Skip to main content

Confirm 2FA enrolment

POST 

/api/v1/auth/2fa/verify

Confirm 2FA enrolment with a TOTP code and receive backup codes.

On success flips totp_enabled=true and returns one-time backup codes these are returned exactly once and cannot be recovered later.

  • 400 if no setup is in progress, or 2FA is already enabled.
  • 401 if the verification code is wrong.
  • Rate limit: 5 / 15 min / user (auth_mfa tier).

Request

Responses

Successful Response