[{"data":1,"prerenderedAt":487},["ShallowReactive",2],{"content-query-QlhmOKJEWF":3,"content-query-M5aWdXgQKx":322,"content-query-eJ9XWy0CGH":329,"content-query-UP87PRcOMw":342,"content-query-9giMhwHrGj":346,"content-query-W4RtfFQaoh":353,"content-query-j8GGVgf9na":378,"content-query-zRSmsuVl55":385,"content-query-G03kJtQzJS":389,"content-query-No6iPTj4EO":408,"content-query-MsdmgXewTK":418,"content-query-7VgBfxLOWV":425,"content-query-yP1cWMns5L":447,"content-query-BMhIInEJl2":451},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"intro":10,"type":5,"layout":11,"body":12,"_type":315,"_id":316,"_source":317,"_file":318,"_stem":319,"_extension":320,"sitemap":321},"/docs/account/mfa","account",false,"","Multi-factor authentication (MFA)","Add multi-factor authentication (MFA) to your Webhook Relay account for an extra layer of login security. Available on every plan, including the free tier.","Multi-factor authentication protects your account even if your password is stolen. Turn on app-based (TOTP) MFA in your account settings and keep your recovery codes safe.","doc",{"type":13,"children":14,"toc":305},"root",[15,23,36,43,55,61,121,126,135,141,153,186,212,218,236,242,270,276],{"type":16,"tag":17,"props":18,"children":19},"element","p",{},[20],{"type":21,"value":22},"text","Multi-factor authentication (MFA), sometimes called two-factor authentication (2FA), adds a second step to your login. After your password you also enter a one-time code from an authenticator app, so a leaked or guessed password is no longer enough to access your account.",{"type":16,"tag":17,"props":24,"children":25},{},[26,28,34],{"type":21,"value":27},"MFA is available on ",{"type":16,"tag":29,"props":30,"children":31},"strong",{},[32],{"type":21,"value":33},"every plan, including the free tier",{"type":21,"value":35}," — there is no need to upgrade to secure your account.",{"type":16,"tag":37,"props":38,"children":40},"h2",{"id":39},"how-it-works",[41],{"type":21,"value":42},"How it works",{"type":16,"tag":17,"props":44,"children":45},{},[46,48,53],{"type":21,"value":47},"Webhook Relay uses ",{"type":16,"tag":29,"props":49,"children":50},{},[51],{"type":21,"value":52},"app-based, time-based one-time passwords (TOTP)",{"type":21,"value":54}," — the same standard supported by Google Authenticator, 1Password, Authy, Microsoft Authenticator and most password managers. Your authenticator app and Webhook Relay share a secret once, during setup, and from then on the app generates a fresh 6-digit code every 30 seconds. Nothing is sent over SMS, so there is no SIM-swap risk.",{"type":16,"tag":37,"props":56,"children":58},{"id":57},"enable-mfa",[59],{"type":21,"value":60},"Enable MFA",{"type":16,"tag":62,"props":63,"children":64},"ol",{},[65,89,101,106,111],{"type":16,"tag":66,"props":67,"children":68},"li",{},[69,71,80,82,87],{"type":21,"value":70},"Open your ",{"type":16,"tag":72,"props":73,"children":77},"a",{"href":74,"rel":75},"https://my.webhookrelay.com/account",[76],"nofollow",[78],{"type":21,"value":79},"account details page",{"type":21,"value":81}," and go to the ",{"type":16,"tag":29,"props":83,"children":84},{},[85],{"type":21,"value":86},"Security",{"type":21,"value":88}," section.",{"type":16,"tag":66,"props":90,"children":91},{},[92,94,99],{"type":21,"value":93},"Choose ",{"type":16,"tag":29,"props":95,"children":96},{},[97],{"type":21,"value":98},"Enable two-factor authentication",{"type":21,"value":100},". A QR code and a setup key are shown.",{"type":16,"tag":66,"props":102,"children":103},{},[104],{"type":21,"value":105},"In your authenticator app, scan the QR code (or type the setup key manually).",{"type":16,"tag":66,"props":107,"children":108},{},[109],{"type":21,"value":110},"Enter the 6-digit code from the app to confirm the two are in sync.",{"type":16,"tag":66,"props":112,"children":113},{},[114,119],{"type":16,"tag":29,"props":115,"children":116},{},[117],{"type":21,"value":118},"Save your recovery codes",{"type":21,"value":120}," somewhere safe (see below), then finish.",{"type":16,"tag":17,"props":122,"children":123},{},[124],{"type":21,"value":125},"From the next sign-in onwards, you'll be asked for a code from your app after entering your password.",{"type":16,"tag":127,"props":128,"children":129},"hint",{},[130],{"type":16,"tag":17,"props":131,"children":132},{},[133],{"type":21,"value":134},"Set up your authenticator app on a device you keep — not the same single device you might lose access to. A password manager that syncs across your devices is a good place to store TOTP