Two-factor authentication

Use these methods to authenticate a client in the B2Core UI by following a 2FA authentication procedure.

Note

To authenticate a client, initialize the Sign In Wizard, and then use the method to sign in to the B2Core UI. Next, run the 2FA methods listed below to complete the authentication procedure.

POST[host]/api/v2/my/signin/2fa

Choose a 2FA method

POST[host]/api/v2/my/2fa/google

Authenticate with Google Authenticator

POST[host]/api/v2/my/2fa/sms

Authenticate with SMS

Use these methods to run 2FA procedures for authorized and unauthorized clients and obtain the success token required for performing certain operations (such as operations of changing or restoring client passwords).

GET[host]/api/v2/my/2fa/challenge

Initiate a 2FA procedure for an authorized client

GET[host]/api/v2/my/2fa/unauthorized/challenge

Initiate a 2FA procedure for an unauthorized client

POST[host]/api/v2/my/2fa/challenge

Complete the initiated 2FA procedure

Use these methods to check whether 2FA is enabled or disabled for a client and get data about 2FA methods.

GET[host]/api/v2/my/2fa

Check 2FA status

GET[host]/api/v2/my/2fa/{type}

Get 2FA method details

Use these methods to enable or disable 2FA for a client.

GET[host]/api/v2/my/2fa/{type}/enable/wizard

Initialize a wizard for enabling 2FA

GET[host]/api/v2/my/2fa/{type}/disable/wizard

Initialize a wizard for disabling 2FA

POST[host]/api/v2/my/2fa/wizard

Enable or disable 2FA

Use these methods to get the log of 2FA-related changes made to a client profile.

GET[host]/api/v2/my/2fa/changes

Get 2FA change history

GET[host]/api/v2/my/2fa/changes/{changeId}

Get 2FA change details

Choose a 2FA method

Use this method to specify which 2FA method (the Google Authenticator app or SMS codes) should be used for authentication in the B2Core UI if both 2FA methods are enabled for a client.

Request

Body:

uuid string required

The universally unique identifier (UUID) assigned to a client authentication session.

This identifier is obtained after initializing the Sign In Wizard.

type string required

The 2FA method to be used for authentication. Possible values:

  • google — a code from the Google Authenticator app

  • sms — a code sent to a client phone number via SMS

POST[host]/api/v2/my/signin/2fa

curl --location --request POST 'https://host.name/api/v2/my/signin/2fa' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "type": "google"
}'

Response

code integer

An HTTP code specifying the current step of an authentication process:

  • HTTP code 200 for an intermediary step after which another page of an authentication form is displayed to a client

  • HTTP code 202 for a final wizard step signaling that client authentication succeeded

data object or null

Always null.

done boolean

Always false, indicating that 2FA with a selected method must be completed.

uuid string

The universally unique identifier (UUID) assigned to a client authentication session.

workflow string

A string value indicating the next step of an authentication procedure. Possible values:

RESPONSE EXAMPLE
{
    "code": 200,
    "data": null,
    "done": false,
    "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
    "workflow": "2fa_google_auth"
  }

Use Google Authenticator to secure access to the B2Core UI

Use this method to authenticate a client in the B2Core UI using Google Authenticator.

Request

Body:

uuid string required

The universally unique identifier (UUID) assigned to a client authentication session.

code string required

The Google Authenticator code that is used to obtain the access token.

POST[host]/api/v2/my/2fa/google

curl --location --request POST 'https://host.name/api/v2/my/2fa/google' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "code": "123456"
}'

Response

code integer

An HTTP code specifying the current step of an authentication process:

  • HTTP code 200 for an intermediary step after which another page of an authentication form is displayed to a user

  • HTTP code 202 for a final wizard step signaling that user authentication succeeded

data object or null

The access token and refresh token data:

Show object fields
token string

The access or refresh token.

createdAt string

The date and time when a token was generated.

expiresAt string

The date and time when a token is due to expire.

done boolean

If true, authentication has succeeded; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a client authentication session.

workflow string

A string value indicating the next step of an authentication procedure.

RESPONSE EXAMPLE
{  
  "code": 202,
  "data": {
    "accessToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2022-01-01T00:00:00+00:00",
      "expiresAt": "2022-01-01T00:00:00+00:00"
    },
    "refreshToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2022-01-01T00:00:00+00:00",
      "expiresAt": "2022-01-01T00:00:00+00:00"
    }
  },
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "login",
}

Use an SMS code to secure access to the B2Core UI

Use this method to use an SMS code for client authentication in the B2Core UI.

