Master the Two-Factor Auth API in ioGates to enhance security through SMS verification, detailing the steps for initiating two-factor authentication, prompting for codes, and verifying user access.
Two-Factor Authentication Workflow
Two-factor authentication (2FA) in ioGates ensures an additional layer of security for accessing shared content. The process is designed to be straightforward, requiring verification only once per token/deviceId combination, utilizing SMS as the primary method.
Initiating Two-Factor Authentication
- Endpoint:
/api/apiauth/twofactorsms/{token}
- Method: GET
-
Authorisation: A Bearer token is required, which is obtained from the auth token API.
Example:Authorisation: Bearer 123-BodrEJHrC43KejPcM0nzTl05gUMi3i8ruzGN
- Functionality: This step triggers an SMS text message to the user's registered mobile number containing the 2FA code needed for verification.
Response Details
- HTTP Status 200
- message: Provides feedback on the initiation process.
- type: Indicates the 2FA method, which is currently set to SMS.
- auth_required: A boolean value that confirms whether 2FA is needed.
- expiry: The expiration date and time of the SMS 2FA code, formatted in ISO-8601.
Verifying Two-Factor Code
- Endpoint for Verification:
/api/apiauth/twofactorsms/{token}
- Method: GET
- Request Format: Form URL-encoded, including the
authcode
parameter, which is the 2FA code received via SMS.
Response to Verification
HTTP Status Codes:
200
: Code accepted.400
: Bad request, possibly due to a missing code.401
: Rejected due to the wrong code.403
: Rejection due to no pending codes, indicating possible expiry.404
: No codes available for verification.
Response JSON Body
message: Information on result
Enhancing Security with 2FA
Implementing 2FA via the ioGates API not only elevates the security of accessing shared files and folders but also assures users of a safe and secure environment for their digital content. By integrating this additional verification step, ioGates reinforces its commitment to providing a robust and secure platform for cloud-based file management and collaboration.