TFA User Authentication Flow

The purpose of using a 2FA method is to authenticate the user with an external method.

The TFA API uses existing communication applications like Telegram to exchange the 2FA codes with the end-user.

The flow to enable and use TFA for 2FA in your application is the following:

  • From your internal process a user is created
  • To activate the TFA your application should make a request to 'Set User' with your user id and authentication method on the TFA side, currently, only 'telegram' is supported
  • The response includes a link and a QR code. Use one or both to allow the user to open, let's say Telegram
  • The end-user open the Telegram application from the link or QR code and will receive a 2FA code
  • Your application should collect that code and call 'Validate Code' to confirm its validity, in case it is invalid a call to 'Resend Code' will deliver a new code to the end-user
  • In case the code is valid, you can activate the 2FA for that end-user

Example of SecurifyBot after the user clicks on the Telegram link or opens the QR code and confirms the Telegram ID by pressing 'START':

14151415

To validate additional operations after the TFA is active, your application should:

  • Call 'Resend Code' to send a new code to the end-user
  • Your application should collect that code and call 'Validate Code' to confirm its validity, in case it is invalid a call to 'Resend Code' will deliver a new code to the end-user