Request

Body:

uuid string required

The universally unique identifier (UUID) assigned to a client authentication session.

code string required

The SMS code that is used to obtain the access token.

POST[host]/api/v2/my/2fa/sms

curl --location --request POST 'https://host.name/api/v2/my/2fa/sms' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "code": "123456"
}'

Response

code integer

An HTTP code specifying the current step of an authentication process:

  • HTTP code 200 for an intermediary step after which another page of an authentication form is displayed to a user

  • HTTP code 202 for a final wizard step signaling that user authentication succeeded

data object or null

The access token and refresh token data:

Show object fields
token string

The access or refresh token.

createdAt string

The date and time when a token was generated.

expiresAt string

The date and time when a token is due to expire.

done boolean

If true, authentication has succeeded; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a client authentication session.

workflow string

A string value indicating the next step of an authentication procedure.

RESPONSE EXAMPLE
{  
  "code": 202,
  "data": {
    "accessToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2022-01-01T00:00:00+00:00",
      "expiresAt": "2022-01-01T00:00:00+00:00"
    },
    "refreshToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2022-01-01T00:00:00+00:00",
      "expiresAt": "2022-01-01T00:00:00+00:00"
    }
  },
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "login"
}

Initiate a 2FA procedure for an authorized client

Use this method to initiate a 2FA procedure for an authorized client.

Request

Path parameters:

businessProcess required

The type of an operation for which confirmation with a 2FA code is required (such as changePassword).

GET[host]/api/v2/my/2fa/challenge

curl --location --request GET 'https://host.name/api/v2/my/2fa/challenge?businessProcess=changePassword' \
--header 'Authorization: Bearer <token>'

Response

A response contains the following data:

token string

The confirmation token required to complete the initiated 2FA procedure.

provider string

The method used to deliver a 2FA code. Always email.

expiresAt string

The date and time when the confirmation token and 2FA code are due to expire.

RESPONSE EXAMPLE
{
  "token": "893f59c2-5905-436c-8ee2-643c4a69555f",
  "provider": "email",
  "expiresAt": "2022-01-01T00:00:00+00:00" 
 }

Initiate a 2FA procedure for an unauthorized client

Use this method to initiate a 2FA procedure for a client who is not signed in to the B2Core UI.

Request

Header parameters:

  • Authorization: Bearer <token>

Path parameters:

businessProcess required

The type of an operation for which confirmation with a 2FA code is required (such as restorePassword).

email required

The client email address.

GET[host]/api/v2/my/2fa/unauthorized/challenge

curl --location --request GET 'https://host.name/api/v2/my/2fa/unauthorized/challenge?businessProcess=restorePassword&email=example@gmail.com' \
--header 'Authorization: Bearer <token>'

Response

A response contains the following data:

token string

The confirmation token required to complete the initiated 2FA procedure.

provider string

The method used to deliver a 2FA code. Always email.

expiresAt string

The date and time when the confirmation token and 2FA code are due to expire.

RESPONSE EXAMPLE
{
    "token": "b2fcf999-2b0b-451d-9888-094a79117aa5",
    "provider": "email",
    "expiresAt": "2022-01-01T00:00:00+00:00"
  }

Complete the initiated 2FA procedure

Use this method to complete the initiated 2FA procedure and obtain the success token required for performing certain operations (such as a password change operation or password recovery operation).

Request

Body:

token string required

The confirmation token obtained after a 2FA procedure has been initiated for an authorized or unauthorized client.

code string required

The 2FA code delivered to a client email address.

POST[host]/api/v2/my/2fa/challenge

curl --location --request POST 'https://host.name/api/v2/my/2fa/challenge' \
--header 'Authorization: Bearer <token>'
--data-raw '{
  "token": "893f59c2-5905-436c-8ee2-643c4a69555f"
  "code": "57448"
}'

Response

A response contains the following data:

successToken string

The success token.

expiresAt string

The date and time when the success token is due to expire.

RESPONSE EXAMPLE
{
  "token": "3929dfe8-161a-428c-9c71-fde728fe7285",
  "expiresAt": "2022-01-01T00:00:00+00:00" 
 }

Check 2FA status

Use this method to check whether 2FA is enabled or disabled for the currently authenticated client.

