Validate MFA challenge ID

Authenticate the challenge ID (generated with /MFAChallenge.json) and token that was sent to your mobile device registered with BILL. In response, an mfaId value is generated and your API session is MFA trusted.

By default, MFA expires when the API session expires after 35 minutes of inactivity. If you set rememberMe as true in your /MFAAuthenticate.json request, the mfaId value is marked as trusted for 30 days. You can check the MFA status with /MFAStatus.json.

Using /MFAAuthenticate.json is step three of signing in with an MFA trusted API session.

Multi-Factor Authentication (MFA)

The following protected endpoints require MFA for login with a trusted API session:

Note: See Multi-factor authentication (MFA)/2-step verification in the BILL Help Center for more information about all the security measures in place for your BILL account operations.

Sign in with an MFA trusted API session is a three-step process:

  1. Sign in to generate a sessionId value with /Login.json.
  2. Generate an MFA challenge ID with /MFAChallenge.json. When you call /MFAChallenge.json, a token is sent to your mobile device registered with BILL.
  3. Authenticate the challenge ID and token with /MFAAuthenticate.json. At this point, the sessionId (from step one) is MFA trusted.
Click Try It! to start a request and see the response here!