1. Developer Support
  2. Operations
  3. Authentication

MFAChallenge

Multi Factor Authentication (MFA) is required to call the protected APIs that pay bills, send network invitations, send vendor invitations, and manage vendor bank accounts. This API request generates and returns a challenge ID, and sends a token to your mobile device that is registered with Bill.com. 

If you have not registered a mobile device, the BDC_1354 error is returned.

MFA login process

Login with an MFA trusted API session is a three-step process:

  1. Sign in with Login to generate a sessionId.
  2. Create a MFA challenge ID and send a token to your mobile device with MFAChallenge.
  3. Validate the challenge ID and token with MFAAuthenticate. At this point, the login sessionId is MFA trusted.

Note: See Multi-factor authentication (MFA)/2-step verification in the Bill.com Help for more information about all the security measures in place for your Bill.com account operations.

Request

<API_URL_EndPoint>/MFAChallenge.json

data={
   "useBackup" : false
}

Response

data={
  "response_status" : 0,
  "response_message" : "Success",
  "response_data" : {
    "challengeId" : "!a20Ob49EtAYKMvZ1SQjggzdVQ0xXhMa6SgBSIGdtRTpw"
  }
}

Request parameters

Field Name Description Required?
useBackup Determines whether the token needs to be sent to the primary mobile device [value = false] or back up mobile device [value = true] Yes
Was this article helpful?
0 out of 1 found this helpful