Two-Factor Authentication
Securing users account using 2FA
Set Pin
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/set_pin
This endpoint allows you to set your preferred pin.
Headers
Authorization
string
Format for Authorization is Bearer token_string
Request Body
pin
string
User's preferred 4 digits
Send OTP
POST
https://switch-api-staging.herokuapp.com/user/two_factor_auth/send_otp
This endpoint allows you to request OTP for your 2FA
Headers
Authorization
string
The format for Authorization is Bearer token_string
Verify Phone Number
POST
https://switch-api-staging.herokuapp.com/user/two_factor_auth/verify_phone
this endpoint allows you to request for verification of phone number for your 2FA
Headers
Authorization
string
The format for Authorization is Bearer token_string
Request Body
otp
string
six digits code
Set Preferred 2FA type
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/set_two_factor_auth
This endpoint allows you choose your preferred 2FA type for your account
Headers
Authorization
string
The format for Authorization is Bearer token_string
Request Body
new_two_fa_value
string
The otp for verification (if new_two_fa_type is google_authenticator and user.google_auth_set_up is false, i.e., the user has not set up google authenticator)
new_two_fa_type
string
The two_factor type the user is changing to. Can be either pin, phone or google_authenticator)
current_two_fa_value
string
The otp (if current_two_fa_type is phone or google_authenticator) or pin (if current_two_fa_type is pin). Required if the user has enabled his/her 2fa (i.e., if user.two_factor_authentication_enabled is true)
Update Pin
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/set_two_factor_auth
This endpoint allows you to update the user's pin.
Headers
Authorization
string
Format for Authorization is Bearer token_string
Request Body
new_two_fa_value
string
The new pin
new_two_fa_type
string
Must always be pin
current_two_fa_value
string
The user's current pin
Security Questions
GET
https://switchapi3.azurewebsites.net/user/two_factor_auth/security_questions
This endpoint retrieves all the security questions.
Headers
Authorization
string
The format for Authorization is Bearer token_string
Security Question
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/security_questions
This endpoint allows you to post the answer to a security question.
Headers
Authorization
string
The format for Authorization is Bearer token_string
Request Body
security_question_answers
array
Array of objects (maximum of 3 security questions per user). Each object must contain the question_id and answer keys.
Confirm email
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/confirm_email
This endpoint confirms the user email.
Request Body
confirm_email_token
string
The confirm_email_token sent to the user's mail.
Update password
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/update_password
This endpoint updates the users password.
Headers
Authorization
string
The format for Authorization is Bearer token
Request Body
old_password
string
The old password.
new_password
string
The new password.
Get User's Security Questions
GET
https://switchapi3.azurewebsites.net/user/two_factor_auth/user_security_questions
This endpoint retrieves the user's set security questions using the Authorization header, reset_password_token or reset_pin_token (listed in order of precedence).
Query Parameters
reset_pin_token
string
Token sent to the user's mail when resetting pin.
reset_password_token
string
Token sent to the user's mail when resetting password.
Headers
Authorization
string
Format is Bearer token.
Forgot Pin
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/forgot_pin
This endpoint triggers the sending of the pin-reset mail to the user.
Headers
Authorization
string
Format is Bearer token
Reset Pin
POST
https://switchapi3.azurewebsites.net/user/two_factor_auth/reset_pin
This endpoint is used for re-setting the user's pin (in the scenario that the user forgets his/her pin).
Request Body
reset_pin_token
string
The token from the reset-pin mail sent to the user.
security_question_id
string
The id of the security question.
security_question_answer
string
The answer to the security question.
pin
string
The new pin.
Last updated
Was this helpful?