Verify Authenticator App Challenge

curl --request POST \ --url https://api.authsignal.com/v1/client/verify/totp \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data ' { "verificationCode": "<string>" } '

Authorizations

Authorization

string

header

required

Use a short-lived token obtained from the Server API's Track Action endpoint. The token is valid for 10 minutes and should be passed in the Authorization header as 'Bearer {token}'.

Body

application/json

verificationCode

string

required

The TOTP code inputted by the user.

Response

isVerified

boolean

required

True if the inputted TOTP is correct.

accessToken

string

A new short-term token with scopes to manage authenticators (e.g. add secondary authenticators, remove authenticators, view or regenerate recovery codes). Only present if the challenge succeeded.

failureReason

enum<string>

Available options:

CODE_INVALID_OR_EXPIRED,

MAX_ATTEMPTS_EXCEEDED