API Portal provides multi-factor authentication (MFA) that requires the use of two or more authentication factors to verify a user's identity for a login. Authentication factors can be classified into knowledge factors (what the user knows, for example, password), possession factors (what the user has, for example, security token) and inherence factors (what the user is, for example, biometric verification). The authentication mechanism validates each factor thus adding another layer of security during a user log on.

API Portal uses a combination of username, password, and a one-time password (OTP) as authentication factors to verify the user's identity. The user receives the OTP in one of the following ways:

For details on how to enable MFA in API Portal, see Enabling Multi-factor Authentication.

Any user when on-boarded onto API Portal receives a secret token through an email, when MFA is enabled. The user can use this secret token to generate an OTP, using an external client like Google Authenticator, which in turn is used to log onto API Portal.