Request

Header parameters:

  • Authorization: Bearer <access_token>

GET[host]/api/v2/my/2fa

curl --location --request GET 'https://host.name/api/v2/my/2fa?limit=10&offset=0' \
--header 'Authorization: Bearer <token>'

Response

A response contains an array of objects providing the following data about available 2FA methods:

caption string

The name of a 2FA method.

isEnabled boolean

If true, 2FA with a given method is enabled for a client; otherwise, false.

name string

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • SMS — codes are delivered to a client phone number via SMS

RESPONSE EXAMPLE
{
    "total": 2,
    "data": [
      {
        "caption": "SMS Confirmation",
        "isEnabled": true,
        "name": "sms"
      },
      {
        "caption": "Google Authenticator",
        "isEnabled": false,
        "name": "google"
      }
    ]
  }

Get 2FA method details

Use this method to check whether a specific 2FA method is enabled or disabled for the currently authenticated client.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Path parameters:

type required

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • sms — codes are delivered to a client phone number via SMS

GET[host]/api/v2/my/2fa/{type}

curl --location --request GET 'https://host.name/api/v2/my/2fa/google?limit=10&offset=0' \
--header 'Authorization: Bearer <token>'

Response

A response includes the following data about a specified 2FA method:

caption string

The name of a 2FA method.

isEnabled boolean

If true, 2FA with a given method is enabled for a client; otherwise, false.

name string

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • sms — codes are delivered to a client phone number via SMS

RESPONSE EXAMPLE
{
    "caption": "Google Authenticator",
    "isEnabled": false,
    "name": "google"
  }

Initialize a wizard for enabling 2FA

To enable 2FA for a client, initialize a wizard for enabling 2FA, and then enable a selected 2FA method.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Path parameters:

type required

The 2FA method that you want to enable for a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • sms — codes are delivered to a client phone number via SMS

GET[host]/api/v2/my/2fa/{type}/enable/wizard

curl --location --request GET 'https://host.name/api/v2/my/2fa/google/enable/wizard' \
--header 'Authorization: Bearer <token>'

Response

code integer

An HTTP code specifying the current step of a procedure of enabling 2FA:

  • HTTP code 200 for an intermediary step after which another page of a form used to enable 2FA is displayed to a client

  • HTTP code 202 for a final wizard step signaling that 2FA was successfully enabled

key string

A security key required for enabling 2FA with the Google Authenticator app.

done boolean
  • If true, 2FA was successfully enabled.

  • If false, confirmation with a verification code is required to enable 2FA.

uuid string

The universally unique identifier (UUID) assigned to a procedure of enabling 2FA.

workflow string

A string value indicating the next step of a procedure of enabling 2FA:

RESPONSE EXAMPLE
{
  "code": 200,
  "data": {
    "key": "TPYXG33M4LOHFJHB"
  },
  "done": false,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "2fa_google"
}
{
  "code": 200,
  "data": null,
  "done": false,
  "uuid": "c392816d-255f-48b0-a2b4-b315c30816a5",
  "workflow": "2fa_sms_phone_create"
}

Initialize a wizard for disabling 2FA

To disable 2FA for a client, initialize a wizard for disabling 2FA, and then disable a selected 2FA method.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Path parameters:

type required

The 2FA method that you want to disable for a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • sms — codes are delivered to a client phone number via SMS

GET[host]/api/v2/my/2fa/{type}/disable/wizard

curl --location --request GET 'https://host.name/api/v2/my/2fa/google/disable/wizard' \
--header 'Authorization: Bearer <token>'

Response

code integer

An HTTP code specifying the current step of a procedure of disabling 2FA:

  • HTTP code 200 for an intermediary step after which another page of a form used for disabling 2FA is displayed to a client

  • HTTP code 202 for a final wizard step signaling that 2FA was successfully disabled

done boolean

  • If true, 2FA was successfully disabled.

  • If false, confirmation with a verification code is required to disable 2FA.

uuid string

The universally unique identifier (UUID) assigned to a procedure of disabling 2FA.

workflow string

A string value indicating the next step of a procedure of disabling 2FA.

RESPONSE EXAMPLE
{
  "code": 200,
  "data": null,
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "2fa_google"
}

Next, use the method to disable 2FA.

