B2Core API REST API The Front Office API Two-factor authentication

Two-factor authentication

Use these methods to authenticate a client in the B2Core UI by following a 2FA authentication procedure.

Note

To authenticate a client, initialize the Sign In Wizard, and then use the method to sign in to the B2Core UI. Next, run the 2FA methods listed below to complete the authentication procedure.

POST[host]/api/v2/my/signin/2fa	Choose a 2FA method
POST[host]/api/v2/my/2fa/google	Authenticate with Google Authenticator
POST[host]/api/v2/my/2fa/sms	Authenticate with SMS

Use these methods to run 2FA procedures for authorized and unauthorized clients and obtain the success token required for performing certain operations (such as operations of changing or restoring client passwords).

GET[host]/api/v2/my/2fa/challenge	Initiate a 2FA procedure for an authorized client
GET[host]/api/v2/my/2fa/unauthorized/challenge	Initiate a 2FA procedure for an unauthorized client
POST[host]/api/v2/my/2fa/challenge	Complete the initiated 2FA procedure

Use these methods to check whether 2FA is enabled or disabled for a client and get data about 2FA methods.

GET[host]/api/v2/my/2fa	Check 2FA status
GET[host]/api/v2/my/2fa/{type}	Get 2FA method details

Use these methods to enable or disable 2FA for a client.

GET[host]/api/v2/my/2fa/{type}/enable/wizard	Initialize a wizard for enabling 2FA
GET[host]/api/v2/my/2fa/{type}/disable/wizard	Initialize a wizard for disabling 2FA
POST[host]/api/v2/my/2fa/wizard	Enable or disable 2FA

Use these methods to get the log of 2FA-related changes made to a client profile.

GET[host]/api/v2/my/2fa/changes	Get 2FA change history
GET[host]/api/v2/my/2fa/changes/{changeId}	Get 2FA change details

Choose a 2FA method

Use this method to specify which 2FA method (the Google Authenticator app or SMS codes) should be used for authentication in the B2Core UI if both 2FA methods are enabled for a client.

Request

Body:

uuid string required

The universally unique identifier (UUID) assigned to a client authentication session.

This identifier is obtained after initializing the Sign In Wizard.

type string required

The 2FA method to be used for authentication. Possible values:

google — a code from the Google Authenticator app
sms — a code sent to a client phone number via SMS

POST[host]/api/v2/my/signin/2fa

curl --location --request POST 'https://host.name/api/v2/my/signin/2fa' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "type": "google"
}'

Response

code integer

An HTTP code specifying the current step of an authentication process:

HTTP code 200 for an intermediary step after which another page of an authentication form is displayed to a client
HTTP code 202 for a final wizard step signaling that client authentication succeeded

data object or null

Always null.

done boolean

Always false, indicating that 2FA with a selected method must be completed.

uuid string

The universally unique identifier (UUID) assigned to a client authentication session.

workflow string

A string value indicating the next step of an authentication procedure. Possible values:

2fa_google_auth — use Google Authenticator to secure access to the B2Core UI
2fa_sms_auth — use an SMS code to secure access to the B2Core UI

    RESPONSE EXAMPLE
  
{
    "code": 200,
    "data": null,
    "done": false,
    "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
    "workflow": "2fa_google_auth"
  }

Use Google Authenticator to secure access to the B2Core UI

Use this method to authenticate a client in the B2Core UI using Google Authenticator.

Request

Body:

uuid string required: The universally unique identifier (UUID) assigned to a client authentication session.
code string required: The Google Authenticator code that is used to obtain the access token.

POST[host]/api/v2/my/2fa/google

curl --location --request POST 'https://host.name/api/v2/my/2fa/google' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "code": "123456"
}'

Response

code integer

An HTTP code specifying the current step of an authentication process:

HTTP code 200 for an intermediary step after which another page of an authentication form is displayed to a user
HTTP code 202 for a final wizard step signaling that user authentication succeeded

data object or null

The access token and refresh token data:

Show object fields

token string: The access or refresh token.
createdAt string: The date and time when a token was generated.
expiresAt string: The date and time when a token is due to expire.

done boolean

If true, authentication has succeeded; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a client authentication session.

workflow string

A string value indicating the next step of an authentication procedure.

