Two-Factor Authentication

Create 2FA

GET /user/2FA/create

Permission: Connected + API Generates a new 2FA secret and QR code for the user to set up two-factor authentication.

Response

{
  "status": "success",
  "data": {
    "qrCode": "https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=...",
    "base32": "JBSWY3DPEHPK3PXP",
    "key": "randomGeneratedKey123"
  }
}

Response Fields

Field	Type	Description
`qrCode`	string	QR code URL for scanning with authenticator app
`base32`	string	TOTP secret key (for manual entry)
`key`	string	Random key component

Validate 2FA

POST /user/2FA/validate

Permission: Connected + API Validates a 2FA code and enables 2FA for the account (if setting up) or validates 2FA for the current session.

Body Parameters

code

string

required

6-digit TOTP code from authenticator app

secret

string

required

The secret key received from /user/2FA/create

string

required

Backup email for 2FA recovery

Request Example

{
  "code": "123456",
  "secret": "randomGeneratedKey123",
  "email": "[email protected]"
}

Response

Success

{
  "status": "success",
  "data": "2FA activated"
}

Error Responses

Status	Message	Description
`error`	Invalid code	The provided code is incorrect or expired
`error`	2FA not set up	User hasn’t initiated 2FA setup
`error`	Backup code already used	This backup code has been used before

2FA validation is required for sensitive operations like changing email, cashouts, and API key generation. The validation lasts for the current session or 1 hour, whichever is shorter.

Request 2FA reset

POST /user/reset2FA/ask

Permission: Connected + API Initiates a 2FA reset request. A verification email will be sent to the user’s registered email address.

Body Parameters

reason

string

Optional reason for the reset request

Request Example

{
  "reason": "Lost access to authenticator app"
}

Response

Success

{
  "status": "success",
  "data": {
    "requestId": 98765,
    "emailSent": true,
    "expiresAt": "1706835600",
    "message": "Verification email sent. The reset link expires in 24 hours."
  }
}

2FA reset requests are logged and reviewed. Abuse of this system may result in account restrictions.

Validate 2FA reset

POST /user/reset2FA/validate

Permission: Connected + API Completes a 2FA reset using the verification code sent to email.

Body Parameters

code

string

required

Verification code from email

requestId

integer

required

Reset request ID from the reset request

Request Example

{
  "code": "ABCD1234",
  "requestId": 98765
}

Response

Success

{
  "status": "success",
  "data": {
    "twoFactorEnabled": false,
    "message": "Two-factor authentication has been disabled. You can set it up again from your account settings."
  }
}

Error Responses

Status	Message	Description
`error`	Invalid or expired code	The verification code is incorrect or has expired
`error`	Request not found	Invalid request ID
`error`	Too many attempts	Too many failed validation attempts

After a successful 2FA reset, we strongly recommend setting up 2FA again as soon as possible to keep your account secure.

Getting Started

🛒 Buyer - Purchasing

🛒 Buyer - Inventory

💰 Seller - Listing

💰 Seller - Sales & Cashout

🔄 Trading (Buyer & Seller)

👤 User Account

📊 Public & Utilities

Create 2FA

Response

Response Fields

Validate 2FA

Body Parameters

Request Example

Response

Error Responses

Request 2FA reset

Body Parameters

Request Example

Response

Validate 2FA reset

Body Parameters

Request Example

Response

Error Responses

Getting Started

🛒 Buyer - Purchasing

🛒 Buyer - Inventory

💰 Seller - Listing

💰 Seller - Sales & Cashout

🔄 Trading (Buyer & Seller)

👤 User Account

📊 Public & Utilities

​Create 2FA

​Response

​Response Fields

​Validate 2FA

​Body Parameters

​Request Example

​Response

​Error Responses

​Request 2FA reset

​Body Parameters

​Request Example

​Response

​Validate 2FA reset

​Body Parameters

​Request Example

​Response

​Error Responses

Create 2FA

Response

Response Fields

Validate 2FA

Body Parameters

Request Example

Response

Error Responses

Request 2FA reset

Body Parameters

Request Example

Response

Validate 2FA reset

Body Parameters

Request Example

Response

Error Responses