Enable or disable 2FA

Use the methods described below to enable or disable 2FA for the currently authenticated client after a corresponding wizard for enabling or disabling 2FA has been initialized.

Enable 2FA with Google Authenticator

After initializing a wizard for enabling 2FA, use this method to enable 2FA with the Google Authenticator app.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Request

Body:

uuid string required

The universally unique identifier (UUID) obtained after initializing a wizard for enabling 2FA.

action string required

Specify code to indicate that a verification code is required to enable 2FA.

code string required

The verification code from the Google Authenticator app.

key string required

The security code obtained after initializing a wizard for enabling 2FA.

POST[host]/api/v2/my/2fa/wizard

curl --location --request POST 'https://host.name/api/v2/my/2fa/wizard' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "action": "code",
  "code": "84112",
  "key": "TPYXG33M4LOHFJHB"
}'

Response

code integer

An HTTP code specifying the current step of a procedure of enabling 2FA:

  • HTTP code 200 for an intermediary step after which another page of a form used for enabling 2FA is displayed to a client

  • HTTP code 202 for a final wizard step signaling that 2FA was successfully enabled

done boolean

If true, 2FA was successfully enabled; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a procedure of enabling 2FA.

workflow string

A string value indicating the final step of a procedure of enabling 2FA.

RESPONSE EXAMPLE
{
    "code": 202,
    "data": [],
    "done": true,
    "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
    "workflow": "B2B\\TCA\\Wizards\\Workflow\\TerminateWorkflow"
  }

Enable 2FA with SMS

After initializing a wizard for enabling 2FA, enable 2FA with SMS by doing the following:

  1. Add a phone number for use with 2FA, by sending the following request:

POST[host]/api/v2/my/2fa/wizard

In the request body, specify the uuid and phone parameters.

  1. Confirm the specified phone number and enable 2FA by sending the same request:

POST[host]/api/v2/my/2fa/wizard

In the request body, specify the uuid, action and code parameters.

Step 1

Add a phone number for use with 2FA.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Body:

uuid string required

The universally unique identifier (UUID) obtained after initializing a wizard for enabling 2FA.

phone string required

The phone number to which you want to receive verification codes via SMS.

POST[host]/api/v2/my/2fa/wizard

curl --location --request POST 'https://host.name/api/v2/my/2fa/wizard' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "phone": "+79994445561",
}'

Response

A response at this step includes the following data:

code integer

An HTTP code specifying the current step of a procedure of enabling 2FA:

  • HTTP code 200 for an intermediary step after which another page of a form used for enabling 2FA is displayed to a client

  • HTTP code 202 for a final wizard step signaling that 2FA was successfully enabled

data object

The details about a verification code required to confirm a specified phone number.

Show object fields
expiredAt string

The date and time when a verification code is due to expire.

sentAt string

The date and time when a verification code was sent to a specified phone number.

recipient object

The details about a verification code recipient.

done boolean

If true, 2FA was successfully enabled; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a procedure of enabling 2fA.

workflow string

A string value indicating the next step of a procedure of enabling 2FA.

RESPONSE EXAMPLE — STEP 1
{
  "code": 200,
  "data": {
    "status": 0,
    "sent": 3,
    "expiredAt": "2022-12-28T13:00:58.000000Z",
    "sentAt": "2022-12-28T12:50:58.000000Z",
    "recipient": {
        "class": "B2B\\TCA\\Confirmations\\Recipients\\PhoneRecipient",
        "phone": "+79994445561",
        "template": "default",
        "data": null,
        "type": 2,
        "method": "phone"
    }
  },
  "done": false,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "phone"
}

Step 2

Confirm the phone number specified at Step 1 and enable 2FA with SMS.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Body:

uuid string required

The universally unique identifier (UUID) obtained after initializing a wizard for enabling 2FA.

action string required

Specify code to indicate that a verification code is required to confirm a specified phone number.

code string required

The verification code sent to a specified phone number.

POST[host]/api/v2/my/2fa/wizard

curl --location --request POST 'https://host.name/api/v2/my/2fa/wizard' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "action": "code",
  "code": "84112",
}'

Response

A response at this step includes the following data:

code integer

An HTTP code specifying the current step of a procedure of enabling 2FA:

  • HTTP code 200 for an intermediary step after which another page of a form used for enabling 2FA is displayed to a client

  • HTTP code 202 for a final wizard step signaling that 2FA was successfully enabled

done boolean

If true, 2FA was successfully enabled; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a procedure of enabling 2fA.

workflow string

A string value indicating the final step of a procedure of enabling 2FA.