    RESPONSE EXAMPLE
  
{  
  "code": 202,
  "data": {
    "accessToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2022-01-01T00:00:00+00:00",
      "expiresAt": "2022-01-01T00:00:00+00:00"
    },
    "refreshToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2022-01-01T00:00:00+00:00",
      "expiresAt": "2022-01-01T00:00:00+00:00"
    }
  },
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "login",
}

Use an SMS code to secure access to the B2Core UI

Use this method to use an SMS code for client authentication in the B2Core UI.

Request

Body:

uuid string required: The universally unique identifier (UUID) assigned to a client authentication session.
code string required: The SMS code that is used to obtain the access token.

POST[host]/api/v2/my/2fa/sms

curl --location --request POST 'https://host.name/api/v2/my/2fa/sms' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "code": "123456"
}'

Response

code integer

An HTTP code specifying the current step of an authentication process:

HTTP code 200 for an intermediary step after which another page of an authentication form is displayed to a user
HTTP code 202 for a final wizard step signaling that user authentication succeeded

data object or null

The access token and refresh token data:

Show object fields

token string: The access or refresh token.
createdAt string: The date and time when a token was generated.
expiresAt string: The date and time when a token is due to expire.

done boolean

If true, authentication has succeeded; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a client authentication session.

workflow string

A string value indicating the next step of an authentication procedure.

    RESPONSE EXAMPLE
  
{  
  "code": 202,
  "data": {
    "accessToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2022-01-01T00:00:00+00:00",
      "expiresAt": "2022-01-01T00:00:00+00:00"
    },
    "refreshToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2022-01-01T00:00:00+00:00",
      "expiresAt": "2022-01-01T00:00:00+00:00"
    }
  },
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "login"
}

Initiate a 2FA procedure for an authorized client

Use this method to initiate a 2FA procedure for an authorized client.

Request

Path parameters:

businessProcess required: The type of an operation for which confirmation with a 2FA code is required (such as changePassword).

GET[host]/api/v2/my/2fa/challenge

curl --location --request GET 'https://host.name/api/v2/my/2fa/challenge?businessProcess=changePassword' \
--header 'Authorization: Bearer <token>'

Response

A response contains the following data:

token string: The confirmation token required to complete the initiated 2FA procedure.
provider string: The method used to deliver a 2FA code. Always email.
expiresAt string: The date and time when the confirmation token and 2FA code are due to expire.

    RESPONSE EXAMPLE
  
{
  "token": "893f59c2-5905-436c-8ee2-643c4a69555f",
  "provider": "email",
  "expiresAt": "2022-01-01T00:00:00+00:00" 
 }

Initiate a 2FA procedure for an unauthorized client

Use this method to initiate a 2FA procedure for a client who is not signed in to the B2Core UI.

Request

Header parameters:

Authorization: Bearer <token>

Path parameters:

businessProcess required: The type of an operation for which confirmation with a 2FA code is required (such as restorePassword).
email required: The client email address.

GET[host]/api/v2/my/2fa/unauthorized/challenge

curl --location --request GET 'https://host.name/api/v2/my/2fa/unauthorized/challenge?businessProcess=restorePassword&email=example@gmail.com' \
--header 'Authorization: Bearer <token>'

Response

A response contains the following data:

token string: The confirmation token required to complete the initiated 2FA procedure.
provider string: The method used to deliver a 2FA code. Always email.
expiresAt string: The date and time when the confirmation token and 2FA code are due to expire.

