Skip to main content
POST
Verify Authenticator App Challenge

Authorizations

Authorization
string
header
required

Use a short-lived token obtained from the Server API's Track Action endpoint. The token is valid for 10 minutes and should be passed in the Authorization header as 'Bearer {token}'.

Body

application/json
verificationCode
string
required

The TOTP code inputted by the user.

Response

OK

isVerified
boolean
required

True if the inputted TOTP is correct.

accessToken
string

A new short-term token with scopes to manage authenticators (e.g. add secondary authenticators, remove authenticators, view or regenerate recovery codes). Only present if the challenge succeeded.

failureReason
enum<string>
Available options:
CODE_INVALID_OR_EXPIRED,
MAX_ATTEMPTS_EXCEEDED