Certain SportsBook accounts require 2FA codes to be entered on every refresh. To handle this case, follow the guide below. For these accounts only manual refreshes while the bettor is authenticated can be executed. Follow this guide to implement this path.

You can look at the TFA attribute on the 📱 BettorAccount to determine if a 2FA code will be required on every refresh.

Dashboard Setting

There is a 2FA toggle in the dashboard. When this toggle is set to off, any 📱 BettorAccount that requires 2FA on every refresh will return an error when being linked, or being refreshed.

OTP Entry Page

You'll know an account requires a OTP if the immediate response to a refresh request includes a bettorAccount in the otpRequired list. The response will also include a cid.

{
  "betRefreshRequested":"2020-07-07T22:53:43.404962Z",
  "refresh":
    [
      "BACT_25ko1xXuSmaX393YqBuM4w",
      "BACT_rJo4qSt2QOacX2ED9O4dDA",
      "BACT_RHcNmovNT1+pX5RZjrjwbQ"
    ],
  "noAccess":[],
  "unverified":[],
  "isUnverifiable":[],
  "bookInactive":[],
  "bookRegionInactive":[],
  "rateLimited":[],
  "otpRequired":[
    "BACT_RHcNmovNT1+pX5RZjrjwbQ",
    "BACT_25ko1xXuSmaX393YqBuM4w"
  ],
  "authParameterRequired": [],
  "extensionUpdateRequired": [],
  "requestId":"11e7736d01294ac39f7376c937171445",
  "cid": "0029c316-3371-4855-a0e5-9b2770ebd8e4",
  "extensionDownloadUrl": null
}

In this case, route your user to https://ui.sharpsports.io/otp/<cid> in a popup or webview where they can enter the necessary code(s) they receive from their sportsbook account.

Once they submit the code(s) you can close the popup/webview by hooking on to /done in the URL.

Redirect URL

On a desktop website you can also have the OTP entry page redirect to a webpage of your choice rather than creating and exiting a popup.

To do this, simply pass a redirectUrl as data to any of the /refresh endpoints and the page https://ui.sharpsports.io/otp/<cid> will route to this url after the user submits their 2FA code(s).