# Use case

The **2FA Messaging API** lets you send time-sensitive authentication codes (2FA) to your users and verify the codes they enter. This ensures that only legitimate users can access your services.

**Key Roles**

* **UserService** – Your service or application that uses the API to authenticate users.
* **API** – The Bind 2FA Messaging API.
* **Recipient** – The end user of your mobile application who owns a valid phone number.

***

### Flow diagram

{% tabs %}
{% tab title="Simplified flow" %}

<figure><img src="https://1710642247-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSTYqSPgYZ3EediTRZzwK%2Fuploads%2F7hHQG3M18mij4F0vJSFE%2Fimage.png?alt=media&#x26;token=bc22117a-984a-43f1-8c52-a2e3e213d11c" alt="" width="375"><figcaption></figcaption></figure>
{% endtab %}

{% tab title="Flow diagram" %}

<figure><img src="https://1710642247-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSTYqSPgYZ3EediTRZzwK%2Fuploads%2F6C6HX6RlHRcpbEyfo9bR%2Fimage.png?alt=media&#x26;token=ef4c3f7b-2cc1-4d0b-8e24-24ffb72846e6" alt=""><figcaption></figcaption></figure>
{% endtab %}
{% endtabs %}

### How the 2FA Flow Works

**Step-by-Step Process**

1. **Recipient starts verification**\
   The Recipient opens your mobile application (**UserService**) and starts the 2FA verification process.
2. **UserService requests a 2FA code**\
   The **UserService** sends a request to the **API** using\
   `POST /api/v1.0/2fa/request`.
   * The **API** responds with a `request_id` that uniquely identifies this attempt.
   * Example response:

     ```json
     {
       "status": "ACCEPTED",
       "request_id": "uuid",
       "error_message": "OK"
     }
     ```
3. **API delivers the 2FA code**\
   The **API** generates and sends the 2FA code to the **Recipient** via SMS or another messaging channel.
4. **Recipient enters the code**\
   The **Recipient** types the received 2FA code into the **UserService** mobile interface.
5. **UserService validates the code**\
   The **UserService** calls\
   `POST /api/v1.0/2fa/validate`\
   with the entered code and the `request_id`.
   * Example request:

     ```json
     {
       "code": "123456",
       "request_id": "uuid"
     }
     ```
   * If the code is correct, the **API** responds:

     ```json
     {
       "verified": true,
       "status": "success"
     }
     ```
6. **Verification complete**\
   The **UserService** confirms that the **Recipient** has been successfully authenticated.

***

### What’s Next

You now understand how to authenticate users using the Bind 2FA Messaging API.\
Continue to the next section of the documentation to explore the API endpoints that support this flow.