Connect to Netevia Banking Services API
API Reference

SetUp Common Multi-Factor Secret

post https://api.banking.netevia.dev/settings/MfaSecret

API Method: POST /settings/MfaSecret

Description:

This API method is used to set up a shared secret for Multi-Factor Authentication (MFA) in a banking application. The secret is a unique key that the user will use in combination with an MFA method, such as an authenticator app (e.g., Google Authenticator or Authy), to generate time-based one-time passwords (TOTP). The secret is typically required when initially configuring MFA, allowing the user to scan a QR code or manually enter the secret into their authenticator app.

Endpoint:

POST /settings/MfaSecret

Functionality:

  • Purpose: Establishes a common MFA secret that will be used to generate one-time passwords (OTPs) for secure authentication during sign-in or sensitive actions.
  • User Flow: When a user enables MFA and chooses to use an authenticator app, this API generates the secret that the app will use to generate OTPs. The user can then scan a QR code or manually input the secret to finalize the setup.

Request Headers:

  • Authorization: Bearer token required to authenticate the user and authorize the setup of MFA.
  • Content-Type: application/json

Response:

  • 200 OK: Returns a JSON object containing the MFA secret and possibly a QR code URL for the user to scan. The secret is a key the user will enter into their authenticator app to generate TOTP codes.

  • 400 Bad Request: If the request contains an invalid mfaMethod or other missing or invalid fields.

  • 401 Unauthorized: If the bearer token is invalid or expired, indicating that the user is not authenticated.

  • 500 Internal Server Error: If there is an issue generating the MFA secret due to a server-side error.

Notes:

  • Authenticator Setup: The secret is required to configure an authenticator app like Google Authenticator or Authy. The user can either enter the secret manually or scan a QR code to complete the setup.
  • Security: The MFA secret should be stored securely and never shared, as it is used to generate time-sensitive codes for authenticating the user.
  • Time-based One-Time Passwords (TOTP): The secret will be used to generate TOTP codes, which expire after a short duration (usually 30 seconds). These codes are entered during login or other secure actions.
Language
Credentials
Bearer
JWT
Click Try It! to start a request and see the response here!