Two-Factor Authentication (2FA)
Rach Payments supports TOTP-based 2FA (compatible with Google Authenticator, Authy, etc.).
Auth required: JWT
Base path: /api/v1/auth/2fa
Check Status
http
GET /api/v1/auth/2fa/status
Authorization: Bearer <token>Response
json
{
"enabled": false,
"verified": false
}Setup 2FA
Returns a TOTP secret and QR code URI. The user scans this with their authenticator app.
http
POST /api/v1/auth/2fa/setup
Authorization: Bearer <token>Response
json
{
"secret": "BASE32SECRET",
"qr_code_url": "otpauth://totp/Rach%20Payments:user@example.com?secret=BASE32SECRET&issuer=Rach+Payments"
}Enable 2FA
Confirm setup by submitting a valid TOTP code. Once enabled, remittance transfers via the dashboard require an OTP.
http
POST /api/v1/auth/2fa/enable
Authorization: Bearer <token>
Content-Type: application/jsonjson
{
"code": "123456"
}Disable 2FA
http
POST /api/v1/auth/2fa/disable
Authorization: Bearer <token>
Content-Type: application/jsonjson
{
"code": "123456"
}Usage in Remittance
When 2FA is enabled, dashboard remittance transfers (POST /api/v1/remittance/create) require an otp_code field:
json
{
"business_id": "...",
"source_currency": "NGN",
"source_amount": "100000",
"dest_currency": "GBP",
"recipient_name": "Sarah's Fabrics Ltd",
"recipient_account": "12345678",
"recipient_bank": "Barclays",
"recipient_country": "GB",
"otp_code": "123456"
}