    RESPONSE EXAMPLE
  
{
    "token": "b2fcf999-2b0b-451d-9888-094a79117aa5",
    "provider": "email",
    "expiresAt": "2022-01-01T00:00:00+00:00"
  }

Complete the initiated 2FA procedure

Use this method to complete the initiated 2FA procedure and obtain the success token required for performing certain operations (such as a password change operation or password recovery operation).

Request

Body:

token string required: The confirmation token obtained after a 2FA procedure has been initiated for an authorized or unauthorized client.
code string required: The 2FA code delivered to a client email address.

POST[host]/api/v2/my/2fa/challenge

curl --location --request POST 'https://host.name/api/v2/my/2fa/challenge' \
--header 'Authorization: Bearer <token>'
--data-raw '{
  "token": "893f59c2-5905-436c-8ee2-643c4a69555f"
  "code": "57448"
}'

Response

A response contains the following data:

successToken string: The success token.
expiresAt string: The date and time when the success token is due to expire.

    RESPONSE EXAMPLE
  
{
  "token": "3929dfe8-161a-428c-9c71-fde728fe7285",
  "expiresAt": "2022-01-01T00:00:00+00:00" 
 }

Check 2FA status

Use this method to check whether 2FA is enabled or disabled for the currently authenticated client.

Request

Header parameters:

Authorization: Bearer <access_token>

GET[host]/api/v2/my/2fa

curl --location --request GET 'https://host.name/api/v2/my/2fa?limit=10&offset=0' \
--header 'Authorization: Bearer <token>'

Response

A response contains an array of objects providing the following data about available 2FA methods:

caption string

The name of a 2FA method.

isEnabled boolean

If true, 2FA with a given method is enabled for a client; otherwise, false.

name string

The method used to deliver 2FA codes to a client. Possible values:

google — codes from the Google Authenticator app are used for confirmation
SMS — codes are delivered to a client phone number via SMS

    RESPONSE EXAMPLE
  
{
    "total": 2,
    "data": [
      {
        "caption": "SMS Confirmation",
        "isEnabled": true,
        "name": "sms"
      },
      {
        "caption": "Google Authenticator",
        "isEnabled": false,
        "name": "google"
      }
    ]
  }

Get 2FA method details

Use this method to check whether a specific 2FA method is enabled or disabled for the currently authenticated client.

Request

Header parameters:

Authorization: Bearer <access_token>

Path parameters:

type required

The method used to deliver 2FA codes to a client. Possible values:

google — codes from the Google Authenticator app are used for confirmation
sms — codes are delivered to a client phone number via SMS

GET[host]/api/v2/my/2fa/{type}

curl --location --request GET 'https://host.name/api/v2/my/2fa/google?limit=10&offset=0' \
--header 'Authorization: Bearer <token>'

Response

A response includes the following data about a specified 2FA method:

caption string

The name of a 2FA method.

isEnabled boolean

If true, 2FA with a given method is enabled for a client; otherwise, false.

name string

The method used to deliver 2FA codes to a client. Possible values:

google — codes from the Google Authenticator app are used for confirmation
sms — codes are delivered to a client phone number via SMS

    RESPONSE EXAMPLE
  
{
    "caption": "Google Authenticator",
    "isEnabled": false,
    "name": "google"
  }

Initialize a wizard for enabling 2FA

To enable 2FA for a client, initialize a wizard for enabling 2FA, and then enable a selected 2FA method.

Request

Header parameters:

Authorization: Bearer <access_token>

Path parameters:

type required

The 2FA method that you want to enable for a client. Possible values:

google — codes from the Google Authenticator app are used for confirmation
sms — codes are delivered to a client phone number via SMS

GET[host]/api/v2/my/2fa/{type}/enable/wizard

curl --location --request GET 'https://host.name/api/v2/my/2fa/google/enable/wizard' \
--header 'Authorization: Bearer <token>'

Response

code integer

An HTTP code specifying the current step of a procedure of enabling 2FA:

