor Authentication
URL: /api/apiauth/twofactorsms/{token}
Method: GET
Request Headers
Authorization | A Bearer authorization token, from auth token api. Example: Authorization: Bearer 123-BodrEJHrC43KejPcM0nzTl05gUMi3i8ruzGN |
Response
HTTP Status 200
message | Information on result |
type | Two Factor type, currently always set to sms |
auth_required | Boolean. If true Two Factor authentication must be performed. |
expiry | Date and time for the SMS two factor code expiry. ISO-8601. |
Verify Two Factor Code
URL: /api/apiauth/twofactorsms/{token}
Method: POST
Request
Form URL-encoded:
authcode | Two Factor Code received in the SMS text message |
Response
HTTP Status Code | Result |
200 | Accepted |
400 | Bad request, missing code |
401 | Rejected, wrong code |
403 | Rejected, no codes pending, possible expired code |
404 | Rejected, no codes available |
Response JSON Body
message | Information on result |