Skip to main content

Two-Factor Authentication (2FA)

Endpoints for setting up and using TOTP-based 2FA.

Setup (get secret / QR)

POST /api/Authentication/setup-2fa
Authorization: Bearer {token}

Returns a shared secret (and optionally QR code data) for the user to add to an authenticator app.

Enable 2FA

After the user has configured the app and obtained a code:

POST /api/Authentication/enable-2fa
Authorization: Bearer {token}
Content-Type: application/json

{
  "code": "123456"
}

When login response indicates 2FA is required (e.g. requiresTwoFactor: true), submit the code:

POST /api/Authentication/verify-2fa
Content-Type: application/json

{
  "userId": "user-guid",
  "code": "123456"
}

Returns token and user info on success.

Disable 2FA

POST /api/Authentication/disable-2fa
Authorization: Bearer {token}
Content-Type: application/json

{
  "password": "current-password",
  "code": "123456"
}

Setup (get secret / QR)
Enable 2FA
Verify 2FA (at login)
Disable 2FA
Related