Multi-Factor Authentication (MFA)
Add an extra security layer to password authentication.
Overview
MFA adds a second verification step after password entry:
- SMS: Receive codes via text message
- TOTP: Use authenticator apps
Tip: WebAuthn Users
WebAuthn provides strong authentication by default. MFA is not required for WebAuthn login.
SMS Authentication
Setup
- Login to portal.cloudpirates.io
- Navigate to security page
- Select "SMS Authentication"
- Enter mobile phone number
- Enter registration token from SMS
Login
- Enter email and password
- Receive verification code via SMS
- Enter code to complete login
TOTP (Authenticator Apps)
Supported Apps
Setup with QR Code
- Login to portal.cloudpirates.io
- Navigate to security page
- Select "Authenticator App (TOTP)"
- Scan QR code with authenticator app
- Enter generated 6-digit code
Setup Manually
- Click "I can't use the QR Code"
- Copy secret key
- Add to authenticator app manually
- Enter generated code
Login
- Enter email and password
- Open authenticator app
- Enter current 6-digit code
Tip: Accurate Device Clock Required
Ensure your device clock is accurate for TOTP codes to work correctly.
Managing MFA
Access security page to:
- View active MFA methods
- Enable additional methods
- Disable methods
Multiple Methods
Enable both SMS and TOTP:
- Use SMS when authenticator unavailable
- Use TOTP when SMS unavailable
- Choose preferred method during login
API Reference
List MFA Methods
http
GET /v1/auth/challenges
Authorization: Bearer <access-token>Enable SMS
http
POST /v1/auth/challenges/sms
Authorization: Bearer <access-token>
Content-Type: application/json
{
"phoneNumber": "+1234567890"
}Enable TOTP
http
POST /v1/auth/challenges/totp
Authorization: Bearer <access-token>Login with MFA
http
POST /v1/auth/login
Content-Type: application/json
{
"email": "user@example.com",
"password": "password",
"desiredChallenge": "sms"
}Then complete with challenge code:
http
POST /v1/auth/login/challenge
Content-Type: application/json
{
"verificationToken": "token",
"challengeCode": "123456"
}Info: Full API Documentation Available
These are example requests. For complete API documentation including all parameters, response schemas, and authentication details, visit api.cloudpirates.io/docs.