{"_id":"5620f184b244890d001868e0","__v":13,"parentDoc":null,"project":"54eb50e5615ffc1900305a16","user":"54eb4fdedf7add210007b29b","version":{"_id":"54eb63b859b1172100334fae","project":"54eb50e5615ffc1900305a16","forked_from":"54eb63a1867e1917009b711d","__v":28,"createdAt":"2015-02-23T17:30:32.501Z","releaseDate":"2015-02-23T17:30:32.501Z","categories":["54eb63b959b1172100334faf","54eb63b959b1172100334fb0","54eb63b959b1172100334fb1","54eb63b959b1172100334fb2","54ed8dd4ab373e2300f50eae","54ed99b2ab373e2300f50ede","55153a6de68daa2f00cff838","551546edbc466623002afe72","5515472ac28d6125001b8884","55154749c28d6125001b8885","555d9b4106dfec0d00d38ea7","5613e06e433e5735007c7708","5624bbb785a31117001c5403","56669e857cc81e0d00253f8e","568b8d837a42220d00498311","56a632277ef6620d00e2f18a","56d8147c3eb4dd0b00201aac","57a9ce2fac6db30e000d7efd","57a9cf4e944ea60e00dc3f74","58172386715dce0f00da4aa0","582dc59ee1b8692300c0dd03","589b19b4fec2730f0082e040","58b04a023529383900a759b5","58b92d1598157a0f004869bf","592e7685c58275000f20174f","59392839e376d4002f8a0474","59393064e376d4002f8a05a1","5947ae0d4005e2000f3a4fec","594a74df1d1de5001ab3517a","5954bc387a147f001b918915","59b8eeeb707542001076d3b6"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1"},"category":{"_id":"5624bbb785a31117001c5403","pages":["5653264657978b1700df716a","5655bcf8dd82540d00278c26","5655bfd81a06b61900c66873","5655c7c0a66be71700968dd7","5660588e4320a80d00bec124","56618ad455e4450d00e62b89","56f1685a2a85600e00ea3dca"],"project":"54eb50e5615ffc1900305a16","version":"54eb63b859b1172100334fae","__v":7,"sync":{"url":"","isSync":false},"reference":true,"createdAt":"2015-10-19T09:45:27.364Z","from_sync":false,"order":10,"slug":"2-factor-authentication","title":"2-factor authentication"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-10-16T12:45:56.731Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":true,"api":{"settings":"","results":{"codes":[]},"auth":"required","params":[],"url":""},"isReference":true,"order":0,"body":"**2-factor authentication** (2FA) is a cloud messaging security solution that confirms the identity of the user and protects the system from phishing or hacking attacks.\n\nA one-time PIN (PIN code) is generated and sent to the user's mobile phone. The user receives the PIN code and types it into the application to confirm the identity. If the PIN number that was sent out to the user matches the one that is received, the user is allowed to continue with the process.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"2FA flow overview\"\n}\n[/block]\n\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/b9470ef-2faFlow.jpg\",\n        \"2faFlow.jpg\",\n        1500,\n        1277,\n        \"#3c535b\"\n      ]\n    }\n  ]\n}\n[/block]\n1. User enter the Phone number into the client's application (mobile or web). The other option is that client pulls the phone number from his user database.\n2. Application sends a request for the PIN code with user’s phone number to Infobip\n3. Infobip generates PIN and PIN ID, and sends PIN ID back to application\n4. Infobip sends Number lookup request to the MNO \n5. Infobip receives Number Lookup response from the MNO\n6. Infobip sends Number Lookup response to the Application\n7. If the Number Lookup result is valid, Infobip generates the PIN code and send it via SMS\n8. MNO delivers SMS with the PIN code\n9. Infobip receives Delivery report for sent message\n10. User enters the received PIN code into the application\n11. Application sends verification request with the PIN code and PIN  ID\n12. Infobip verifies the received PIN and sends the response to the application\n\n[block:callout]\n{\n  \"type\": \"info\",\n  \"title\": \"Note:\",\n  \"body\": \"**Steps 3** and **4** are important for clients that want to check whether the user entered a valid phone number before sending the verification SMS. We use Number Lookup to check the phone number validity. If the phone number is not valid (i.e. doesn’t exists) we don't generate the PIN code or send an SMS. In this way we prevent unnecessary costs for our clients. These steps are optional due to customer needs.\"\n}\n[/block]\n\n-----\n### **Next:** [Step by step integration](doc:step-by-step-integration)\n\nFor more information about 2FA Step by step integration take a look at our [tutorial](doc:step-by-step-integration).","excerpt":"","slug":"2fa-introduction","type":"basic","title":"2FA Introduction"}
**2-factor authentication** (2FA) is a cloud messaging security solution that confirms the identity of the user and protects the system from phishing or hacking attacks. A one-time PIN (PIN code) is generated and sent to the user's mobile phone. The user receives the PIN code and types it into the application to confirm the identity. If the PIN number that was sent out to the user matches the one that is received, the user is allowed to continue with the process. [block:api-header] { "type": "basic", "title": "2FA flow overview" } [/block] [block:image] { "images": [ { "image": [ "https://files.readme.io/b9470ef-2faFlow.jpg", "2faFlow.jpg", 1500, 1277, "#3c535b" ] } ] } [/block] 1. User enter the Phone number into the client's application (mobile or web). The other option is that client pulls the phone number from his user database. 2. Application sends a request for the PIN code with user’s phone number to Infobip 3. Infobip generates PIN and PIN ID, and sends PIN ID back to application 4. Infobip sends Number lookup request to the MNO 5. Infobip receives Number Lookup response from the MNO 6. Infobip sends Number Lookup response to the Application 7. If the Number Lookup result is valid, Infobip generates the PIN code and send it via SMS 8. MNO delivers SMS with the PIN code 9. Infobip receives Delivery report for sent message 10. User enters the received PIN code into the application 11. Application sends verification request with the PIN code and PIN ID 12. Infobip verifies the received PIN and sends the response to the application [block:callout] { "type": "info", "title": "Note:", "body": "**Steps 3** and **4** are important for clients that want to check whether the user entered a valid phone number before sending the verification SMS. We use Number Lookup to check the phone number validity. If the phone number is not valid (i.e. doesn’t exists) we don't generate the PIN code or send an SMS. In this way we prevent unnecessary costs for our clients. These steps are optional due to customer needs." } [/block] ----- ### **Next:** [Step by step integration](doc:step-by-step-integration) For more information about 2FA Step by step integration take a look at our [tutorial](doc:step-by-step-integration).