Two-Factor Authentication
How 2FA is enforced when signing in to the developer portal
The developer portal honours the two-factor authentication (2FA) setting on your Servicebay account. If you have enrolled a TOTP authenticator app (Google Authenticator, 1Password, Authy, Bitwarden, etc.) from the Servicebay mobile or web app, you will be required to provide a one-time code every time you sign in to the developer portal.
2FA only protects the dashboard (manage API keys, organisation
settings). It does not apply to API requests made with an X-API-Key
header — those already use a long, opaque secret that should be treated as
a credential.
Sign-in flow
Enter email and password
Open the login page and enter your Servicebay credentials.
Verification code prompt
If your account has 2FA enabled, the portal recognises this from Firebase Authentication and immediately switches to the verification code step.
Enter the 6-digit code
Open your authenticator app, find the entry for your Servicebay account, and enter the current 6-digit code.
If you ever need to abandon the verification step, click Use a different account to return to the email/password screen.
Signed in
The portal verifies the code with Firebase Auth and finishes signing you in. You're now ready to manage API keys, look at the playground, and inspect organisation settings.
Enrolling 2FA
You enrol and unenrol 2FA from the Servicebay mobile or web app, not from the developer portal. The portal honours whatever is currently enrolled on your account.
Open the Servicebay app and go to Account → Security.
Tap Enable two-factor authentication.
Scan the QR code with your authenticator app and enter the 6-digit code to confirm enrolment.
The next time you sign in to the developer portal you will be prompted for a code from that app.
Lost your authenticator?
If you no longer have access to your authenticator app, follow the 2FA recovery flow. Recovery requires you to verify control of your registered email address.
Why TOTP only?
Servicebay currently supports TOTP (time-based one-time passwords) as the only second factor. SMS-based 2FA is intentionally not offered because TOTP is more resistant to SIM-swap and phishing attacks.
If your account has somehow enrolled a different factor type, the developer portal will display an error and prompt you to complete sign-in via the Servicebay mobile app instead. From there you can re-enrol TOTP for portal access.
Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
| "That code didn't match" | Device clock drift on phone or computer | Sync the system clock and try the next code |
| Stuck on the code screen after refresh | The pending sign-in only lives in memory; reloading the page clears it | Re-enter your email + password |
| You are never prompted for a code | 2FA isn't enrolled on your account | Enrol from the Servicebay mobile/web app |