APIs allow external parties to access an organizations sensitive back-end systems, thus keeping security practices up to date is paramount. User name and password are the first level of security for any user trying to access an organizations APIs from their API Portal. This first level of security can easily be breached by hackers so second forms of authentication are needed for the system to have reliable security (See Sale’s Force Article Here) . The good news it that now in Version of API Connect users can configure a Two Factor Authentication model to add that additional layer of security onto their API Portal, protecting the front door into their back-end systems.



Configuration Options

When logged in as the Admin for the API Developer Portal, organizations can configure two factor authentication using their desired process and governance structure. The TFA authentication can be scoped to different types of users and roles in the organization.

There are a number of different frameworks that can be used for providing and verifying the second form of authentication. List of the supported frameworks:

  • Time-based, On-time Password (TOTP)
    • Google Authenticator, Authenticator (Windows Phone) Authy, FreeOTP and GAuth Athenticator
  • Recovery Codes
  • Twilio SMS





Once configuration is complete users can simply login to their accounts and navigate to their security tab to configure their TFA process.

Ensure your organization has the highest security measures in place. For a guided walk through of setting up two factor authentication for your API Portal follow the below knowledge center articles!

  1. Using two-factor authentication
  2. Encouraging users to set up two-factor authentication on their Developer Portal Account



4 comments on"Two Factor Authentication (TFA) for Robust and Modern API Portal Security"

  1. can’t open this urls – “Using two-factor authentication” and “Encouraging users to set up two-factor authentication on their Developer Portal Account”

    • JakobLeonard October 27, 2017

      @dp08 Thank you for pointing that out. The links have been fixed. Hope you enjoyed the post and content

  2. Can two factor auth configured for API invocation also similar to accessing developer Portal ?

Join The Discussion

Your email address will not be published. Required fields are marked *