Log inTry for free
Back to all APIs

Create 2FA application

Create and configure a new 2FA application.

Learn more about the workflow and setup
Please log in to see full path URL. Learn why.
post
/2fa/2/applications
Authorizations:
API Key Header
Basic
IBSSO Token Header
OAuth 2
Scopes:
2fa:manage
Request rate limit:
20 requests / 10 minute (per account)
Request Body schema:
application/json
collapse all -
configuration
object

Created 2FA application configuration.

allowMultiplePinVerifications
boolean
Default: true

Indicates whether multiple PIN verification is allowed.

pinAttempts
integer <int32>
Default: 10

Number of possible PIN attempts.

pinTimeToLive
string
Default: "15m"

Validity period of PIN in specified time unit. Required format: {timeLength}{timeUnit}. timeLength is optional with a default value of 1. timeUnit can be set to: ms, s, m, h or d representing milliseconds, seconds, minutes, hours, and days respectively. Must not exceed one year, although much lower value is recommended.

sendPinPerApplicationLimit
string
Default: "10000/1d"

Overall number of requests over a specified time period for generating a PIN and sending a message using a single application. Required format: {attempts}/{timeLength}{timeUnit}. attempts and timeunit are mandatory and timeLength is optional with a default value of 1. timeUnit is one of: ms, s, m, h or d representing milliseconds, seconds, minutes, hours, and days respectively. Must not exceed one year, although much lower value is recommended.

sendPinPerPhoneNumberLimit
string
Default: "3/1d"

Number of requests over a specified time period for generating a PIN and sending a message to one destination. Required format: {attempts}/{timeLength}{timeUnit}. attempts and timeunit are mandatory and timeLength is optional with a default value of 1. timeUnit is one of: ms, s, m, h or d representing milliseconds, seconds, minutes, hours, and days respectively. Must not exceed one year, although much lower value is recommended.

verifyPinLimit
string
Default: "1/3s"

The number of PIN verification requests over a specififed time period from one phone number (MSISDN). Required format: {attempts}/{timeLength}{timeUnit}. attempts and timeunit are mandatory and timeLength is optional with a default value of 1. timeUnit is one of: ms, s, m, h or d representing milliseconds, seconds, minutes, hours, and days respectively. Must not exceed one day, although much lower value is recommended.

enabled
boolean

Indicates whether the created application is enabled.

name
required
string

2FA application name.

Responses

default

successful response

400

Bad Request

401

Unauthorized

403

Forbidden

429

Too Many Requests

4XX

Error responses

500

Internal Server Error

5XX

Error responses

Request samples

Content type
application/json
Copy
 Collapse all
{
  • "name": "2fa application name",
  • "enabled": true,
  • "configuration":
    {
    • "pinAttempts": 5,
    • "allowMultiplePinVerifications": true,
    • "pinTimeToLive": "10m",
    • "verifyPinLimit": "2/4s",
    • "sendPinPerApplicationLimit": "5000/12h",
    • "sendPinPerPhoneNumberLimit": "2/1d"
    }
}

Response samples

Content type
application/json
Copy
 Collapse all
{
  • "applicationId": "1234567",
  • "name": "Application name",
  • "configuration":
    {
    • "pinAttempts": 5,
    • "allowMultiplePinVerifications": true,
    • "pinTimeToLive": "10m",
    • "verifyPinLimit": "2/4s",
    • "sendPinPerApplicationLimit": "5000/12h",
    • "sendPinPerPhoneNumberLimit": "2/1d"
    },
  • "enabled": true
}

Need assistance

Explore Infobip Tutorials

Encountering issues

Contact our support

What's new? Check out

Release Notes

Unsure about a term? See

Glossary

Research panel

Help shape the future of our products
Learn more
Service status

Copyright @ 2006-2025 Infobip ltd.

Privacy documentsTerms of use