Skip to content

API

Authentication

By default backend uses 2FA (two factor authentication / multifactor authentication) for API endpoints. This is also the preferred way, only deviate if the specific use case cannot work with 2FA. Typical such cases are for provider webhooks (e.g. in Lithic), different types of clients (like in Hydra), and endpoints that happen when the user cannot use 2FA, such as during signup.

The requirements for an endpoint is included in the swagger.

Note that the endpoint used to get the Firebase token is 1FA only.

Auth Attributes

In addition to the .net [AllowAnonymous] the platform code also defines [SingleFactorAuthentication] that can be used for endpoints that logically cannot use 2FA.