/api/user/mfa/totp
Info
Requires authentication
GET Get totp secret or qr code
200 Ok (JSON)
Field Name | Type | Description |
---|---|---|
secret | string | The TOTP Secret, can be manually entered into 2fa apps, etc. |
{"secret": "DLKCHDVWIGYWEFQHOFUH"}
If the user doesn't have a totpSecret already set then it will create one, and also generate a QR code to use for scanning in apps.
Field Name | Type | Description |
---|---|---|
secret | string | The TOTP Secret, can be manually entered into 2fa apps, etc. |
data_url | string | The base64 data url containing a qr code |
{"secret": "DJHSOUIGS98EHGOADSJH","data_url": "data:image/png;base64,..."}
401 Forbidden (JSON)
totp is disabled
-MFA_TOTP_ENABLED
is set tofalse
, therefore you cannot access this resource.
POST Verify totp code
Body (JSON)
Field Name | Type | Description |
---|---|---|
code | string | The TOTP code to verify |
secret | string | The TOTP secret to verify against |
200 Ok (JSON)
Returns a user object
400 Bad Request (JSON)
no code
- No TOTP code was provided.no secret
- No TOTP secret was provided.invalid code (code.length != 6)
- The TOTP code provided is not 6 characters long.Invalid code
- The TOTP code provided is invalid.totp already registered
- The user already has TOTP enabled.
401 Forbidden (JSON)
totp is disabled
-MFA_TOTP_ENABLED
is set tofalse
, therefore you cannot access this resource.
Last updated: 3/3/2024
Edit this page on GitHub