# Multi-Factor Authentication
Protect your account with multi-factor authentication. Each time you sign in to your Radio Bridge console account, you'll need your password and verification code.
# Enable Two-Factor Authentication
# Obtain secure token to start the 2FA setup
POST /confirm-password-access
Example Request
curl --request POST 'https://console.radiobridge.com/api/visualization/v1/confirm-password-access' \
--header 'Organization: <organization id>' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
"password": "****"
}'
Request Parameters
| Property | Description |
|---|---|
| password | (required) Your current account password |
Example Response
422 Validation error
{
"message":"Please enter your current password to continue.",
"errors":{
"password":["Please enter your current password to continue."]
}
}
400 Invalid Password error
{
"message":"You have entered wrong password.",
"errors":{
"password":["You have entered wrong password."]
}
}
200 Successful authentication response
{
"status": true,
"message": "Confirm password success",
"token_2fa": ""
}
Response Parameter Description
| Property | Type | Description |
|---|---|---|
| status | boolean | True indicates successful response and false indicates failure response. |
| message | string | A message following the status of the API call indicating either a success or an error message. |
| errors | array | Returns the errors in the form of array |
| token_2fa | string | This token will be used in the next steps to enable 2FA. You need to send it in each request as token. |
# Generate 2FA QR code
In the next step, you have to scan the QR code through an authenticator app or browser extension. Then enter the 6-digit code that will be generated by the authenticator app.
POST /generate-qr-image
Example Request
curl --request POST 'https://console.radiobridge.com/api/visualization/v1/generate-qr-image' \
--header 'Organization: <organization id>' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
"token": "****"
}'
Request Parameters
| Property | Description |
|---|---|
| token | (required) Use the token_2fa received from the confirm password endpoint. Refer to point 2. |
Example Response
{
"qr_image":"",
"secret": ""
}
| Property | Type | Description |
|---|---|---|
| qr_image | string | QR image in svg format that needs to be scanned through the authenticator app. |
| secret | string | Secret key that user can use in case user is not able to scan the QR code using the authenticator app. |
# Verify the Authenticator code & Download recovery codes
Once user will add the 2FA code in the app, they will see the TOTP codes on their screen, They need to enter the 6-digit code from the authenticator app to enable the 2FA and download the recovery codes in the next step.
In case a user losses access to the Authenticator app due to any reason they can use these recovery codes as a second factor to recover the account. We advise to keep the recovery codes in a safe place.
POST /verify-two-factor-authentication
Example Request
curl --request POST 'https://console.radiobridge.com/api/visualization/v1/verify-two-factor-authentication' \
--header 'Organization: <organization id>' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
"token": "****",
"auth_type": "authenticator",
"google2fa_secret": "<Secret code received on QR code genrate api call>",
"one_time_password": "<TOTP Shown on Authenticator app>",
}'
Request Parameters
| Property | Description |
|---|---|
| token | (required) Use the token_2fa received from the confirm password endpoint. Refer to point 2. |
| auth_type | (required) Allowed values: authenticator |
| google2fa_secret | (required) Secret received from Scan the QR |
| one_time_password | (required) - The 6-digit number that is generated through the Google Authenticator app |
Validation error responses
{
"message": "Two-factor code verification failed. Please try again.",
"errors": {
"one_time_password": ["Two-factor code verification failed. Please try again."]
}
}
{
"message": "Please enter code from the app",
"errors": {
"one_time_password": ["Please enter code from the app"]
}
}
200 Success response
{
"status": true,
"recovery_codes": ["abc", "cde"]
}
| Property | Type | Description |
|---|---|---|
| status | boolean | True indicates successful response and false indicates error. |
| recovery_codes | array | List of security codes that will be used when user is unable to use authenticator app. |
# Final step - Enable Two-factor authentication
POST /complete-verification
Example Request
curl --request POST 'https://console.radiobridge.com/api/visualization/v1/verify-two-factor-authentication' \
--header 'Organization: <organization id>' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
"token": "****",
"auth_type": "authenticator",
"google2fa_secret": "<Secret code received on QR code genrate api call>"
}'
Request Parameters
| Property | Description |
|---|---|
| token | (required) Use the token_2fa received from the confirm password endpoint. Refer to point 2. |
| auth_type | (required) Allowed values: authenticator |
| google2fa_secret | (required) Secret received from Scan the QR |
Example Response
{
"status": true,
"message": "You have enabled two-factor authentication using authenticator app."
}
| Property | Type | Description |
|---|---|---|
| status | boolean | True indicates that 2FA has been enabled for user account. |
| message | string | A message following the status of the API call indicating either a success or an error message. |
# Disable the 2FA
- Obtain secure token using the confirm-password-access endpoint.
- Call the below endpoint to disable the 2FA
POST /disable-authentication
Example Request
curl --request POST 'https://console.radiobridge.com/api/visualization/v1//disable-authentication' \
--header 'Organization: <organization id>' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
"token": "****",
"auth_type": "authenticator"
}'
Request Parameters
| Property | Description |
|---|---|
| token | (required) Use the token_2fa received from the confirm password endpoint. Refer to point 2. |
| auth_type | (required) Allowed values: authenticator |
Example Response
{
"status": true,
"message": "Two-factor authentication has been disabled."
}