PUT /api/my-account/mfa-verifications/totp
O auth2

Create or replace the user's TOTP MFA verification with a new authenticator app binding. If the user already has a TOTP verification, it will be replaced; otherwise, a new one will be created. Requires a logto-verification-id header for sensitive permission checks, a valid TOTP secret, and a valid TOTP code generated from the secret.

application/json

Body Required

  • secret string Required

    The TOTP secret for the authenticator app.

  • code string Required

    The TOTP code generated from the secret to confirm the binding.

Responses

  • 204

    The authenticator app was created or replaced successfully.

  • 400

    The provided secret or TOTP code is invalid.

  • 401

    Permission denied, identity verification is required or insufficient scope.

  • 403

    Forbidden

PUT /api/my-account/mfa-verifications/totp 
curl \
 --request PUT 'https://[tenant_id].logto.app/api/my-account/mfa-verifications/totp' \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: application/json" \
 --data '{"secret":"string","code":"string"}'
Request examples 
{
  "secret": "string",
  "code": "string"
}