API Specifications for the MFA Log-in Mechanism

If you are configuring Ayla's Multi-Factor Authentication (MFA) for your web or mobile application, please ensure that the log-in mechanism is updated to support this authentication. To do this:

  1. Submit the username and password with the existing sign-in API as normally done (/users/sign_in.json).
  • If MFA is disabled, the log-in process is the same as usual.
  • If MFA is enabled, the user receives a response with the auth_code attribute and mfa_token, and is then redirected to a new page where the user is prompted to enter the auth_code attribute and mfa_token.
  1. Check the response from signing in:
  • If the response code is 401, the code entered is invalid. In this case, the user should start the sign-in process again.

NOTE

If the users have a third-party application, please make sure the applications are updated for MFA before configuring this authentication.

For your reference, following are API examples of the verification/log-in steps above: (Click each to expand the information.)

ClosedLogging in with a username and password when MFA is not enabled

Example

curl -X POST http(s)://<host_name>/users/sign_in.json -H 'Content-Type: application/json' -d '{"user":{"email":"my_user@email.com","password":"password@123","application":{"app_id":"my_app_id","app_secret":"my_app_secret"}}}'

Response Body

{

"access_token": "f33cb9b23a874a97a2185df34914bbd8",

"refresh_token": "26143efe513e4afabde68f5196b87601",

"expires_in": 86400,

"role": "Ayla::Admin",

"role_tags": []

}

ClosedLogging in with a username and password when MFA is enabled

Example

curl -X POST http(s)://<host_name>/users/sign_in.json -H 'Content-Type: application/json' -d '{"user":{"email":"my_user@email.com","password":"password@123","application":{"app_id":"my_app_id","app_secret":"my_app_secret"}}}'

Response Body

{

"auth_code": "f33cb9b23a874a97a2185df34914bbd8",

"is_mfa_enabled": true

}

ClosedAuthenticating the MFA token

Example

curl -X POST http(s)://<host_name>/users/authorize_multifactor_authentication.json -H 'Content-Type: application/json' -d '{"user":{"auth_code":"f33cb9b23a874a97a2185df34914bbd8","mfa_token":"123456"}}'

Response Body

{

"access_token": "f33cb9b23a874a97a2185df34914bbd8",

"refresh_token": "26143efe513e4afabde68f5196b87601",

"expires_in": 86400,

"role": "Ayla::Admin",

"role_tags": []

}

 

 

 

 

 

See also: Multi-Factor Auth tab.

Please click here to let us know how we're doing. Thank you.