Body
application/json
MFA ticket and TOTP code for multi-factor authentication verification
Response
MFA verification successful, session created
Container for session information
User authentication session containing tokens and user information
Backend Services
- GET/.well-known/jwks.json
- POST/elevate/webauthn
- POST/elevate/webauthn/verify
- HEAD/healthz
- GET/healthz
- POST/link/idtoken
- GET/mfa/totp/generate
- POST/pat
- POST/signin/anonymous
- POST/signin/email-password
- POST/signin/idtoken
- POST/signin/mfa/totp
- POST/signin/otp/email
- POST/signin/otp/email/verify
- POST/signin/passwordless/email
- POST/signin/passwordless/sms
- POST/signin/passwordless/sms/otp
- POST/signin/pat
- GET/signin/provider/{provider}
- GET/signin/provider/{provider}/callback
- POST/signin/provider/{provider}/callback
- POST/signin/webauthn
- POST/signin/webauthn/verify
- POST/signout
- POST/signup/email-password
- POST/signup/webauthn
- POST/signup/webauthn/verify
- POST/token
- POST/token/verify
- GET/user
- POST/user/deanonymize
- POST/user/email/change
- POST/user/email/send-verification-email
- POST/user/mfa
- POST/user/password
- POST/user/password/reset
- POST/user/webauthn/add
- POST/user/webauthn/verify
- GET/verify
- GET/version
- GET
Client Libraries
Client Libraries (deprecated)
Verify TOTP for MFA
Copy
Ask AI
curl --request POST \
--url https://{subdomain}.auth.{region}.nhost.run/v1/signin/mfa/totp \
--header 'Content-Type: application/json' \
--data '{
"ticket": "<string>",
"otp": "<string>"
}'Copy
Ask AI
{
"session": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"accessTokenExpiresIn": 900,
"refreshTokenId": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"refreshToken": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"user": {
"avatarUrl": "https://myapp.com/avatars/user123.jpg",
"createdAt": "2023-01-15T12:34:56Z",
"defaultRole": "user",
"displayName": "John Smith",
"email": "john.smith@nhost.io",
"emailVerified": true,
"id": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"isAnonymous": false,
"locale": "en",
"metadata": {
"firstName": "John",
"lastName": "Smith"
},
"phoneNumber": "+12025550123",
"phoneNumberVerified": false,
"roles": [
"user",
"customer"
],
"activeMfaType": "<string>"
}
}
}Authentication
verifySignInMfaTotp
Complete the multi-factor authentication by verifying a Time-based One-Time Password (TOTP). Returns a session if validation is successful.
POST
/
signin
/
mfa
/
totp
Verify TOTP for MFA
Copy
Ask AI
curl --request POST \
--url https://{subdomain}.auth.{region}.nhost.run/v1/signin/mfa/totp \
--header 'Content-Type: application/json' \
--data '{
"ticket": "<string>",
"otp": "<string>"
}'Copy
Ask AI
{
"session": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"accessTokenExpiresIn": 900,
"refreshTokenId": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"refreshToken": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"user": {
"avatarUrl": "https://myapp.com/avatars/user123.jpg",
"createdAt": "2023-01-15T12:34:56Z",
"defaultRole": "user",
"displayName": "John Smith",
"email": "john.smith@nhost.io",
"emailVerified": true,
"id": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
"isAnonymous": false,
"locale": "en",
"metadata": {
"firstName": "John",
"lastName": "Smith"
},
"phoneNumber": "+12025550123",
"phoneNumberVerified": false,
"roles": [
"user",
"customer"
],
"activeMfaType": "<string>"
}
}
}Was this page helpful?
⌘I