The Two Factor API is used to perform the Two Factor authentication for the provided token. Two Factor authentication will only be required once for each token/deviceId combination.
The Two Factor authentication consists of these steps:
- Initiate SMS text message to the share user.
- Prompt the user for the Two Factor code
- Verify the Two Factor Code
Initiate Two Factor Authentication
URL: /api/apiauth/twofactorsms/{token}
Method: GET
Request Headers
| Authorization | A Bearer authorization token, from auth token api. Example: Authorization: Bearer 123-BodrEJHrC43KejPcM0nzTl05gUMi3i8ruzGN |
Response
HTTP Status 200
| message | Information on result |
| type | Two Factor type, currently always set to sms |
| auth_required | Boolean. If true Two Factor authentication must be performed. |
| expiry | Date and time for the SMS two factor code expiry. ISO-8601. |
Verify Two Factor Code
URL: /api/apiauth/twofactorsms/{token}
Method: POST
Request
Form URL-encoded:
| authcode | Two Factor Code received in the SMS text message |
Response
| HTTP Status Code | Result |
| 200 | Accepted |
| 400 | Bad request, missing code |
| 401 | Rejected, wrong code |
| 403 | Rejected, no codes pending, possible expired code |
| 404 | Rejected, no codes available |
Response JSON Body
| message | Information on result |