Skip to content

Using TFA with REST

If your site provides a REST API, end-users need a way to access the API endpoints which can be more challenging with TFA enabled. These approaches can be taken:

  • Use an API token auth provider (recommended)
  • Append two-factor code to the password field

The recommended approach is to use an API token authentication provider that does not rely on the user authentication such as:

Appending two-factor code to password

When providing the password via Cookie Authentication or Oauth methods, the end user can append the two factor authentication code to their password. Example: "my-password123456" where 123456 is the second factor code.