Inpaqt 2FA Service

This document details the two-factor authentication (2FA) service designed for seamless integration within Inpaqt projects.

Request OTP (/requestotp)

This route handles requests for one-time passcodes (OTPs). Upon a successful request, your clients email will receive a unique 6-digit code for verification purposes. To ensure a successful request, ensure your headers and body adhere to the following structure:

Headers:

• project_key: Required. The unique key provided to you by the developer.
• project_name: Required. The case-sensitive name of your project that you submitted to the developer.

Body:

{
  "email": "user@example.com",  // User's email address
  "metaData": {
    "origin": {
      "deviceName": "Client Device",  //  Device name for logging
      "timeZone": "Client Time Zone" //  Client's time zone
    },
    "project_details": {
      "name": "Your Project Name"   // Project name for logging
    }
  }
}

So the curl would look something like this:

curl --location 'http://<MAIN_URL>/2fa/requestotp' \
  --header 'project_key: your-project-key' \
  --header 'project_name: your-project-name' \
  --header 'Content-Type: application/json' \
  --data-raw '{"email": "user@example.com", "metaData": {"origin": {"deviceName": "Client Device", "timeZone": "Client Time Zone"}, "project_details": {"name": "Your Project Name"}}}'

Response:

Upon successfully processing the request, the service will return a JSON response containing a token. This token is valid for 10 minutes. You'll need to include this token in the subsequent request to verify the OTP.

Verify OTP (/verifyotp)

Once your client receives the email containing the OTP and enters it within your application, submit the OTP along with the previously provided token using the following structure:

Headers:

• project_key: Required. The unique key provided to you by the developer.
• project_name: Required. The case-sensitive name of your project that you submitted to the developer.

Body:

{
  "token": "token-received-from-previous-request", // Required
  "otp": "user-entered-otp-code"                   // Required
}

So the example curl would look like this:

curl --location 'http://<MAIN_URL>/2fa/verifyotp' \
  --header 'project_key: your-project-key' \
  --header 'project_name: your-project-name' \
  --header 'Content-Type: application/json' \
  --data-raw '{"token": "your-received-token", "otp": "user-entered-otp-code"}'