MFA API
Reference for the MFA endpoint group — 11 endpoints.
Generated from the live OpenAPI spec. Re-run _generate_api_reference.py after backend changes.
Authentication#
All endpoints require a Bearer JWT in the Authorization header unless noted otherwise. See Concepts → Tokens and scopes and Reference → OAuth endpoints for how to obtain one.
Endpoints#
GET /api/v1/me/mfa#
List Mfa Methods
List all MFA devices/methods for the current user.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
authorization |
header | no | string | null |
Responses:
| Status | Body |
|---|---|
200 |
application/json → object |
422 |
application/json → HTTPValidationError |
POST /api/v1/me/mfa/backup-codes/regenerate#
Regenerate Backup Codes
Regenerate backup codes (requires current TOTP code).
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
authorization |
header | no | string | null |
Request body:
Required.
application/json→RegenerateBackupCodesRequest
Responses:
| Status | Body |
|---|---|
200 |
application/json → object |
422 |
application/json → HTTPValidationError |
POST /api/v1/me/mfa/email/confirm#
Confirm Email Mfa
Confirm email MFA setup with the code sent to the user's email.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
authorization |
header | no | string | null |
Request body:
Required.
application/json→EmailMFAConfirmRequest
Responses:
| Status | Body |
|---|---|
200 |
application/json → object |
422 |
application/json → HTTPValidationError |
POST /api/v1/me/mfa/email/disable#
Disable Email Mfa
Disable email MFA. Requires current TOTP code for verification.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
authorization |
header | no | string | null |
Request body:
Required.
application/json→DisableEmailMFARequest
Responses:
| Status | Body |
|---|---|
200 |
application/json → object |
422 |
application/json → HTTPValidationError |
POST /api/v1/me/mfa/email/enable#
Enable Email Mfa
Enable email-based MFA. Sends a verification code to the user's email.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
authorization |
header | no | string | null |
Responses:
| Status | Body |
|---|---|
200 |
application/json → object |
422 |
application/json → HTTPValidationError |
POST /api/v1/me/mfa/totp/confirm#
Confirm Totp
Confirm TOTP setup with a code from the authenticator app.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
authorization |
header | no | string | null |
Request body:
Required.
application/json→ConfirmTotpRequest
Responses:
| Status | Body |
|---|---|
200 |
application/json → object |
422 |
application/json → HTTPValidationError |
POST /api/v1/me/mfa/totp/disable#
Disable Totp
Disable TOTP MFA.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
authorization |
header | no | string | null |
Request body:
Required.
application/json→DisableTotpRequest
Responses:
| Status | Body |
|---|---|
200 |
application/json → object |
422 |
application/json → HTTPValidationError |
POST /api/v1/me/mfa/totp/enable#
Enable Totp
Begin TOTP setup - returns secret and QR code.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
authorization |
header | no | string | null |
Responses:
| Status | Body |
|---|---|
200 |
application/json → object |
422 |
application/json → HTTPValidationError |
POST /api/v1/me/mfa/webauthn/register/begin#
Begin Webauthn Registration
Begin WebAuthn security key registration.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
authorization |
header | no | string | null |
Responses:
| Status | Body |
|---|---|
200 |
application/json → object |
422 |
application/json → HTTPValidationError |
POST /api/v1/me/mfa/webauthn/register/complete#
Complete Webauthn Registration
Complete WebAuthn security key registration.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
authorization |
header | no | string | null |
Request body:
Required.
application/json→WebAuthnConfirmRequest
Responses:
| Status | Body |
|---|---|
200 |
application/json → object |
422 |
application/json → HTTPValidationError |
DELETE /api/v1/me/mfa/webauthn/{device_id}#
Remove Webauthn Device
Remove a WebAuthn security key.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
device_id |
path | yes | string |
|
authorization |
header | no | string | null |
Responses:
| Status | Body |
|---|---|
200 |
application/json → object |
422 |
application/json → HTTPValidationError |
Schemas#
Definitions for every type referenced by the endpoints above. Schema-to-schema references on this page link within the page; cross-page references would require visiting the linked page.
ConfirmTotpRequest#
Request to confirm TOTP setup.
| Field | Type | Required | Description |
|---|---|---|---|
code |
string |
yes |
DisableEmailMFARequest#
| Field | Type | Required | Description |
|---|---|---|---|
code |
string |
yes |
DisableTotpRequest#
Request to disable TOTP.
| Field | Type | Required | Description |
|---|---|---|---|
code |
string |
yes |
EmailMFAConfirmRequest#
| Field | Type | Required | Description |
|---|---|---|---|
code |
string |
yes |
HTTPValidationError#
| Field | Type | Required | Description |
|---|---|---|---|
detail |
array of ValidationError |
no |
RegenerateBackupCodesRequest#
Request to regenerate backup codes.
| Field | Type | Required | Description |
|---|---|---|---|
code |
string |
yes |
ValidationError#
| Field | Type | Required | Description |
|---|---|---|---|
loc |
array of string | integer |
yes | |
msg |
string |
yes | |
type |
string |
yes |
WebAuthnConfirmRequest#
| Field | Type | Required | Description |
|---|---|---|---|
device_id |
string |
yes | |
challenge_id |
string |
yes | |
credential |
object | yes |