"Two-factor authentication (also known as 2FA) is a method of confirming a user's claimed identity by utilizing a combination of two different components.", according to Wikipedia. 2FA is a quite powerful way to implement security for your web application, and make sure a user performing a request is really who they are, and not an external attacker. But how do you implement it in the context of an API ?