Skip to main content

Regenerate 2FA backup codes

POST 

/api/v1/auth/2fa/backup-codes

Regenerate backup codes after confirming a TOTP code.

Invalidates all previously issued backup codes. The new codes are returned exactly once and cannot be recovered later.

  • 400 if 2FA is not enabled.
  • 401 if the verification code is wrong.
  • Rate limit: 5 / 15 min / user (auth_mfa tier).

Request

Responses

Successful Response