Implementing 2FA in the context of an API

“Two-factor authentication (also known as 2FA) is a method of confirming a user’s claimed identity by utilizing a combination of two different components.”, according to Wikipedia. 2FA is a quite powerful way to implement security for your web application, and make sure a user performing a request is really who they are, and not an external attacker. But how do you implement it in the context of an API ?

The different forms of 2FAs

The most common form of 2FA is using SMS. You probably all know it. When you pay via…