Manage multi-factor authentication

POST

/user/mfa

• Nhost Authentication API Server

Activate or deactivate multi-factor authentication for the authenticated user

Authorizations

• BearerAuth

Request Body ^required

TOTP verification code and MFA activation settings

Request to activate or deactivate multi-factor authentication

object

code

required

Verification code from the authenticator app when activating MFA

string

Example

123456

activeMfaType

Type of MFA to activate. Use empty string to disable MFA.

string

Allowed values: totp ""

Example

totp

Responses

200

MFA status successfully updated

string

Allowed values: OK

default

An error occurred while processing the request

Standardized error response

object

status

required

HTTP status error code

integer

Example

400

message

required

Human-friendly error message

string

Example

Invalid email format

error

required

Error code identifying the specific application error

string

Allowed values: default-role-must-be-in-allowed-roles disabled-endpoint disabled-user email-already-in-use email-already-verified forbidden-anonymous internal-server-error invalid-email-password invalid-request locale-not-allowed password-too-short password-in-hibp-database redirectTo-not-allowed role-not-allowed signup-disabled unverified-user user-not-anonymous invalid-pat invalid-refresh-token invalid-ticket disabled-mfa-totp no-totp-secret invalid-totp mfa-type-not-found totp-already-active invalid-state oauth-token-echange-failed oauth-profile-fetch-failed oauth-provider-error invalid-otp cannot-send-sms provider-account-already-linked