# Authentication Factors

## Get user authentication factors

 - [GET /authentication_factors](https://api.weavr.io/products/multi/openapi/authentication-factors/authfactorsget.md): Retrieves the list of authentication factors that can be used to verify the logged-in user.

## Enrol a user device for authentication using one-time passwords

 - [POST /authentication_factors/otp/{channel}](https://api.weavr.io/products/multi/openapi/authentication-factors/enroldeviceusingotpstepone.md): This is the first step in enrolling the logged-in user's mobile device, where a one-time password is sent to the device.

_Note that on the Sandbox Environment, text messages are not sent and the one-time-password is always \"123456\"._

## Verify enrolment of a user device for authentication using one-time passwords

 - [POST /authentication_factors/otp/{channel}/verify](https://api.weavr.io/products/multi/openapi/authentication-factors/enroldeviceusingotpsteptwo.md): The second step in enrolling the logged-in user (root or authorised user) to use one-time-passwords to enable verification of transactions.
The challenge expires after 5 minutes and the number of incorrect OTP attempts is limited to reduce the risk of fraud, in that case challenge has to be issued again.

_Note that on the Sandbox Environment, text messages are not sent and the verificationCode is always set to \"123456\"._

## Enrol a user device for authentication using push notifications

 - [POST /authentication_factors/push/{channel}](https://api.weavr.io/products/multi/openapi/authentication-factors/enroldeviceusingpush.md): This is the first step in enrolling the logged-in user's mobile device, where a push notification is sent to the device.

## Unlink a user device for authentication using push notifications

 - [DELETE /authentication_factors/push/{channel}](https://api.weavr.io/products/multi/openapi/authentication-factors/unlinkdeviceusingpush.md): Unlink a user device for authentication using push notifications