--- title: MFA API path: reference/api/mfa status: published --- # MFA API Reference for the `MFA` endpoint group — 11 endpoints. Generated from the live OpenAPI spec. Re-run `_generate_api_reference.py` after backend changes. ## Authentication All endpoints require a Bearer JWT in the `Authorization` header unless noted otherwise. See [Concepts → Tokens and scopes](/docs/scaikey/concepts/tokens-and-scopes) and [Reference → OAuth endpoints](/docs/scaikey/reference/oauth-endpoints) for how to obtain one. ## Endpoints ### **GET** `/api/v1/me/mfa` _List Mfa Methods_ List all MFA devices/methods for the current user. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `authorization` | header | no | `string` \| `null` | | **Responses:** | Status | Body | |---|---| | `200` | `application/json` → object | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **POST** `/api/v1/me/mfa/backup-codes/regenerate` _Regenerate Backup Codes_ Regenerate backup codes (requires current TOTP code). **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `authorization` | header | no | `string` \| `null` | | **Request body:** Required. - `application/json` → [`RegenerateBackupCodesRequest`](#schema-regeneratebackupcodesrequest) **Responses:** | Status | Body | |---|---| | `200` | `application/json` → object | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **POST** `/api/v1/me/mfa/email/confirm` _Confirm Email Mfa_ Confirm email MFA setup with the code sent to the user's email. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `authorization` | header | no | `string` \| `null` | | **Request body:** Required. - `application/json` → [`EmailMFAConfirmRequest`](#schema-emailmfaconfirmrequest) **Responses:** | Status | Body | |---|---| | `200` | `application/json` → object | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **POST** `/api/v1/me/mfa/email/disable` _Disable Email Mfa_ Disable email MFA. Requires current TOTP code for verification. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `authorization` | header | no | `string` \| `null` | | **Request body:** Required. - `application/json` → [`DisableEmailMFARequest`](#schema-disableemailmfarequest) **Responses:** | Status | Body | |---|---| | `200` | `application/json` → object | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **POST** `/api/v1/me/mfa/email/enable` _Enable Email Mfa_ Enable email-based MFA. Sends a verification code to the user's email. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `authorization` | header | no | `string` \| `null` | | **Responses:** | Status | Body | |---|---| | `200` | `application/json` → object | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **POST** `/api/v1/me/mfa/totp/confirm` _Confirm Totp_ Confirm TOTP setup with a code from the authenticator app. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `authorization` | header | no | `string` \| `null` | | **Request body:** Required. - `application/json` → [`ConfirmTotpRequest`](#schema-confirmtotprequest) **Responses:** | Status | Body | |---|---| | `200` | `application/json` → object | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **POST** `/api/v1/me/mfa/totp/disable` _Disable Totp_ Disable TOTP MFA. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `authorization` | header | no | `string` \| `null` | | **Request body:** Required. - `application/json` → [`DisableTotpRequest`](#schema-disabletotprequest) **Responses:** | Status | Body | |---|---| | `200` | `application/json` → object | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **POST** `/api/v1/me/mfa/totp/enable` _Enable Totp_ Begin TOTP setup - returns secret and QR code. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `authorization` | header | no | `string` \| `null` | | **Responses:** | Status | Body | |---|---| | `200` | `application/json` → object | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **POST** `/api/v1/me/mfa/webauthn/register/begin` _Begin Webauthn Registration_ Begin WebAuthn security key registration. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `authorization` | header | no | `string` \| `null` | | **Responses:** | Status | Body | |---|---| | `200` | `application/json` → object | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **POST** `/api/v1/me/mfa/webauthn/register/complete` _Complete Webauthn Registration_ Complete WebAuthn security key registration. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `authorization` | header | no | `string` \| `null` | | **Request body:** Required. - `application/json` → [`WebAuthnConfirmRequest`](#schema-webauthnconfirmrequest) **Responses:** | Status | Body | |---|---| | `200` | `application/json` → object | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ### **DELETE** `/api/v1/me/mfa/webauthn/{device_id}` _Remove Webauthn Device_ Remove a WebAuthn security key. **Parameters:** | Name | In | Required | Type | Description | |---|---|---|---|---| | `device_id` | path | yes | `string` | | | `authorization` | header | no | `string` \| `null` | | **Responses:** | Status | Body | |---|---| | `200` | `application/json` → object | | `422` | `application/json` → [`HTTPValidationError`](#schema-httpvalidationerror) | --- ## Schemas Definitions for every type referenced by the endpoints above. Schema-to-schema references on this page link within the page; cross-page references would require visiting the linked page. ### `ConfirmTotpRequest` Request to confirm TOTP setup. | Field | Type | Required | Description | |---|---|---|---| | `code` | `string` | yes | | ### `DisableEmailMFARequest` | Field | Type | Required | Description | |---|---|---|---| | `code` | `string` | yes | | ### `DisableTotpRequest` Request to disable TOTP. | Field | Type | Required | Description | |---|---|---|---| | `code` | `string` | yes | | ### `EmailMFAConfirmRequest` | Field | Type | Required | Description | |---|---|---|---| | `code` | `string` | yes | | ### `HTTPValidationError` | Field | Type | Required | Description | |---|---|---|---| | `detail` | array of [`ValidationError`](#schema-validationerror) | no | | ### `RegenerateBackupCodesRequest` Request to regenerate backup codes. | Field | Type | Required | Description | |---|---|---|---| | `code` | `string` | yes | | ### `ValidationError` | Field | Type | Required | Description | |---|---|---|---| | `loc` | array of `string` \| `integer` | yes | | | `msg` | `string` | yes | | | `type` | `string` | yes | | ### `WebAuthnConfirmRequest` | Field | Type | Required | Description | |---|---|---|---| | `device_id` | `string` | yes | | | `challenge_id` | `string` | yes | | | `credential` | object | yes | |