Create 2FA Setup
GET /user/2FA/create
Generates a new 2FA secret and QR code URL for the user to scan with an authenticator app (e.g. Google Authenticator).
connected
Response
| Field | Type | Description |
|---|---|---|
qrCode | string | URL of the QR code image to scan with an authenticator app |
base32 | string | Base32-encoded secret key (for manual entry) |
key | string | Random key component used for secret generation |
Save the
key and base32 values — they are needed to validate and activate 2FA in the next step.Validate & Activate 2FA
POST /user/2FA/validate
Validates a TOTP code against the generated secret and activates 2FA on the account. Requires a backup email address.
connected
Body Parameters
The
key value returned from the create 2FA endpoint.The 6-digit TOTP code from the authenticator app.
Backup email address for 2FA recovery.
| Status | Message |
|---|---|
error | Invalid email |
error | Invalid code |
error | Missing post parameters |
Request 2FA Reset
POST /user/reset2FA/ask
Sends a 2FA reset code to the user’s backup email address. This is the first step of the 2FA reset process.
connected
Response
| Status | Message |
|---|---|
error | 2FA is not activated |
error | No 2FA email found for this user |
error | Failed to send email |
Validate 2FA Reset
POST /user/reset2FA/validate
Validates the 2FA reset code received by email and removes 2FA from the account.
connected
Body Parameters
The 6-digit reset code sent to the backup email. Can also be an array of individual digits.
| Status | Message |
|---|---|
error | 2FA is not activated |
error | Invalid reset code |
error | Failed to remove 2FA |
error | Missing code parameter |