# Use case

The **2FA Messaging API** lets you send time-sensitive authentication codes (2FA) to your users and verify the codes they enter. This ensures that only legitimate users can access your services.

**Key Roles**

* **UserService** – Your service or application that uses the API to authenticate users.
* **API** – The Bind 2FA Messaging API.
* **Recipient** – The end user of your mobile application who owns a valid phone number.

***

### Flow diagram

{% tabs %}
{% tab title="Simplified flow" %}

<figure><img src="https://1710642247-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSTYqSPgYZ3EediTRZzwK%2Fuploads%2F7hHQG3M18mij4F0vJSFE%2Fimage.png?alt=media&#x26;token=bc22117a-984a-43f1-8c52-a2e3e213d11c" alt="" width="375"><figcaption></figcaption></figure>
{% endtab %}

{% tab title="Flow diagram" %}

<figure><img src="https://1710642247-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSTYqSPgYZ3EediTRZzwK%2Fuploads%2F6C6HX6RlHRcpbEyfo9bR%2Fimage.png?alt=media&#x26;token=ef4c3f7b-2cc1-4d0b-8e24-24ffb72846e6" alt=""><figcaption></figcaption></figure>
{% endtab %}
{% endtabs %}

### How the 2FA Flow Works

**Step-by-Step Process**

1. **Recipient starts verification**\
   The Recipient opens your mobile application (**UserService**) and starts the 2FA verification process.
2. **UserService requests a 2FA code**\
   The **UserService** sends a request to the **API** using\
   `POST /api/v1.0/2fa/request`.
   * The **API** responds with a `request_id` that uniquely identifies this attempt.
   * Example response:

     ```json
     {
       "status": "ACCEPTED",
       "request_id": "uuid",
       "error_message": "OK"
     }
     ```
3. **API delivers the 2FA code**\
   The **API** generates and sends the 2FA code to the **Recipient** via SMS or another messaging channel.
4. **Recipient enters the code**\
   The **Recipient** types the received 2FA code into the **UserService** mobile interface.
5. **UserService validates the code**\
   The **UserService** calls\
   `POST /api/v1.0/2fa/validate`\
   with the entered code and the `request_id`.
   * Example request:

     ```json
     {
       "code": "123456",
       "request_id": "uuid"
     }
     ```
   * If the code is correct, the **API** responds:

     ```json
     {
       "verified": true,
       "status": "success"
     }
     ```
6. **Verification complete**\
   The **UserService** confirms that the **Recipient** has been successfully authenticated.

***

### What’s Next

You now understand how to authenticate users using the Bind 2FA Messaging API.\
Continue to the next section of the documentation to explore the API endpoints that support this flow.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://api.bind.hr/2fa-messaging-api/use-case.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.