Introduction to Two-Factor Authentication

In this type of transaction, payment confirmation via a token sent to the person with approval powers for movements in the creditor account is required. The request for a Pix transaction by integrator partners configured to use two-factor authentication is made similarly to what is described in perform a Pix transaction. The difference is the addition of the tfa_info object, containing information about the transfer approver and the means of contact, and the status of a successful request, which will always be pending_2fa_approval. The same applies to batch Pix transactions described in perform batch Pix transaction.

Flow for a Pix Transaction with Authorization

A successful Pix transaction will follow the following process flow:

1. Perform the Pix transaction request and receive a synchronous response with status pending_2fa_approval and value of pix_transfer_key.
2. The indicated approver will receive a 6-digit token consisting of letters and digits.
3. The requester performs the Pix transaction confirmation with the pix_transfer_key and the token.
4. The transfer will be completed synchronously or asynchronously, depending on the integrator partner's configuration.

Observations

Each transaction has a maximum limit of 5 validation attempts for the token. When this limit is reached, the transaction will be automatically set to rejected (rejected) status.

Each token has a maximum duration of 5 minutes.

A transaction can have its token renewed and resent to the transfer approver. This process resets the 5-minute time but does not reset the invalid attempt counter. The previous token becomes invalid.

Once the transaction is approved, it will be completed in synchronous or asynchronous mode, depending on the integrator partner's configuration.

The notification event for sending the token to the approver is baas.token_validation.pix_transfer.single. It is possible to customize the sent message.

The implemented contact_type for sending tokens are sms and email.