API Reference/api/user/api/user/mfa/api/user/mfa/totp

/api/user/mfa/totp

Info

GET
Get totp secret or qr code

200
Ok (JSON)

Field NameTypeDescription
secretstringThe TOTP Secret, can be manually entered into 2fa apps, etc.
{
"secret": "DLKCHDVWIGYWEFQHOFUH"
}

If the user doesn't have a totpSecret already set then it will create one, and also generate a QR code to use for scanning in apps.

Field NameTypeDescription
secretstringThe TOTP Secret, can be manually entered into 2fa apps, etc.
data_urlstringThe base64 data url containing a qr code
{
"secret": "DJHSOUIGS98EHGOADSJH",
"data_url": "data:image/png;base64,..."
}

401
Forbidden (JSON)

  • totp is disabled - MFA_TOTP_ENABLED is set to false, therefore you cannot access this resource.

POST
Verify totp code

Body (JSON)

Field NameTypeDescription
codestringThe TOTP code to verify
secretstringThe TOTP secret to verify against

200
Ok (JSON)

Returns a user object

400
Bad Request (JSON)

  • no code - No TOTP code was provided.
  • no secret - No TOTP secret was provided.
  • invalid code (code.length != 6) - The TOTP code provided is not 6 characters long.
  • Invalid code - The TOTP code provided is invalid.
  • totp already registered - The user already has TOTP enabled.

401
Forbidden (JSON)

  • totp is disabled - MFA_TOTP_ENABLED is set to false, therefore you cannot access this resource.
Last updated: 3/3/2024
Edit this page on GitHub