DDEV is the official local development tool of Drupal. And like Drupal, DDEV depends on the support of the open source community.Configure 2FA with Headless/Decoupled Drupal
Secure your Headless/Decoupled Drupal with a robust Two Factor Authentication (2FA) using our Two Factor Authentication - 2FA / Passwordless Login module.
Drupal 2FA module will add a second layer of authentication to the Drupal account to increase the site's security from unwanted hacks and unauthorized login attempts. This guide will help you to configure Two-Factor Authentication (2FA / MFA) for your Headless Drupal site. This module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.
Check out the Installation steps:
Setup Headless 2FA :
- Navigate to the Headless 2FA tab.
- Click on Enable Headless Two-Factor checkbox to activate the Headless/Decoupled 2FA service.
- Select the authentication method of your choice from the 2FA method dropdown.
- Select the phone number field. This field's value will be used to fetch the phone number and send out an OTP.
- Click on the Save Settings button.
Steps to integrate Headless/ Decoupled 2FA:
- Minimum requirement for integrating 2FA with Drupal :
- Login page: Having Username and Password fields.
-
2FA Authentication Page: Having fields corresponding to configuring the 2FA method.
Authenticate users by sending Username and Password
-
The first step is to authenticate users by sending Username and Password to our /headless/authenticate endpoint (API) so they can authenticate against the Drupal database. Once the user is authenticated successfully, OTP will be sent to the registered mobile/email (depending on the configuration).
API: POST {drupal-base-URL}/headless/authenticate. What you will send: {"username":"xxxxx","password":"xxxxx","apiKey":"xxxxx"} If successful, you will receive back the following response: {"username":"xxxxx","status":"SUCCESS","message":"xxxxx","transactionID":"xxxxx","authType":"xxxxx"}With Following Parameters:
PARAMETER TYPE REQUIRED ? DESCRIPTION username string required Entered by the user on the login form. password string required Entered by the user on the login form. apiKey string required Send the apiKey provided in the module.
Validate the user by sending OTP
-
The second step is to validate the user by sending OTP (One time passcode) to our /headless/login endpoint (API).
API: POST {drupal-base-URL}/headless/login What you will send: {"username":"xxxxx","transactionID":"xxxxx","authType":"xxxxx","otp":"xxxxx","apiKey":"xxxxx"} If successful, you will receive back the following response: {"username":"xxxxx","status":"SUCCESS","message":"xxxxx","userprofile":"xxxxx"}With Following Parameters:
PARAMETER TYPE REQUIRED ? DESCRIPTION username string required You will get this in response to the first API call. transactionID string required You will get this in response to the first API call. authType string required You will get this in response to the first API call. otp string required You will get this in response to the first API call. apiKey string required Send the apiKey provided in the module.
Possible Errors
| ERROR CODE | DESCRIPTION |
| 400 Authentication Failed | API Authentication Failed |
| 404 Not Found | Headless 2FA setting is not enabled. Please enable the same under the Headless 2FA Setup tab of the module. |
| 401 Unauthorized | User has entered invalid credentials (username/password) |
| 403 Forbidden | User has entered the incorrect OTP (One time passcode) |
| 500 Internal Server Error | You will get 500 Internal Server Error due to various reasons, please check Drupal logs for more details. |
Contact our 24*7 support team
Feel free to reach out to our Drupal experts at drupalsupport@xecurify.com if you need any sort of assistance.
Back to topHelp improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
