Two-factor authentication

Use these methods to check whether two-factor authentication (2FA) is enabled or disabled for a specific client, disable 2FA if it was previously enabled by a client and get data about 2FA methods.

GET[host]/api/v2/clients/{clientId}/2fa

Check 2FA status

GET[host]/api/v2/clients/{clientId}/2fa/{type}

Get 2FA method details

PUT[host]/api/v2/clients/{clientId}/2fa/{type}

PATCH[host]/api/v2/clients/{clientId}/2fa/{type}

Disable 2FA

Use these methods to get the log of 2FA-related changes made to client profiles.

GET[host]/api/v2/clients/{clientId}/2fa/changes

Get 2FA change history

GET[host]/api/v2/clients/{clientId}/2fa/changes/{changeId}

Get 2FA change details

Check 2FA status

Use this method to check whether 2FA is enabled or disabled for a client.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Path parameters:

clientId required

The client identifier.

GET[host]/api/v2/clients/{clientId}/2fa

curl --location --request GET 'https://host.name/api/v2/clients/1/2fa' \
--header 'Authorization: Bearer <token>'

Response

A response contains an array of objects providing the following data about available 2FA methods:

caption string

The name of a 2FA method.

isEnabled boolean

If true, 2FA with a given method is enabled for a client; otherwise, false.

name string

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • SMS — codes are delivered to a client phone number via SMS

RESPONSE EXAMPLE
{
    "total": 1,
    "data": [
      {
        "caption": "SMS Confirmation",
        "isEnabled": false,
        "name": "sms"
      },
      {
        "caption": "Google Authenticator",
        "isEnabled": true,
        "name": "google"
      }
    ]
  }

Get 2FA method details

Use this method to check whether a specific 2FA method is enabled or disabled for a client.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Path parameters:

clientId required

The client identifier.

type required

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • sms — codes are delivered to a client phone number via SMS

GET[host]/api/v2/clients/{clientId}/2fa/{type}

curl --location --request GET 'https://host.name/api/v2/clients/1/2fa/google' \
--header 'Authorization: Bearer <token>'

Response

A response includes the following data about a specified 2FA method:

caption string

The name of a 2FA method.

isEnabled boolean

If true, 2FA with a given method is enabled for a client; otherwise, false.

name string

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • sms — codes are delivered to a client phone number via SMS

RESPONSE EXAMPLE
{
    "caption": "SMS Confirmation",
    "isEnabled": false,
    "name": "sms"
  }

Disable 2FA

Use this method to disable 2FA for a specific client.

Note

Instead of the method described below, you can use a similar method that uses the HTTP verb PATCH.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Path parameters:

clientId required

The client identifier.

type required

The 2FA method that you want to disable for a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • sms — codes are delivered to a client phone number via SMS

PUT[host]/api/v2/clients/{clientId}/2fa/{type}

curl --location --request PUT 'https://host.name/api/v2/clients/1/2fa/google' \
--header 'Authorization: Bearer <token>'

Response

A response includes the following data about a 2FA method that was disabled:

caption string

The name of a 2FA method.

isEnabled boolean

If true, 2FA with a given method is enabled for a client; otherwise, false.

name string

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • sms — codes are delivered to a client phone number via SMS

RESPONSE EXAMPLE
{
    "caption": "Google Authenticator",
    "isEnabled": false,
    "name": "google"
  }

Get 2FA change history

Use this method to obtain the log of 2FA-related changes made for a specific client.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Query parameters:

The following filter parameters are available for this method:

isEnabled

If true, 2FA is enabled for a client; otherwise, false.

timeFrom

The start date and time of a period for which you want to get a log of 2FA changes.

timeTo

The end date and time of a period for which you want to get a log of 2FA changes.

provider

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • sms — codes are delivered to a client phone number via SMS

The following sorting parameter is available for this method:

time

The date and time when changes were made.

Refer to the Query parameters section of the API Overview for details on applying filter and sorting parameters.

Path parameters:

clientId required

The client identifier.

GET[host]/api/v2/clients/{clientId}/2fa/changes

curl --location -g --request GET 'https://host.name/api/v2/clients/1/2fa/changes?limit=10&offset=0&sort_order=desc&sort_by=time&filter[isEnabled]=true&filter[timeFrom]=2022-12-01T07:23:59%2B00:00&filter[timeTo]=2022-12-01T07:23:59%2B00:00&filter[provider]=sms' \
--header 'Authorization: Bearer <token>'

Response

A response includes an array of objects providing the following data about the 2FA-related changes matching the request parameters:

id integer

The identifier of a change record.

provider string

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • sms — codes are delivered to a client phone number via SMS

isEnabled boolean

If true, 2FA with a given method is enabled for a client; otherwise, false.

time string

The date and time when a change was made.

RESPONSE EXAMPLE
{
    "total": 3,
    "data": [
      {
        "id": 1,
        "provider": "sms",
        "isEnabled": false,
        "time": "2022-01-01T00:00:00+00:00"
      },
      {
        "id": 2,
        "provider": "sms",
        "isEnabled": false,
        "time": "2022-01-01T00:00:00+00:00"
      }
      {
        "id": 3,
        "provider": "google",
        "isEnabled": true,
        "time": "2022-01-01T00:00:00+00:00"
      }	  
    ]
  }

Get 2FA change details

Use this method to get detailed information about a specific 2FA change record.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Path parameters:

clientId required

The client identifier.

changeId required

The identifier of a change record.

GET[host]/api/v2/clients/{clientId}/2fa/changes/{changeId}

curl --location --request GET 'https://host.name/api/v2/clients/1/2fa/changes/1?limit=10&offset=0' \
--header 'Authorization: Bearer <token>'

Response

A response includes the following data about a specified 2FA change record:

id integer

The identifier of a change record.

provider string

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • sms — codes are delivered to a client phone number via SMS

isEnabled boolean

If true, 2FA with a given method is enabled for a client; otherwise, false.

time string

The date and time when a change was made.

RESPONSE EXAMPLE
{
    "id": 1,
    "provider": "sms",
    "isEnabled": false,
    "time": "2022-01-01T00:00:00+00:00"
  }