HTTP code 200 for an intermediary step after which another page of a form used to enable 2FA is displayed to a client
HTTP code 202 for a final wizard step signaling that 2FA was successfully enabled

key string

A security key required for enabling 2FA with the Google Authenticator app.

done boolean

If true, 2FA was successfully enabled.
If false, confirmation with a verification code is required to enable 2FA.

uuid string

The universally unique identifier (UUID) assigned to a procedure of enabling 2FA.

workflow string

A string value indicating the next step of a procedure of enabling 2FA:

2fa_google — at the next step, enable 2FA with Google Authenticator.
2fa_sms_phone_create — at the next step, add a phone number for use with 2FA (see Enable 2FA with SMS).

    RESPONSE EXAMPLE
  
{
  "code": 200,
  "data": {
    "key": "TPYXG33M4LOHFJHB"
  },
  "done": false,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "2fa_google"
}
{
  "code": 200,
  "data": null,
  "done": false,
  "uuid": "c392816d-255f-48b0-a2b4-b315c30816a5",
  "workflow": "2fa_sms_phone_create"
}

Initialize a wizard for disabling 2FA

To disable 2FA for a client, initialize a wizard for disabling 2FA, and then disable a selected 2FA method.

Request

Header parameters:

Authorization: Bearer <access_token>

Path parameters:

type required

The 2FA method that you want to disable for a client. Possible values:

google — codes from the Google Authenticator app are used for confirmation
sms — codes are delivered to a client phone number via SMS

GET[host]/api/v2/my/2fa/{type}/disable/wizard

curl --location --request GET 'https://host.name/api/v2/my/2fa/google/disable/wizard' \
--header 'Authorization: Bearer <token>'

Response

code integer

An HTTP code specifying the current step of a procedure of disabling 2FA:

HTTP code 200 for an intermediary step after which another page of a form used for disabling 2FA is displayed to a client
HTTP code 202 for a final wizard step signaling that 2FA was successfully disabled

done boolean

If true, 2FA was successfully disabled.
If false, confirmation with a verification code is required to disable 2FA.

uuid string: The universally unique identifier (UUID) assigned to a procedure of disabling 2FA.
workflow string: A string value indicating the next step of a procedure of disabling 2FA.

    RESPONSE EXAMPLE
  
{
  "code": 200,
  "data": null,
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "2fa_google"
}

Next, use the method to disable 2FA.

Enable or disable 2FA

Use the methods described below to enable or disable 2FA for the currently authenticated client after a corresponding wizard for enabling or disabling 2FA has been initialized.

Enable 2FA with Google Authenticator
Enable 2FA with SMS
Disable 2FA

Enable 2FA with Google Authenticator

After initializing a wizard for enabling 2FA, use this method to enable 2FA with the Google Authenticator app.

Request

Header parameters:

Authorization: Bearer <access_token>

Request

Body:

uuid string required: The universally unique identifier (UUID) obtained after initializing a wizard for enabling 2FA.
action string required: Specify code to indicate that a verification code is required to enable 2FA.
code string required: The verification code from the Google Authenticator app.
key string required: The security code obtained after initializing a wizard for enabling 2FA.

POST[host]/api/v2/my/2fa/wizard

curl --location --request POST 'https://host.name/api/v2/my/2fa/wizard' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "action": "code",
  "code": "84112",
  "key": "TPYXG33M4LOHFJHB"
}'

Response

code integer

An HTTP code specifying the current step of a procedure of enabling 2FA:

HTTP code 200 for an intermediary step after which another page of a form used for enabling 2FA is displayed to a client
HTTP code 202 for a final wizard step signaling that 2FA was successfully enabled

done boolean

If true, 2FA was successfully enabled; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a procedure of enabling 2FA.

workflow string

A string value indicating the final step of a procedure of enabling 2FA.

