Skip to main content
POST
/
user
/
mfa
Manage multi-factor authentication
curl --request POST \
  --url https://{subdomain}.auth.{region}.nhost.run/v1/user/mfa \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "code": "123456",
  "activeMfaType": "totp"
}'
"OK"

Authorizations

Authorization
string
header
required

Bearer authentication with JWT access token. Used to authenticate requests to protected endpoints.

Body

application/json

TOTP verification code and MFA activation settings

Request to activate or deactivate multi-factor authentication

code
string
required

Verification code from the authenticator app when activating MFA

Example:

"123456"

activeMfaType
enum<string>

Type of MFA to activate. Use empty string to disable MFA.

Available options:
totp,
Example:

"totp"

Response

MFA status successfully updated

The response is of type enum<string>.

Available options:
OK
I