Skip to main content

Introduction to Two-Factor Authentication

In this type of scheduling, confirmation of payment programming is required via token sent to the person with powers to approve transactions in the debtor account.

The PIX scheduling request by integrator partners configured to use two-factor authentication is performed similarly to what is described in request PIX transaction scheduling. The difference occurs in adding the tfa_info object, containing information about the transfer approver and the contact method, and the status of a successful request that will always be pending_2fa_approval.

The same applies to PIX batch transactions described in perform PIX batch transaction.

Flow for a PIX scheduling with authorization

The successful PIX scheduling will follow the following process flow:

  1. Performing the PIX transaction request and receiving a synchronous response with status pending_2fa_approval and schedule_key value.
  2. The indicated approver will receive a 6-digit token composed of numbers.
  3. The requester performs the PIX transaction confirmation with the schedule_key and the token.
  4. The scheduling will then be updated to status scheduled.

Observations

  • Each scheduling has a maximum limit of 5 token validation attempts. When this limit is reached, the scheduling will be automatically set to rejected status (rejected).
  • Each token has a maximum duration of 5 minutes.
  • A scheduling can have its token renewed and resent to the transfer approver. This process restarts the 5-minute timer and does not restart the invalid attempts counter. The previous token becomes invalid.
  • The notification event for sending token to the approver is baas.token_validation.pix_transfer.schedule.single. It is possible to customize the sent message.
  • The implemented token sending methods (contact_type) are via sms and email.