RESPONSE EXAMPLE — STEP 2
{
  "code": 202,
  "data": [],
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "B2B\\TCA\\Wizards\\Workflow\\TerminateWorkflow"
}

Disable 2FA

After initializing a wizard for disabling 2FA, use this method to disable a selected 2FA method for a client.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Request

Body:

uuid string required

The universally unique identifier (UUID) obtained after initializing a wizard for disabling 2FA.

action string required

Specify code to indicate that a verification code is required to disable 2FA.

code string required
  • The verification code from the Google Authenticator app if you disable 2FA with Google Authenticator.

  • The verification code delivered to a phone number via SMS if you disable 2FA with SMS.

POST[host]/api/v2/my/2fa/wizard

curl --location --request POST 'https://host.name/api/v2/my/2fa/wizard' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "action": "code",
  "code": "84112"
}'

Response

A response at this step includes the following data:

code integer

An HTTP code specifying the current step of a procedure of disabling 2FA:

  • HTTP code 200 for an intermediary step after which another page of a form used for disabling 2FA is displayed to a client

  • HTTP code 202 for a final wizard step signaling that 2FA was successfully disabled

done boolean

If true, 2FA was successfully disabled; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a procedure of disabling 2fA.

workflow string

A string value indicating the final step of a procedure of disabling 2FA.

RESPONSE EXAMPLE
{
    "code": 202,
    "data": [],
    "done": true,
    "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
    "workflow": "B2B\\TCA\\Wizards\\Workflow\\TerminateWorkflow"
  }

Get 2FA change history

Use this method to obtain the log of 2FA-related changes made for a client.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Query parameters:

The following filter parameters are available for this method:

isEnabled

If true, 2FA is enabled for a client; otherwise, false.

timeFrom

The start date and time of a period for which you want to get a log of 2FA changes.

timeTo

The end date and time of a period for which you want to get a log of 2FA changes.

provider

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • sms — codes are delivered to a client phone number via SMS

The following sorting parameter is available for this method:

time

The date and time when changes were made.

Refer to the Query parameters section of the API Overview for details on applying filter and sorting parameters.

Path parameters:

clientId required

The client identifier.

GET[host]/api/v2/my/2fa/changes

curl --location -g --request GET 'https://host.name/api/v2/my/2fa/changes?limit=10&offset=0&sort_order=desc&sort_by=time&filter[isEnabled]=&filter[timeFrom]=2022-12-01T07:23:59%2B00:00&filter[timeTo]=2022-12-01T07:23:59%2B00:00&filter[provider]=sms' \
--header 'Authorization: Bearer <token>'

Response

A response includes an array of objects providing the following data about the 2FA-related changes matching the request parameters:

id integer

The identifier of a change record.

provider string

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • sms — codes are delivered to a client phone number via SMS

isEnabled boolean

If true, 2FA with a given method is enabled for a client; otherwise, false.

time string or null

The date and time when a change was made.

RESPONSE EXAMPLE
{
    "total": 1,
    "data": [
      {
        "id": 1,
        "provider": "sms",
        "isEnabled": false,
        "time": "2022-01-01T00:00:00+00:00"
      },
      {
        "id": 1,
        "provider": "sms",
        "isEnabled": false,
        "time": "2022-01-01T00:00:00+00:00"
      }
    ]
  }

Get 2FA change details

Use this method to get detailed information about a specific 2FA change record.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Path parameters:

changeId required

The identifier of a change record.

GET[host]/api/v2/my/2fa/changes{changeId}

curl --location --request GET 'https://host.name/api/v2/my/2fa/changes/1?limit=10&offset=0' \
--header 'Authorization: Bearer <token>'

Response

A response includes the following data about a specified 2FA change record:

id integer

The identifier of a change record.

provider string

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • sms — codes are delivered to a client phone number via SMS

isEnabled boolean

If true, 2FA with a given method is enabled for a client; otherwise, false.

time string or null

The date and time when a change was made.

RESPONSE EXAMPLE
{
    "id": 1,
    "provider": "sms",
    "isEnabled": false,
    "time": "2022-01-01T00:00:00+00:00"
  }