secrets.",{"type":16,"tag":37,"props":136,"children":138},{"id":137},"recovery-codes",[139],{"type":21,"value":140},"Recovery codes",{"type":16,"tag":17,"props":142,"children":143},{},[144,146,151],{"type":21,"value":145},"When you enable MFA you are given a set of one-time ",{"type":16,"tag":29,"props":147,"children":148},{},[149],{"type":21,"value":150},"recovery codes",{"type":21,"value":152},". Each code lets you sign in once if you don't have your authenticator app — for example if your phone is lost, stolen or reset.",{"type":16,"tag":154,"props":155,"children":156},"ul",{},[157,169,181],{"type":16,"tag":66,"props":158,"children":159},{},[160,162,167],{"type":21,"value":161},"Store them in a password manager or another safe place, ",{"type":16,"tag":29,"props":163,"children":164},{},[165],{"type":21,"value":166},"not",{"type":21,"value":168}," only on the device that runs your authenticator app.",{"type":16,"tag":66,"props":170,"children":171},{},[172,174,179],{"type":21,"value":173},"Each recovery code works ",{"type":16,"tag":29,"props":175,"children":176},{},[177],{"type":21,"value":178},"once",{"type":21,"value":180},". After you use one, cross it off.",{"type":16,"tag":66,"props":182,"children":183},{},[184],{"type":21,"value":185},"You can regenerate a fresh set from the Security section at any time — doing so invalidates the old codes.",{"type":16,"tag":17,"props":187,"children":188},{},[189,191,196,198,205,210],{"type":21,"value":190},"If you run out of recovery codes ",{"type":16,"tag":29,"props":192,"children":193},{},[194],{"type":21,"value":195},"and",{"type":21,"value":197}," lose access to your authenticator app, contact ",{"type":16,"tag":72,"props":199,"children":204},{"href":200,"className":201,"rel":203},"mailto:info@webhookrelay.com",[202],"nav-link",[76],[],{"type":16,"tag":72,"props":206,"children":207},{"href":200},[208],{"type":21,"value":209},"info@webhookrelay.com",{"type":21,"value":211}," from the email address on the account so we can verify ownership and help you regain access.",{"type":16,"tag":37,"props":213,"children":215},{"id":214},"disable-mfa",[216],{"type":21,"value":217},"Disable MFA",{"type":16,"tag":17,"props":219,"children":220},{},[221,223,227,229,234],{"type":21,"value":222},"To turn MFA off, open the ",{"type":16,"tag":29,"props":224,"children":225},{},[226],{"type":21,"value":86},{"type":21,"value":228}," section of your ",{"type":16,"tag":72,"props":230,"children":232},{"href":74,"rel":231},[76],[233],{"type":21,"value":79},{"type":21,"value":235}," and disable two-factor authentication. You'll be asked to confirm with your password or a current code. We recommend keeping MFA enabled.",{"type":16,"tag":37,"props":237,"children":239},{"id":238},"mfa-and-teams",[240],{"type":21,"value":241},"MFA and teams",{"type":16,"tag":17,"props":243,"children":244},{},[245,247,253,255,260,262,268],{"type":21,"value":246},"If you invite ",{"type":16,"tag":72,"props":248,"children":250},{"href":249},"/docs/account/team",[251],{"type":21,"value":252},"team members or sub-accounts",{"type":21,"value":254},", each user enables MFA on ",{"type":16,"tag":29,"props":256,"children":257},{},[258],{"type":21,"value":259},"their own",{"type":21,"value":261}," login independently — protecting your account is up to every member who can access it. For organisation-wide enforcement and SSO (SAML with Okta, Active Directory and similar), see our ",{"type":16,"tag":72,"props":263,"children":265},{"href":264},"/pricing",[266],{"type":21,"value":267},"Enterprise plan",{"type":21,"value":269},".",{"type":16,"tag":37,"props":271,"children":273},{"id":272},"related",[274],{"type":21,"value":275},"Related",{"type":16,"tag":154,"props":277,"children":278},{},[279,288,296],{"type":16,"tag":66,"props":280,"children":281},{},[282],{"type":16,"tag":72,"props":283,"children":285},{"href":284},"/docs/account/account-management",[286],{"type":21,"value":287},"Account management",{"type":16,"tag":66,"props":289,"children":290},{},[291],{"type":16,"tag":72,"props":292,"children":293},{"href":249},[294],{"type":21,"value":295},"Teams and sub-accounts",{"type":16,"tag":66,"props":297,"children":298},{},[299],{"type":16,"tag":72,"props":300,"children":302},{"href":301},"/docs/security",[303],{"type":21,"value":304},"Security & technology overview",{"title":7,"searchDepth":306,"depth":306,"links":307},3,[308,310,311,312,313,314],{"id":39,"depth":309,"text":42},2,{"id":57,"depth":309,"text":60},{"id":137,"depth":309,"text":140},{"id":214,"depth":309,"text":217},{"id":238,"depth":309,"text":241},{"id":272,"depth":309,"text":275},"markdown","content:docs:account:2.mfa.md","content","docs/account/2.mfa.md","docs/account/2.mfa","md",{"loc":4},[323,326],{"_path":324,"title":325},"/docs/webhooks/public/public-destination","Forward