delete https://api.banking.netevia.dev/settings/MfaSignIn
API Method: DELETE /settings/MfaSignIn
DELETE /settings/MfaSignIn
Description:
This API method disables Multi-Factor Authentication (MFA) for signing into a user's account. Once MFA is turned off, the user will only need to provide their password to log in, eliminating the need for a second authentication step such as an SMS code, email code, or authenticator app.
Endpoint:
DELETE /settings/MfaSignIn
Functionality:
- Purpose: Deactivates Multi-Factor Authentication, removing the extra layer of security for the user's login process. This reverts the sign-in flow back to single-factor authentication (password only).
- User Flow: When a user no longer wants to use MFA for signing in, this API is called to disable it. After successful deactivation, future sign-ins will only require a password.
Request Headers:
- Authorization: Bearer token required to authenticate the user and authorize the operation.
- Content-Type:
application/json
Request Body:
- This endpoint does not typically require a request body, as it only disables MFA for sign-in. The bearer token is sufficient to identify the user and disable MFA for their account.
Response:
-
200 OK: Indicates that MFA has been successfully turned off. A JSON object confirms that MFA is no longer active.
-
401 Unauthorized: If the bearer token is invalid or expired, indicating that the user is not authenticated.
-
500 Internal Server Error: If there is an issue disabling MFA due to a server-side error.
Notes:
- Security Considerations: Disabling MFA reduces the security of the user's account, so this action should only be performed if the user is certain that they no longer need the extra protection.
- Single-Factor Authentication: Once MFA is disabled, the account will revert to single-factor authentication (password only), which makes it more vulnerable to unauthorized access.
- This endpoint is typically available in the account security or settings section where users manage their authentication preferences.