diff --git a/parkings/api/auth/urls.py b/parkings/api/auth/urls.py
new file mode 100644
index 00000000..f1126559
--- /dev/null
+++ b/parkings/api/auth/urls.py
@@ -0,0 +1,10 @@
+import drf_jwt_2fa.urls
+from django.conf.urls import include, url
+
+v1_urlpatterns = [
+    url(r'^', include(drf_jwt_2fa.urls, namespace='auth')),
+]
+
+urlpatterns = [
+    url(r'^', include(v1_urlpatterns, namespace='v1')),
+]
diff --git a/parkkihubi/settings.py b/parkkihubi/settings.py
index 47242753..914892e1 100644
--- a/parkkihubi/settings.py
+++ b/parkkihubi/settings.py
@@ -153,6 +153,7 @@
 vars().update(env.email_url(
     default=('consolemail://' if DEBUG else 'smtp://localhost:25')
 ))
+DEFAULT_FROM_EMAIL = 'no-reply.parkkihubi@fiupparkp01.anders.fi'
 
 #########################
 # Django REST Framework #
@@ -165,6 +166,7 @@
     ],
     'DEFAULT_AUTHENTICATION_CLASSES': [
         'parkings.authentication.ApiKeyAuthentication',
+        'drf_jwt_2fa.authentication.Jwt2faAuthentication',
     ] + ([  # Following two are only for DEBUG mode in dev environment:
         'rest_framework.authentication.SessionAuthentication',
         'rest_framework.authentication.BasicAuthentication',
@@ -178,6 +180,24 @@
     'TEST_REQUEST_DEFAULT_FORMAT': 'json',
 }
 
+JWT_AUTH = {
+    'JWT_EXPIRATION_DELTA': timedelta(minutes=30),
+    'JWT_ALLOW_REFRESH': True,
+    'JWT_REFRESH_EXPIRATION_DELTA': timedelta(days=7),
+}
+
+JWT2FA_AUTH = {
+    'CODE_TOKEN_THROTTLE_RATE': '5/15m',
+    'AUTH_TOKEN_RETRY_WAIT_TIME': timedelta(seconds=10),
+    'EMAIL_SENDER_SUBJECT_OVERRIDE': '{code} - Varmennuskoodisi',
+    'EMAIL_SENDER_BODY_OVERRIDE': (
+        'Hei!\n'
+        '\n'
+        'Varmennuskoodisi kirjautumista varten on: {code}\n'
+        '\n'
+        't. Parkkihubi'),
+}
+
 CORS_ORIGIN_ALLOW_ALL = True
 
 ##############
diff --git a/parkkihubi/urls.py b/parkkihubi/urls.py
index a62a91eb..bb6c4f44 100644
--- a/parkkihubi/urls.py
+++ b/parkkihubi/urls.py
@@ -2,12 +2,15 @@
 from django.conf.urls import include, url
 from django.contrib import admin
 
+from parkings.api.auth import urls as auth_urls
 from parkings.api.enforcement import urls as enforcement_urls
 from parkings.api.monitoring import urls as monitoring_urls
 from parkings.api.operator import urls as operator_urls
 from parkings.api.public import urls as public_urls
 
-urlpatterns = []
+urlpatterns = [
+    url(r'^auth/v1/', include(auth_urls, namespace='auth')),
+]
 
 if getattr(settings, 'PARKKIHUBI_PUBLIC_API_ENABLED', False):
     urlpatterns.append(url(r'^public/v1/', include(public_urls, namespace='public')))
diff --git a/requirements.in b/requirements.in
index 19bbef0c..12534c41 100644
--- a/requirements.in
+++ b/requirements.in
@@ -14,6 +14,7 @@ psycopg2
 djangorestframework
 djangorestframework-gis
 django-filter
+drf-jwt-2fa
 
 # XML parsing
 lxml
diff --git a/requirements.txt b/requirements.txt
index 89f0c18c..2c4e0b4b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,10 +10,13 @@ django-environ==0.4.4
 django-filter==1.1.0
 djangorestframework==3.7.7
 djangorestframework-gis==0.12
+djangorestframework-jwt==1.11.0  # via drf-jwt-2fa
+drf-jwt-2fa==0.3.0
 idna==2.6                 # via requests
 lxml==4.1.1
 owslib==0.16.0
 psycopg2==2.7.3.2
+pyjwt==1.5.3              # via djangorestframework-jwt
 pyproj==1.9.5.1           # via owslib
 python-dateutil==2.6.1    # via owslib
 pytz==2017.3