| Developer Documentation
Documentation
Support SiteRoadmapStatus PagePrivacy

How to add a trusted device / prevent manual 2FA codes

Suggest Edits

If the user account that you're using to access the API has 2FA enabled, you normally need to manually enter a 2FA code each time you request a new bearer token.

You can add your device as a trusted device, which prevents you from needing to manually enter a 2FA code for each new bearer token request.

Note that a 2FA code is still required in the first request, for authentication purposes.

Adapt your bearer token requests

The first bearer token request will mark your device as a trusted device.

  1. Prepare your bearer token request as usual, but don't send it yet.
  2. Generate a UUID. This is the unique identifier that will be used to identify your device. There are many ways to generate a UUID, using a UUID library or online generator.
  3. Add the header Api-Device-Identifier to your bearer token request and give it the value of your generated UUID.
  4. Add trustedDeviceName to your data or payload with a human readable name. This name will appear in your profile as a trusted device (My profile > Login and security > Trusted devices).
curl --request POST \
     --url '<<url>>/api/access-tokens?fields=secretId' \
     --header 'Api-Version: 2' \
     --header "Api-Application: $applicationId" \
     --header "Api-Device-Identifier: $generatedUUID" \
     --header 'Content-Type: application/json' \
     --header "Authorization: Basic $base64_cipher_of_credentials" \
     --data '{"expiresIn": 3600, "trustedDeviceName": "My API application"}'

{
    "status": "success",
    "type": "AccessTokenCreateResponse",
    "data": {
        "publicId": "$response_id",
        "expiresOn": "2021-02-02T00:59:59Z",
        "secretId": "$bearer_token",
        "user": {
            "publicId": "$user_id",
            "name": "$username",
            "emailAddress": "$email_address",
            "support": false,
            "language": "en",
            "localisation": null,
            "timeZone": null,
            "registeredOn": "2020-09-01T10:59:29Z",
            "lastSeenOn": "2020-12-02T07:38:31Z",
            "termsOfUsePolicyAcceptedOn": "2020-09-01T10:59:29Z"
        }
    }
}

When you send your request, the UUID is marked as a trusted UUID (trusted device) and the trusted device name is added to your profile.

In any follow-up bearer token requests, you then only need to include the Api-Device-Identifier header. A 2FA code or trustedDeviceName is no longer needed.

curl --request POST \
     --url '<<url>>/api/access-tokens?fields=secretId' \
     --header 'Api-Version: 2' \
     --header "Api-Application: $applicationId" \
     --header "Api-Device-Identifier: $generatedUUID" \
     --header 'Content-Type: application/json' \
     --header "Authorization: Basic $base64_cipher_of_credentials" \
     --data '{"expiresIn": 3600}'

{
    "status": "success",
    "type": "AccessTokenCreateResponse",
    "data": {
        "publicId": "$response_id",
        "expiresOn": "2021-02-02T00:59:59Z",
        "secretId": "$bearer_token",
        "user": {
            "publicId": "$user_id",
            "name": "$username",
            "emailAddress": "$email_address",
            "support": false,
            "language": "en",
            "localisation": null,
            "timeZone": null,
            "registeredOn": "2020-09-01T10:59:29Z",
            "lastSeenOn": "2020-12-02T07:38:31Z",
            "termsOfUsePolicyAcceptedOn": "2020-09-01T10:59:29Z"
        }
    }
}

Updated 1 day ago