{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"daa8a183-4c45-4af3-98ee-a0db99cd4a48","name":"2Factor API Documentation","description":"2Factor provides a robust and scalable HTTP API platform for sending SMS OTPs, transactional messages, and promotional bulk SMS efficiently.\n\nIn addition to SMS services, we also provide advanced WhatsApp solutions: [WhatsApp Chatbot Provider](https://2factor.in/v3/lp/Chatbots/Whatsapp-Chatbot-Provider.php), [WhatsApp Business API Guide 2025](https://2factor.in/v3/lp/blogs/What-is-WhatsApp-Business-API-The-Complete-Guide-2025), and [WhatsApp API Service Provider in India](https://2factor.in/v3/lp/whatsapp-api-service-provider-in-india.php).  \n\n---\n\n# **Authentication**\n\n2Factor employs API key-based authentication to ensure secure access. Each client is assigned a unique `APIKey` that identifies their account.\n\n**Additional Security Features:**\n\n- **IP-Based Restrictions**: To enhance security, clients can restrict API access to a specific set of IP addresses.\n    \n\n---\n\n# API Throughput and Scalability\n\nThe **2Factor Cloud API** is designed for enterprise-grade performance and reliability, trusted by leading organizations.\n\n#### Default Performance\n\n- **Throughput**: Supports up to **200 requests per second** under default configurations.\n    \n- **Response Times**: Average response times range from **100 ms to 500 ms**.\n    \n\n#### High Availability (HA) Cluster for Enhanced Scalability\n\nFor clients with high scalability needs, we offer a **High Availability (HA) Cluster** infrastructure:\n\n- **Throughput**: Supports up to **2000 transactions per second (TPS)**.\n    \n- **Response Times**: Average response times range from **50ms to 150 ms**.\n    \n\n#### Scalability Requests\n\nTo scale up or discuss your specific requirements, contact [<b>support@2factor.in</b>](https://null).\n\n---\n\n# Data Privacy & Security Measures\n\nAt **2Factor**, safeguarding customer data is a top priority. The following measures ensure that all data is securely processed, stored, and accessed in compliance with industry standards:\n\n---\n\n### Security Measures\n\n#### **API Hosting and Encryption**\n\n- **Cloudflare Serverless Environment**: All **2Factor API endpoints** are hosted on Cloudflare's serverless environment for scalability.\n    \n- **End-to-End Encryption**: Cloudflare employs **SSL/TLS encryption** to ensure secure transmission of data between the client, Cloudflare, and 2Factor's backend systems.\n    \n\n#### **Threat Intelligence and Protection**\n\n- **Web Application Firewall (WAF)**: Cloudflare’s WAF protects publicly accessible API endpoints from vulnerabilities and unauthorized access attempts.\n    \n    - **Rule Set**: Protects against thousands of commonly known web exploits and intrusion attempts.\n        \n    - **IP-Based Restrictions**: Backend systems enforce strict IP-based access controls to block unintended audiences.\n        \n\n#### **Brute Force and Local Firewall Protection**\n\n- Each Linux virtual machine (VM) hosting code and data stores is secured with:\n    \n    - A **local firewall**.\n        \n    - **Brute-force monitoring software** to detect and prevent unauthorized login attempts.\n        \n\n#### **Logging and Monitoring**\n\n- Random checks are conducted to monitor access attempts to data stores or VMs from unauthorized IPs, ensuring continuous oversight of system security.\n    \n\n---\n\n### Additional Security Features for Clients\n\n#### **IP-Based Access Control**\n\n- **Client-Specific IP Restrictions**: Clients can enforce IP-based restrictions on their API accounts to prevent unauthorized use.\n    \n\n---\n\n### Data Retention and Disposal Policies\n\n#### **Data Retention**\n\n- **Banking Clients**: Data is retained for **7 years**, as required by industry regulations.\n    \n- **Other Clients**: Data is typically retained for **1 year**, after which it is archived in flat files.\n    \n\n#### **Data Archival and Disposal**\n\n- After the retention period, data is dumped into **SQL flat files** and stored in **S3/S3-compatible cold storage**.\n    \n- While no formal archival/disposal agreements exist, the above process ensures long-term data security and compliance.\n    \n\n---\n\n### Access to SMS Logs\n\n#### **Multi-Factor Authentication**\n\n- To access SMS logs, users must complete **2-factor authentication**:\n    \n    - **Step 1**: Log in with a username and password.\n        \n    - **Step 2**: Verify the login attempt using an SMS OTP sent to the registered phone number.\n        \n\n#### **Access Control**\n\n- **Account Owners**: Full access to SMS logs.\n    \n- **2Factor Technical Support Team**: Limited access on a **need-to-know basis** to resolve support tickets.\n    \n- **Third Parties**: No access is provided to external entities or unauthorized users.\n    \n\n---\n\n### Contact\n\nFor more information about 2Factor’s security measures, data retention policies, or access controls, reach out to our support team at [<b>support@2factor.in</b>](https://null).","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"301893","team":4372815,"collectionId":"daa8a183-4c45-4af3-98ee-a0db99cd4a48","publishedId":"TWDamFGh","public":true,"publicUrl":"https://documenter-api.postman.tech/view/301893/TWDamFGh","privateUrl":"https://go.postman.co/documentation/301893-daa8a183-4c45-4af3-98ee-a0db99cd4a48","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"EF5B25"},"documentationLayout":"classic-double-column","customisation":null,"version":"8.10.1","publishDate":"2021-02-24T16:02:12.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{},"logos":{}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/68a2184a86aa7c86f25f5a9e0b896ca1f33ea0f4fbcdcec00549f86de01f589e","favicon":""},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://documenter.gw.postman.com/view/metadata/TWDamFGh"}