Extra security (2FA)
Extra security (2FA)
Imagine you want an additional layer of security for your signature requests, by requesting the signer to use a password or a phone verification in the document signing step.
Phone verification
You can require the signer to use 2FA through their mobile phone to complete
the signature request by passing the verification_phone_number
parameter on the signer along with their phone number.
For example:
curl --location 'https://api.box.com/2.0/sign_requests' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ej...3t' \
--data-raw '{
"is_document_preparation_needed": true,
"parent_folder": {
"id": "234102987614",
"type": "folder"
},
"source_files": [
{
"id": "1358047520478",
"type": "file"
}
],
"signers": [
{
"email": "verify@example.com",
"role": "signer",
"verification_phone_number": "+15551232190"
}
]
}'
When the signer tries to access the signature request a phone verification dialog pops up:
Then the signer is prompted to enter the code sent in an SMS:
Password verification
You can require the signer to use a password to open the signature request
by passing the password
parameter in the signer
object. For example:
curl --location 'https://api.box.com/2.0/sign_requests' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ej...3t' \
--data-raw '{
"is_document_preparation_needed": true,
"parent_folder": {
"id": "234102987614",
"type": "folder"
},
"source_files": [
{
"id": "1358047520478",
"type": "file"
}
],
"signers": [
{
"email": "verify@example.com",
"role": "signer",
"password": "1234"
}
]
}'
Once the signer opens the signature request they should see something like this: