Two-Factor Authentication
Securing users account using 2FA
STAGING_URL: https://switchapi3.azurewebsites.net
LIVE_URL: https://switchapi.azurewebsites.net
Set Pin
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/set_pin
This endpoint allows you to set your preferred pin.
Headers
Authorization
string
Format for Authorization is Bearer token_string
Request Body
pin
string
User's preferred 4 digits
{
"message": "PIN IS SET",
"data": []
}
Send OTP
POST
https://switch-api-staging.herokuapp.com/user/two_factor_auth/send_otp
This endpoint allows you to request OTP for your 2FA
Headers
Authorization
string
The format for Authorization is Bearer token_string
{
"message": "OTP SENT",
"data": []
}
Verify Phone Number
POST
https://switch-api-staging.herokuapp.com/user/two_factor_auth/verify_phone
this endpoint allows you to request for verification of phone number for your 2FA
Headers
Authorization
string
The format for Authorization is Bearer token_string
Request Body
otp
string
six digits code
{
"message": "Phone verified",
"data": []
}
Set Preferred 2FA type
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/set_two_factor_auth
This endpoint allows you choose your preferred 2FA type for your account
Headers
Authorization
string
The format for Authorization is Bearer token_string
Request Body
new_two_fa_value
string
The otp for verification (if new_two_fa_type is google_authenticator and user.google_auth_set_up is false, i.e., the user has not set up google authenticator)
new_two_fa_type
string
The two_factor type the user is changing to. Can be either pin, phone or google_authenticator)
current_two_fa_value
string
The otp (if current_two_fa_type is phone or google_authenticator) or pin (if current_two_fa_type is pin). Required if the user has enabled his/her 2fa (i.e., if user.two_factor_authentication_enabled is true)
{
"message": "Two Factor Authentication type is set to: phone",
"data": []
}
Update Pin
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/set_two_factor_auth
This endpoint allows you to update the user's pin.
Headers
Authorization
string
Format for Authorization is Bearer token_string
Request Body
new_two_fa_value
string
The new pin
new_two_fa_type
string
Must always be pin
current_two_fa_value
string
The user's current pin
{
"message": "Pin Updated Successfully",
"data": []
}
Security Questions
GET
https://switchapi3.azurewebsites.net/user/two_factor_auth/security_questions
This endpoint retrieves all the security questions.
Headers
Authorization
string
The format for Authorization is Bearer token_string
{
"message": "Security questions retrieved successfully",
"data": [
{
"id": 1,
"name": "What is your favorite color?"
},
{
"id": 2,
"name": "What is your first car?"
},
{
"id": 3,
"name": "What is your mother's maiden name?"
}
]
}
Security Question
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/security_questions
This endpoint allows you to post the answer to a security question.
Headers
Authorization
string
The format for Authorization is Bearer token_string
Request Body
security_question_answers
array
Array of objects (maximum of 3 security questions per user). Each object must contain the question_id and answer keys.
{
"message": "Security question(s) have been set"
}
Confirm email
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/confirm_email
This endpoint confirms the user email.
Request Body
confirm_email_token
string
The confirm_email_token sent to the user's mail.
{
"message": "Email confirmed"
}
Update password
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/update_password
This endpoint updates the users password.
Headers
Authorization
string
The format for Authorization is Bearer token
Request Body
old_password
string
The old password.
new_password
string
The new password.
Get User's Security Questions
GET
https://switchapi3.azurewebsites.net/user/two_factor_auth/user_security_questions
This endpoint retrieves the user's set security questions using the Authorization header, reset_password_token or reset_pin_token (listed in order of precedence).
Query Parameters
reset_pin_token
string
Token sent to the user's mail when resetting pin.
reset_password_token
string
Token sent to the user's mail when resetting password.
Headers
Authorization
string
Format is Bearer token.
{
"message": "User's set security questions retrieved successfully",
"data": [
{
"id": "1",
"name": "What is your mother's maiden name?"
},
{
"id": "2",
"name": "What is your first car?"
},
{
"id": "3",
"name": "What is your favorite color?"
}
]
}
Forgot Pin
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/forgot_pin
This endpoint triggers the sending of the pin-reset mail to the user.
Headers
Authorization
string
Format is Bearer token
{
"message": "A reset-pin email has been sent to your mail"
}
Reset Pin
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/reset_pin
This endpoint is used for re-setting the user's pin (in the scenario that the user forgets his/her pin).
Request Body
reset_pin_token
string
The token from the reset-pin mail sent to the user.
security_question_id
string
The id of the security question.
security_question_answer
string
The answer to the security question.
pin
string
The new pin.
{
"message": "Pin reset successfully"
}
Last updated
Was this helpful?