Home B2Core API REST API The Front Office API Anti-phishing codes

Anti-phishing codes

Use these methods to manage anti-phishing codes.

Once set by a client, the anti-phishing code is included in the emails sent to the client from B2Core, helping them identify legitimate emails.

GET[host]/api/v2/my/anti-phishing-code

Get an anti-phishing code

POST[host]/api/v2/my/anti-phishing-code

Set an anti-phishing code

DELETE[host]/api/v2/my/anti-phishing-code/confirm

Remove an anti-phishing code

POST[host]/api/v2/my/anti-phishing-code/tfa

Choose a 2FA method

POST[host]/api/v2/my/anti-phishing-code/confirm

Confirm setting or removing an anti-phishing code

Get an anti-phishing code

Use this method to get the anti-phishing code that is set for the currently authenticated client.

Request

Header parameters:

  • Accept: application/json

  • Authorization: Bearer <access_token>

GET[host]/api/v2/my/anti-phishing-code

curl --location --request GET 'https://host.name/api/v2/my/anti-phishing-code' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <token>'

Response

code string

The anti-phishing code masked with asterisks.

RESPONSE EXAMPLE 
{
  "code": "2******1"
}

Set an anti-phishing code

Use this method to set an anti-phishing code for the currently authenticated client.

Request

Header parameters:

  • Content-Type: application/json

  • Accept: application/json

  • Authorization: Bearer <access_token>

Body:

code string required

The anti-phishing code.

POST[host]/api/v2/my/anti-phishing-code

curl --location --request POST 'https://host.name/api/v2/my/anti-phishing-code' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "code": "111111"
}'

Response

code integer

An HTTP code specifying the current step in a procedure of setting an anti-phishing code:

  • HTTP code 200 for an intermediary step after which another page of the form used to set an anti-phishing code is displayed to a client

  • HTTP code 202 for a final step signaling that an anti-phishing code was successfully set

data object or null

An array of objects specifying the 2FA methods available for a client:

Show object fields
name string

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • SMS — codes are delivered to a client phone number via SMS

caption string

The name of a 2FA method.

localizedCaption string

The localized name of a 2FA method.

isEnabled boolean

If true, a 2FA method is enabled for a client; otherwise, false.

done boolean

If true, an anti-phishing code was successfully set; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a procedure of setting an anti-phishing code for a client.

workflow string

A string value indicating the next step of a procedure of setting an anti-phishing code.

2fa — indicates that confirmation with a verification code is required.

RESPONSE EXAMPLE 
{
  "code": 200,
  "data": {
    "fa": [
        {
          "name": "google",
          "caption": "Google Authenticator",
          "localizedCaption": "Google Authenticator",
          "enabled": true
        },
        {
          "name": "sms",
          "caption": "SMS Confirmation",
          "localizedCaption": "SMS Confirmation",
          "enabled": true
        }        
    ]
  },
  "done": false,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "2fa"
}

Remove an anti-phishing code

Use this method to remove the anti-phishing code that was previously set for a client.

Request

Header parameters:

  • Accept: application/json

  • Authorization: Bearer <access_token>

DELETE[host]/api/v2/my/anti-phishing-code/confirm

curl --location --request DELETE 'https://host.name/api/v2/my/anti-phishing-code' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <token>'

Response

code integer

An HTTP code specifying the current step of a procedure of removing an anti-phishing code:

  • HTTP code 200 for an intermediary step after which another page of the form used to remove an anti-phishing code is displayed to a client

  • HTTP code 202 for a final step signaling that an anti-phishing code was successfully removed

data object or null

An array of objects specifying the 2FA methods available for a client:

Show object fields
name string

The method used to deliver 2FA codes to a client. Possible values:

  • google — codes from the Google Authenticator app are used for confirmation

  • SMS — codes are delivered to a client phone number via SMS

caption string

The name of a 2FA method.

localizedCaption string

The localized name of a 2FA method.

isEnabled boolean

If true, a 2FA method is enabled for a client; otherwise, false.

done boolean

If true, an anti-phishing code was successfully removed; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a procedure of removing an anti-phishing code.

workflow string

A string value indicating the next step of a procedure of removing an anti-phishing code.

2fa — indicates that confirmation with a verification code is required.

RESPONSE EXAMPLE 
{
    "code": 200,
    "data": {
      "fa": [
          {
            "name": "google",
            "caption": "Google Authenticator",
            "localizedCaption": "Google Authenticator",
            "enabled": true
          },
          {
            "name": "sms",
            "caption": "SMS Confirmation",
            "localizedCaption": "SMS Confirmation",
            "enabled": true
          }        
      ]
    },
    "done": false,
    "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
    "workflow": "2fa"
  }

Choose a 2FA method

Use this method to specify which 2FA method (the Google Authenticator app or SMS) should be used to confirm setting or removing an anti-phishing code if both 2FA methods are enabled for a client.

Request

Header parameters:

  • Content-Type: application/json

  • Accept: application/json

  • Authorization: Bearer <access_token>

Body:

code string required

The universally unique identifier (UUID) assigned to a procedure of setting or removing an anti-phishing code.

type string required

The 2FA method that you want to use. Possible values:

  • google — a code from the Google Authenticator app

  • sms — a code sent to a client phone number via SMS

POST[host]/api/v2/my/anti-phishing-code/tfa

curl --location --request POST 'https://host.name/api/v2/my/anti-phishing-code/tfa' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "type": "google"
}'

Response

code integer

An HTTP code specifying the current step of a procedure of setting or removing an anti-phishing code:

  • HTTP code 200 for an intermediary step after which another page of the form used to set or remove an anti-phishing code is displayed to a client

  • HTTP code 202 for a final step signaling that an anti-phishing code was successfully set or removed

data object or null

Always null.

done boolean

If true, an anti-phishing code was successfully set or removed; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a procedure of setting or removing an anti-phishing code.

workflow string

A string value indicating the next step of a procedure of setting or removing an anti-phishing code. Possible values:

  • 2fa_google_auth — confirmation with a code from the Google Authenticator app is required

  • 2fa_sms_auth — confirmation with an SMS code is required

RESPONSE EXAMPLE 
{
  "code": 202,
  "data": null,
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "2fa_google_auth"
}

Confirm setting or removing an anti-phishing code

Use this method to confirm a procedure of setting or removing an anti-phishing code by using the 2FA method that was previously chosen.

Request

Header parameters:

  • Content-Type: application/json

  • Accept: application/json

  • Authorization: Bearer <access_token>

Body:

code integer required

The code from the Google Authenticator app or SMS.

POST[host]/api/v2/my/anti-phishing-code/confirm

curl --location --request POST 'https://host.name/api/v2/my/anti-phishing-code/confirm' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "code": 213690
}'

Response

code integer

An HTTP code specifying the current step of a procedure of setting or removing an anti-phishing code:

  • HTTP code 200 for an intermediary step after which another page of the form used to set or remove an anti-phishing code is displayed to a client

  • HTTP code 202 for a final step signaling that an anti-phishing code was successfully set or removed

data object

Always null.

done boolean

If true, an anti-phishing code was successfully set or removed; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a procedure of setting or removing an anti-phishing code.

workflow string

A string value indicating the next step of a procedure of setting or removing an anti-phishing code.

RESPONSE EXAMPLE 
{
  "code": 202,
  "data": {},
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "B2B\\TCA\\Wizards\\Workflow\\TerminateWorkflow"
}