One Time Token


The One Time Token Framework is a unified verification framework that is purposed to enable access to protected endpoints via API.

  1. Unified verification framework for endpoints that require additional security verification.

  2. One Time state value holder that temporarily elevates access to an endpoint after performing various verification challenges.

  3. Challenges are contained in the token that user needs to pass in order to access an endpoint or perform certain action.

One time token can be found in header whenever additional verification is needed.

HeaderDescription
x-2fa-approval-resultThis header will only appear in response, and there are 2 values:
APPROVED - The endpoint call is now authorised and you should be able to access the protected resource.
REJECTED - Your request requires additional verification, please use the provided value in x-2fa-approval header.
x-2fa-approvalThis header will appear in response when x-2fa-approval-result has the value of REJECTED.
Value of the header (OTT) will then be used to list the required challenges, identify and clear the challenge.
Attach this header to a protected endpoint to get the desired response.