This API method is used to enable Multi-Factor Authentication (MFA) for signing into a user's account. By activating MFA, the user adds an additional layer of security to the login process, requiring not only a password but also a second factor (e.g., a one-time code sent via SMS, email, or an authenticator app) to access their account.
API Method: POST /settings/MfaSignIn
POST /settings/MfaSignInEndpoint:
POST /settings/MfaSignIn
Functionality:
- Purpose: Activates Multi-Factor Authentication for user sign-ins, enhancing security by requiring both a password and a second authentication method during login.
- User Flow: When a user opts to enable MFA, this API is called to set MFA as a requirement for future sign-ins. Once activated, the user must complete the MFA process whenever they log in to their account.
Request Headers:
- Authorization: Bearer token required to authenticate the user and authorize the operation.
- Content-Type:
application/json
Response:
-
200 OK: Indicates that MFA has been successfully enabled. A JSON object may confirm the activation and provide additional information, such as the method enabled.
-
400 Bad Request: If there is an issue with the request, such as an invalid
mfaMethodor missing required fields (e.g.,phoneNumberforsmsmethod). -
401 Unauthorized: If the bearer token is invalid or expired, indicating that the user is not authenticated.
-
500 Internal Server Error: If there is an issue enabling MFA due to a server-side error.
Notes:
- MFA Methods: Ensure the
mfaMethodparameter matches the available MFA methods supported by the API (sms,email, orauthenticator). - Phone Number or Email: If
smsoremailis the chosen MFA method, provide a valid phone number or email address. - Once enabled, the user will be required to complete MFA upon each login attempt, which significantly enhances account security.
- This endpoint is typically part of the account settings section where users manage their security preferences.