Create TOTP secret

POST /api/experience/verification/totp/secret

Create a new TOTP verification record and generate a new TOTP secret for the user. This secret can be used to bind a new TOTP verification to the user's profile. The verification record must be verified before the secret can be used to bind a new TOTP verification to the user's profile.

Responses

  • 200 application/json

    TOTP secret successfully generated.

    Hide response attributes Show response attributes object
    • verificationId string Required

      The unique verification ID for the TOTP record. This ID is required to verify the TOTP code.

    • secret string Required

      The newly generated TOTP secret.

    • secretQrCode string Required

      A QR code image data URL for the TOTP secret. The user can scan this QR code with their TOTP authenticator app.

  • Bad Request

  • Entity not found.
    - session.identifier_not_found: The current interaction is not identified yet. All MFA verification records must be associated with a identified user.

POST /api/experience/verification/totp/secret
curl \
 -X POST https://[tenant_id].logto.app/api/experience/verification/totp/secret
Response examples (200)
{
  "verificationId": "string",
  "secret": "string",
  "secretQrCode": "string"
}