# Create a new Factor for the Entity

**POST /v2/Services/{ServiceSid}/Entities/{Identity}/Factors**

Create a new Factor for the Entity


## Servers
- https://verify.twilio.com: https://verify.twilio.com ()


## Authentication methods
- Account sid auth token


## Parameters

### Path parameters
- **ServiceSid** (string)
  The unique SID identifier of the Service.
- **Identity** (string)
  Customer unique identity for the Entity owner of the Factor. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.


### Body: application/x-www-form-urlencoded (object)

- **FriendlyName** (string)
  The friendly name of this Factor. This can be any string up to 64 characters, meant for humans to distinguish between Factors.
  For `factor_type` `push`, this could be a device name.
  For `factor_type` `totp`, this value is used as the “account name” in constructing the `binding.uri` property.
  At the same time, we recommend avoiding providing PII.
- **FactorType** (string)
  The Type of this Factor. Currently `push` and `totp` are supported.
- **Binding.Alg** (string)
  The algorithm used when `factor_type` is `push`. Algorithm supported: `ES256`
- **Binding.PublicKey** (string)
  The Ecdsa public key in PKIX, ASN.1 DER format encoded in Base64.

  Required when `factor_type` is `push`
- **Config.AppId** (string)
  The ID that uniquely identifies your app in the Google or Apple store, such as `com.example.myapp`. It can be up to 100 characters long.

  Required when `factor_type` is `push`.
- **Config.NotificationPlatform** (string)

- **Config.NotificationToken** (string)
  For APN, the device token. For FCM, the registration token. It is used to send the push notifications. Must be between 32 and 255 characters long.

  Required when `factor_type` is `push`.
- **Config.SdkVersion** (string)
  The Verify Push SDK version used to configure the factor

  Required when `factor_type` is `push`
- **Binding.Secret** (string)
  The shared secret for TOTP factors encoded in Base32. This can be provided when creating the Factor, otherwise it will be generated.

  Used when `factor_type` is `totp`
- **Config.TimeStep** (integer)
  Defines how often, in seconds, are TOTP codes generated. i.e, a new TOTP code is generated every time_step seconds. Must be between 20 and 60 seconds, inclusive. The default value is defined at the service level in the property `totp.time_step`. Defaults to 30 seconds if not configured.

  Used when `factor_type` is `totp`
- **Config.Skew** (integer)
  The number of time-steps, past and future, that are valid for validation of TOTP codes. Must be between 0 and 2, inclusive. The default value is defined at the service level in the property `totp.skew`. If not configured defaults to 1.

  Used when `factor_type` is `totp`
- **Config.CodeLength** (integer)
  Number of digits for generated TOTP codes. Must be between 3 and 8, inclusive. The default value is defined at the service level in the property `totp.code_length`. If not configured defaults to 6.

  Used when `factor_type` is `totp`
- **Config.Alg** (string)

- **Metadata** ()
  Custom metadata associated with the factor. This is added by the Device/SDK directly to allow for the inclusion of device information. It must be a stringified JSON with only strings values eg. `{"os": "Android"}`. Can be up to 1024 characters in length.


## Responses
### 201
Created
#### Headers
- **Access-Control-Allow-Origin** (string)
  Specify the origin(s) allowed to access the resource
- **Access-Control-Allow-Methods** (string)
  Specify the HTTP methods allowed when accessing the resource
- **Access-Control-Allow-Headers** (string)
  Specify the headers allowed when accessing the resource
- **Access-Control-Allow-Credentials** (boolean)
  Indicates whether the browser should include credentials
- **Access-Control-Expose-Headers** (string)
  Headers exposed to the client

#### Body: application/json (object)
- **sid** (string | null)
  A 34 character string that uniquely identifies this Factor.
- **account_sid** (string | null)
  The unique SID identifier of the Account.
- **service_sid** (string | null)
  The unique SID identifier of the Service.
- **entity_sid** (string | null)
  The unique SID identifier of the Entity.
- **identity** (string | null)
  Customer unique identity for the Entity owner of the Factor. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.
- **binding** ()
  Contains the `factor_type` specific secret and metadata.
  For push, this is `binding.public_key` and `binding.alg`.
  For totp, this is `binding.secret` and `binding.uri`. The `binding.uri` property is generated following the [google authenticator key URI format](https://github.com/google/google-authenticator/wiki/Key-Uri-Format), and `Factor.friendly_name` is used for the “accountname” value and `Service.friendly_name` or `Service.totp.issuer` is used for the `issuer` value.


  The Binding property is ONLY returned upon Factor creation.
- **date_created** (string(date-time) | null)
  The date that this Factor was created, given in [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) format.
- **date_updated** (string(date-time) | null)
  The date that this Factor was updated, given in [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) format.
- **friendly_name** (string | null)
  The friendly name of this Factor. This can be any string up to 64 characters, meant for humans to distinguish between Factors.
  For `factor_type` `push`, this could be a device name.
  For `factor_type` `totp`, this value is used as the “account name” in constructing the `binding.uri` property.
  At the same time, we recommend avoiding providing PII.
- **status** (string)
  The Status of this Factor. One of `unverified` or `verified`.
- **factor_type** (string)
  The Type of this Factor. Currently `push` and `totp` are supported.
- **config** ()
  An object that contains configurations specific to a `factor_type`.
- **metadata** ()
  Custom metadata associated with the factor. This is added by the Device/SDK directly to allow for the inclusion of device information. It must be a stringified JSON with only strings values eg. `{"os": "Android"}`. Can be up to 1024 characters in length.
- **url** (string(uri) | null)
  The URL of this resource.


[Powered by Bump.sh](https://bump.sh)