--- title: "Realtime Two Factor Authentication" slug: "realtime-twofactor-authentication" updated: 2026-05-14T21:42:53Z published: 2026-05-14T21:42:53Z --- > ## Documentation Index > Fetch the complete documentation index at: https://developer.rocket.chat/llms.txt > Use this file to discover all available pages before exploring further. # Realtime Two Factor Authentication ![](https://cdn.us.document360.io/27ca1fd4-36d7-4cde-b4eb-97fc1652954c/Images/Documentation/Deprecated.svg) > [!NOTE] > To learn more about Two Factor Authentication(2FA) in Rocket.Chat, see [Two Factor Authentication](/v1/docs/two-factor-authentication) and [REST Two Factor Authentication](/apidocs/introduction-to-two-factor-authentication). ## Call a method with 2FA | Name | Requires Auth | | --- | --- | | `callWithTwoFactorRequired` | Yes | ### Payload parameters | Argument | Example | Required | Description | | --- | --- | --- | --- | | **code** | `56830` | Required | The 2FA code | | **ddpMethod** | `pinMessage` | Required | The initial method for the request you're trying to make. | | **method** | `email` | Required | The method of the 2FA,*for example -email* | | **params** | `{ "_id": "298gMs93982Le9A7pZjo2D2iB", "rid": "64a1f373376181965ab77f54", "msg": "Whats 4*!" }` | Required | An array of parameters used for the initial method; | ### Example call ```json {    "msg": "callWithTwoFactorRequired"    "code": "38290",    "ddpMethod": "updateMessage",    "id": "342",    "method": "email",    "params": [{        "_id": "298gMs93982Le9A7pZjo2D2iB",        "rid": "64a1f373376181965ab77f54",        "msg": "Whats 4*!" }]         } ``` > [!NOTE] > If the two factor was not accepted the **error** `totp-invalid` will be returned; ## Errors When a request that requires 2FA is made without a 2FA code, it returns a **TOTP-Require** error. The error also details the 2FA method required (email or authenticator app). ```json {  "msg": "result",  "id": "1",  "error": {    "isClientSafe": true,    "error": "totp-required",    "reason": "TOTP Required",    "details": {      "method": "email",      "codeGenerated": false,      "codeCount": 1,      "codeExpires": [        "2019-12-31T22:05:22.159Z"      ],      "availableMethods": [        "email"      ]    },    "message": "TOTP Required [totp-required]",    "errorType": "Meteor.Error"  } } ``` - **method**: The method selected by the server. It is useful to inform the user where to look for the code. - **codeGenerated**: Email only. Used to inform if the code was generated or if there are tokens available already. - **codeCount**: (optional) Email only. The number of available codes already sent via email. - **codeExpires**: (optional) Email only. A list of expiration dates of the tokens. - **availableMethods**: The list of available 2FA methods for Two Factor. It is useful in deciding the method to use when making a request. ## Request a new email code If the user didn't receive the 2FA code, you can request to send a new code via email by calling the DDP Method `sendEmailCode` passing the user's email or username. It's required to pass the email or username because this Method can be called when the user is not logged in. ### Response - **success**: array of emails to where the code was sent; - **error-parameter-required:**The parameter `emailOrUsername` was not provided; - **error-invalid-user:**The user was not found with the provided `emailOrUsername`; ### Example ```javascript Meteor.call('sendEmailCode', emailOrUsername, (error, result) => {}); ``` ## Enable 2FA via email It's possible to enable the email check by calling the method `2fa:enable-email`. > [!NOTE] > The two factor via email will only work if the user has at least one verified email. ### Result - **success**: **true** is returned. - **error-not-authorized** if the user is not logged in. ### Example ```javascript Meteor.call('2fa:enable-email', (error, result) => {}); ``` ## Disable 2FA via email To disable the 2FA, call the method `2fa:disable-email`. > [!NOTE] > This method requires 2FA to be executed. ### Result - **success**: **true** is returned. - **error**: A [2FA error](/v1/docs/realtime-two-factor-authentication#errors) is returned. ### Example ```javascript Meteor.call('2fa:disable-email', (error, result) => {}); ```