    RESPONSE EXAMPLE
  
{
    "code": 202,
    "data": [],
    "done": true,
    "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
    "workflow": "B2B\\TCA\\Wizards\\Workflow\\TerminateWorkflow"
  }

Enable 2FA with SMS

After initializing a wizard for enabling 2FA, enable 2FA with SMS by doing the following:

Add a phone number for use with 2FA, by sending the following request:

POST[host]/api/v2/my/2fa/wizard

In the request body, specify the uuid and phone parameters.

Confirm the specified phone number and enable 2FA by sending the same request:

POST[host]/api/v2/my/2fa/wizard

In the request body, specify the uuid, action and code parameters.

Step 1

Add a phone number for use with 2FA.

Request

Header parameters:

Authorization: Bearer <access_token>

Body:

uuid string required: The universally unique identifier (UUID) obtained after initializing a wizard for enabling 2FA.
phone string required: The phone number to which you want to receive verification codes via SMS.

POST[host]/api/v2/my/2fa/wizard

curl --location --request POST 'https://host.name/api/v2/my/2fa/wizard' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "phone": "+79994445561",
}'

Response

A response at this step includes the following data:

code integer

An HTTP code specifying the current step of a procedure of enabling 2FA:

HTTP code 200 for an intermediary step after which another page of a form used for enabling 2FA is displayed to a client
HTTP code 202 for a final wizard step signaling that 2FA was successfully enabled

data object

The details about a verification code required to confirm a specified phone number.

Show object fields

expiredAt string: The date and time when a verification code is due to expire.
sentAt string: The date and time when a verification code was sent to a specified phone number.
recipient object: The details about a verification code recipient.

done boolean

If true, 2FA was successfully enabled; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a procedure of enabling 2fA.

workflow string

A string value indicating the next step of a procedure of enabling 2FA.

    RESPONSE EXAMPLE — STEP 1
  
{
  "code": 200,
  "data": {
    "status": 0,
    "sent": 3,
    "expiredAt": "2022-12-28T13:00:58.000000Z",
    "sentAt": "2022-12-28T12:50:58.000000Z",
    "recipient": {
        "class": "B2B\\TCA\\Confirmations\\Recipients\\PhoneRecipient",
        "phone": "+79994445561",
        "template": "default",
        "data": null,
        "type": 2,
        "method": "phone"
    }
  },
  "done": false,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "phone"
}

Step 2

Confirm the phone number specified at Step 1 and enable 2FA with SMS.

Request

Header parameters:

Authorization: Bearer <access_token>

Body:

uuid string required: The universally unique identifier (UUID) obtained after initializing a wizard for enabling 2FA.
action string required: Specify code to indicate that a verification code is required to confirm a specified phone number.
code string required: The verification code sent to a specified phone number.

POST[host]/api/v2/my/2fa/wizard

curl --location --request POST 'https://host.name/api/v2/my/2fa/wizard' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "action": "code",
  "code": "84112",
}'

Response

A response at this step includes the following data:

code integer

An HTTP code specifying the current step of a procedure of enabling 2FA:

HTTP code 200 for an intermediary step after which another page of a form used for enabling 2FA is displayed to a client
HTTP code 202 for a final wizard step signaling that 2FA was successfully enabled

done boolean

If true, 2FA was successfully enabled; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a procedure of enabling 2fA.

workflow string

A string value indicating the final step of a procedure of enabling 2FA.

    RESPONSE EXAMPLE — STEP 2
  
{
  "code": 202,
  "data": [],
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "B2B\\TCA\\Wizards\\Workflow\\TerminateWorkflow"
}

Disable 2FA

After initializing a wizard for disabling 2FA, use this method to disable a selected 2FA method for a client.

Request

Header parameters:

Authorization: Bearer <access_token>

Request

Body:

uuid string required

The universally unique identifier (UUID) obtained after initializing a wizard for disabling 2FA.

action string required

Specify code to indicate that a verification code is required to disable 2FA.

code string required

The verification code from the Google Authenticator app if you disable 2FA with Google Authenticator.
The verification code delivered to a phone number via SMS if you disable 2FA with SMS.

