Security API
Use the Security API to manage multifactor authentication (MFA) tokens.
For the Security API, api-root defines where to route API requests for your Instabase instance:
import json, requests
api_root = "https://www.instabase.com/api/v1/security"
See Instabase API authorization and response conventions for authorization and error convention details.
Get MFA info
This API returns a user account’s MFA setup information.
This API is callable only by:
-
A site admin
-
A user with the
manage_usersite ACL -
Any user to check the status of their own MFA setup
Request
The request must be:
headers = {"Authorization": "Bearer {0}".format(token)}
resp = requests.get(api_root + "/security/two-factor/status/<username>", headers=headers).json()
Response
If successful, the response contains information about MFA setup.
{
"status":"OK",
"two_factor_enabled": true,
"mfa_mode": "SMS"
}
The body of the response is a JSON dictionary with the following fields:
-
two_factor_enabled: Indicates whether or not MFA is enabled in the account. -
mode: If MFA is enabled, returns the mode. Valid values are:SMSandTOTP.
Disable MFA
Use this API to disable a user account’s MFA setup.
This API is callable only by:
-
A site admin
-
A user with the
manage_usersite ACL -
Any user to disable their own MFA setup
Request
The request must be:
headers = {"Authorization": "Bearer {0}".format(token)}
resp = requests.post(api_root + "/security/two-factor/disable/<username>", headers=headers).json()
Response
{
"status": "OK"
}