Use case

The 2FA Messaging API lets you send time-sensitive authentication codes (2FA) to your users and verify the codes they enter. This ensures that only legitimate users can access your services.

Key Roles

• UserService – Your service or application that uses the API to authenticate users.

• API – The Bind 2FA Messaging API.

• Recipient – The end user of your mobile application who owns a valid phone number.

Flow diagram

Simplified flow

Flow diagram

How the 2FA Flow Works

Step-by-Step Process

1. Recipient starts verification The Recipient opens your mobile application (UserService) and starts the 2FA verification process.

2. UserService requests a 2FA code The UserService sends a request to the API using POST /api/v1.0/2fa/request.

   • The API responds with a request_id that uniquely identifies this attempt.

   • Example response:

     Copy

     {
       "status": "ACCEPTED",
       "request_id": "uuid",
       "error_message": "OK"
     }

3. API delivers the 2FA code The API generates and sends the 2FA code to the Recipient via SMS or another messaging channel.

4. Recipient enters the code The Recipient types the received 2FA code into the UserService mobile interface.

5. UserService validates the code The UserService calls POST /api/v1.0/2fa/validate with the entered code and the request_id.

   • Example request:

     Copy

     {
       "code": "123456",
       "request_id": "uuid"
     }

   • If the code is correct, the API responds:

     Copy

     {
       "verified": true,
       "status": "success"
     }

6. Verification complete The UserService confirms that the Recipient has been successfully authenticated.

What’s Next

You now understand how to authenticate users using the Bind 2FA Messaging API. Continue to the next section of the documentation to explore the API endpoints that support this flow.