POST[host]/api/v2/my/2fa/wizard

curl --location --request POST 'https://host.name/api/v2/my/2fa/wizard' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "action": "code",
  "code": "84112"
}'

Response

A response at this step includes the following data:

code integer

An HTTP code specifying the current step of a procedure of disabling 2FA:

HTTP code 200 for an intermediary step after which another page of a form used for disabling 2FA is displayed to a client
HTTP code 202 for a final wizard step signaling that 2FA was successfully disabled

done boolean

If true, 2FA was successfully disabled; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a procedure of disabling 2fA.

workflow string

A string value indicating the final step of a procedure of disabling 2FA.

    RESPONSE EXAMPLE
  
{
    "code": 202,
    "data": [],
    "done": true,
    "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
    "workflow": "B2B\\TCA\\Wizards\\Workflow\\TerminateWorkflow"
  }

Get 2FA change history

Use this method to obtain the log of 2FA-related changes made for a client.

Request

Header parameters:

Authorization: Bearer <access_token>

Query parameters:

The following filter parameters are available for this method:

isEnabled

If true, 2FA is enabled for a client; otherwise, false.

timeFrom

The start date and time of a period for which you want to get a log of 2FA changes.

timeTo

The end date and time of a period for which you want to get a log of 2FA changes.

provider

The method used to deliver 2FA codes to a client. Possible values:

google — codes from the Google Authenticator app are used for confirmation
sms — codes are delivered to a client phone number via SMS

The following sorting parameter is available for this method:

time: The date and time when changes were made.

Refer to the Query parameters section of the API Overview for details on applying filter and sorting parameters.

Path parameters:

clientId required: The client identifier.

GET[host]/api/v2/my/2fa/changes

curl --location -g --request GET 'https://host.name/api/v2/my/2fa/changes?limit=10&offset=0&sort_order=desc&sort_by=time&filter[isEnabled]=&filter[timeFrom]=2022-12-01T07:23:59%2B00:00&filter[timeTo]=2022-12-01T07:23:59%2B00:00&filter[provider]=sms' \
--header 'Authorization: Bearer <token>'

Response

A response includes an array of objects providing the following data about the 2FA-related changes matching the request parameters:

id integer

The identifier of a change record.

provider string

The method used to deliver 2FA codes to a client. Possible values:

google — codes from the Google Authenticator app are used for confirmation
sms — codes are delivered to a client phone number via SMS

isEnabled boolean

If true, 2FA with a given method is enabled for a client; otherwise, false.

time string or null

The date and time when a change was made.

    RESPONSE EXAMPLE
  
{
    "total": 1,
    "data": [
      {
        "id": 1,
        "provider": "sms",
        "isEnabled": false,
        "time": "2022-01-01T00:00:00+00:00"
      },
      {
        "id": 1,
        "provider": "sms",
        "isEnabled": false,
        "time": "2022-01-01T00:00:00+00:00"
      }
    ]
  }

Get 2FA change details

Use this method to get detailed information about a specific 2FA change record.

Request

Header parameters:

Authorization: Bearer <access_token>

Path parameters:

changeId required: The identifier of a change record.

GET[host]/api/v2/my/2fa/changes{changeId}

curl --location --request GET 'https://host.name/api/v2/my/2fa/changes/1?limit=10&offset=0' \
--header 'Authorization: Bearer <token>'

Response

A response includes the following data about a specified 2FA change record:

id integer

The identifier of a change record.

provider string

The method used to deliver 2FA codes to a client. Possible values:

google — codes from the Google Authenticator app are used for confirmation
sms — codes are delivered to a client phone number via SMS

isEnabled boolean

If true, 2FA with a given method is enabled for a client; otherwise, false.

time string or null

The date and time when a change was made.

    RESPONSE EXAMPLE
  
{
    "id": 1,
    "provider": "sms",
    "isEnabled": false,
    "time": "2022-01-01T00:00:00+00:00"
  }