Security_Protocol Documentation
Comprehensive guide to GOBERIN's multi-layered authentication infrastructure, including email verification, administrative SMTP configurations, and multi-factor authorization.
Email Verification System
User Registration Flow
Accounts are created with INACTIVE status and isEmailVerified: 0.
An automated verification signal containing a unique 32-character token is dispatched to the user's registry.
Upon token validation, account status transitions to ACTIVE.
Admin Configuration
Admins can customize the verification matrix via Settings > System Config:
- SMTP Host, Port, and Credentials
- Customemail_verification_url
Placeholder Node: Use {{token}} to inject the verification logic into your custom URL.
Multi-Factor Authentication (2FA)
Stage 1: Login
If 2FA is active, standard credentials yield a tempToken. Access is restricted until Phase 2 validation is complete.
Stage 2: Verification
Users provide a 6-digit TOTP code generated by synchronized authenticators to finalize the session handshake.
Sensitive Action Protect
High-risk operations (API Key generation, Config changes) trigger a dedicated 2FA modal for immediate authorization.
Deployment Sequence
Follow these vectors to activate your Security Layer Alpha.
Generate Seed
Initialize setup in Profile > Security to receive your unique TOTP secret and QR matrix.
Sync Device
Scan the QR code with Google Authenticator, Authy, or any compatible protocol.
Dual Verification
Request an Email OTP and pair it with your first TOTP code to anchor the synchronization.
Activation
Confirm the handshake to activate global multi-factor protection across the node.
Advanced API Authorization
Required Headers
Bearer {token}6-Digit TOTPIntegration Note
Automated integrations using API Keys bypass standard login 2FA but still require X-2FA-Code for operations that modify core configurations.