Verify TOTP MFA code

POST /api/my-account/mfa-verifications/totp/verify
O auth2

Verify a TOTP code using the user's existing TOTP MFA factor. This endpoint is used to authenticate the user with their configured TOTP device.

application/json

Body Required

  • code string Required

    The 6-digit TOTP code from the user's authenticator app.

    Minimum length is 6, maximum length is 6.

Responses

  • 204

    The TOTP code was verified successfully.

  • 400

    The request body is invalid.

  • 401

    Permission denied, insufficient scope or MFA field not enabled.

  • 403

    Forbidden

  • 422

    The TOTP code is invalid or the user does not have a TOTP factor configured.

POST /api/my-account/mfa-verifications/totp/verify 
curl \
 --request POST 'https://[tenant_id].logto.app/api/my-account/mfa-verifications/totp/verify' \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: application/json" \
 --data '{"code":"string"}'
Request examples 
{
  "code": "string"
}