to public URL",{"_path":327,"title":328},"/docs/webhooks/public/multiple-destination-urls","Multiple destinations",[330,333,336,339],{"_path":331,"title":332},"/docs/webhooks/auth/username-password","Username and password",{"_path":334,"title":335},"/docs/webhooks/auth/hmac","HMAC",{"_path":337,"title":338},"/docs/webhooks/auth/jwt","JWT authentication",{"_path":340,"title":341},"/docs/webhooks/auth/http-method","Auth using request method",[343],{"_path":344,"title":345},"/docs/webhooks/cron/using-cron-webhooks","Schedule recurring webhooks",[347,350],{"_path":348,"title":349},"/docs/tunnels/demoing-your-website","Demoing your website",{"_path":351,"title":352},"/docs/tunnels/regions","Regions",[354,357,360,363,366,369,372,375],{"_path":355,"title":356},"/docs/installation/cli","CLI",{"_path":358,"title":359},"/docs/installation/docker","Docker container",{"_path":361,"title":362},"/docs/installation/docker-compose","Docker Compose",{"_path":364,"title":365},"/docs/installation/kubernetes","Kubernetes",{"_path":367,"title":368},"/docs/installation/autostart-windows","Autostart (Windows)",{"_path":370,"title":371},"/docs/installation/autostart-linux","Autostart (Linux)",{"_path":373,"title":374},"/docs/installation/autostart-macos","Autostart (MacOS)",{"_path":376,"title":377},"/docs/installation/behind-proxy","HTTP proxy configuration",[379,380,381,382],{"_path":284,"title":287},{"_path":4,"title":8},{"_path":249,"title":295},{"_path":383,"title":384},"/docs/account/billing-and-subscriptions","Billing & subscriptions",[386],{"_path":387,"title":388},"/docs/tutorials/warehouse/bigquery","GCP BigQuery",[390,393,396,399,402,405],{"_path":391,"title":392},"/docs/tutorials/cicd/jenkins-bitbucket","Jenkins and Bitbucket",{"_path":394,"title":395},"/docs/tutorials/cicd/jenkins-github","Jenkins and GitHub",{"_path":397,"title":398},"/docs/tutorials/cicd/jenkins-plugin","Jenkins Plugin",{"_path":400,"title":401},"/docs/tutorials/cicd/kubernetes-operator","Kubernetes Operator",{"_path":403,"title":404},"/docs/tutorials/cicd/terraform-atlantis","Terraform Atlantis",{"_path":406,"title":407},"/docs/tutorials/cicd/webhook-exec","Execute scripts on webhook",[409,412,415],{"_path":410,"title":411},"/docs/tutorials/edge/home-assistant","Home Assistant",{"_path":413,"title":414},"/docs/tutorials/edge/javascript-app","JavaScript app",{"_path":416,"title":417},"/docs/tutorials/edge/node-red","Node-RED",[419,422],{"_path":420,"title":421},"/docs/tutorials/transform/docker-to-slack","DockerHub webhook to Slack notification",{"_path":423,"title":424},"/docs/tutorials/transform/enrich-webhooks","Enrich webhooks from APIs",[426,429,432,435,438,441,444],{"_path":427,"title":428},"/docs/service-connections","Service Connections",{"_path":430,"title":431},"/docs/service-connections/aws_s3","AWS S3",{"_path":433,"title":434},"/docs/service-connections/aws_sns","AWS SNS",{"_path":436,"title":437},"/docs/service-connections/aws_sqs","AWS SQS",{"_path":439,"title":440},"/docs/service-connections/azure","Azure",{"_path":442,"title":443},"/docs/service-connections/gcp_gcs","GCP Cloud Storage",{"_path":445,"title":446},"/docs/service-connections/gcp_pubsub","GCP Pub/Sub",[448],{"_path":449,"title":450},"/docs/webhooks/internal/localhost","Receiving webhooks on localhost",[452,455,458,461,464,467,470,473,476,479,481,484],{"_path":453,"title":454},"/docs/webhooks/functions/manipulating-json","JSON encoding",{"_path":456,"title":457},"/docs/webhooks/functions/make-http-request","Make HTTP request",{"_path":459,"title":460},"/docs/webhooks/functions/modify-request","Read, write request data",{"_path":462,"title":463},"/docs/webhooks/functions/multipart-form-data","Multipart form to JSON",{"_path":465,"title":466},"/docs/webhooks/functions/url-encoded-data","URL Encoded Form",{"_path":468,"title":469},"/docs/webhooks/functions/working-with-time","Working with time",{"_path":471,"title":472},"/docs/webhooks/functions/send-emails","Sending emails",{"_path":474,"title":475},"/docs/webhooks/functions/crypto-functions","Base64, encryption",{"_path":477,"title":478},"/docs/webhooks/functions/integrate-into-cicd","Integrating into CI/CD",{"_path":480,"title":388},"/docs/webhooks/functions/big-query",{"_path":482,"title":483},"/docs/webhooks/functions/accessing-metadata","Accessing metadata",{"_path":485,"title":486},"/docs/webhooks/functions","Functions",1782398375303]