# Create or replace the authenticator app

**PUT /api/my-account/mfa-verifications/totp**

Create or replace the user's TOTP MFA verification with a new authenticator app binding. If the user already has a TOTP verification, it will be replaced; otherwise, a new one will be created. Requires a logto-verification-id header for sensitive permission checks, a valid TOTP secret, and a valid TOTP code generated from the secret.


## Servers
- Logto endpoint address.: https://[tenant_id].logto.app (Logto endpoint address.)


## Authentication methods
- O auth2


## Parameters



### Body: application/json (object)

- **secret** (string)
  The TOTP secret for the authenticator app.
- **code** (string)
  The TOTP code generated from the secret to confirm the binding.


## Responses
### 204
The authenticator app was created or replaced successfully.

### 400
The provided secret or TOTP code is invalid.

### 401
Permission denied, identity verification is required or insufficient scope.

### 403
Forbidden


[Powered by Bump.sh](https://bump.sh)