MFA

Regenerate backup codes

Same trust bar as disable — invalidates all previous backup codes.

curl -X POST "//api/auth/mfa/backup/regenerate" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_API_TOKEN (API token)" \
  -d '{
  "code": "example_string",
  "password": "example_string"
}'

import requests
import json

url = "//api/auth/mfa/backup/regenerate"
headers = {
  "Content-Type": "application/json",
  "Authorization": "Bearer YOUR_API_TOKEN (API token)"
}
data = {
  "code": "example_string",
  "password": "example_string"
}

response = requests.post(url, headers=headers, json=data)
print(response.json())

const response = await fetch("//api/auth/mfa/backup/regenerate", {
  method: "POST",
  headers: {
  "Content-Type": "application/json",
  "Authorization": "Bearer YOUR_API_TOKEN (API token)"
},
  body: JSON.stringify({
  "code": "example_string",
  "password": "example_string"
})
});

const data = await response.json();
console.log(data);

package main

import (
    "fmt"
    "net/http"
    "bytes"
    "encoding/json"
)

func main() {
    data := []byte(`{
  "code": "example_string",
  "password": "example_string"
}`)

    req, err := http.NewRequest("POST", "//api/auth/mfa/backup/regenerate", bytes.NewBuffer(data))
    if err != nil {
        panic(err)
    }

    req.Header.Set("Content-Type", "application/json")
    req.Header.Set("Authorization", "Bearer YOUR_API_TOKEN (API token)")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
        panic(err)
    }
    defer resp.Body.Close()

    fmt.Println("Response Status:", resp.Status)
}

require 'net/http'
require 'json'

uri = URI('//api/auth/mfa/backup/regenerate')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true

request = Net::HTTP::Post.new(uri)
request['Content-Type'] = 'application/json'
request['Authorization'] = 'Bearer YOUR_API_TOKEN (API token)'
request.body = '{
  "code": "example_string",
  "password": "example_string"
}'

response = http.request(request)
puts response.body

{
  "backup_codes": [
    "example_string"
  ]
}

{
  "error": "Bad Request",
  "message": "The request contains invalid parameters or malformed data",
  "code": 400,
  "details": [
    {
      "field": "email",
      "message": "Invalid email format"
    }
  ]
}

POST

/api/auth/mfa/backup/regenerate

POST

API Key (cookie: slugbase.sid)

slugbase.sidstring

Required

Session cookie after login

Bearer Token (API token)

Bearer Tokenstring

Required

Bearer token (API token) - just enter the token, "Bearer" prefix will be added automatically

Content-Typestring

Required

The media type of the request body

Options: application/json

codestring

Required

TOTP or unused backup code

passwordstring

Required when the user has a local password (omit for OIDC-only)

Request Preview

Response

Response will appear here after sending the request

Authentication

path

parameterstring

Required

API Key for authentication. Session cookie after login

header

Authorizationstring

Required

Bearer token (API token). Authentication token required.

Body

application/json

codestring

Required

TOTP or unused backup code

passwordstring

Required when the user has a local password (omit for OIDC-only)

Responses

backup_codesstring[]

Required

One-time codes; shown once

Was this page helpful?

Last updated today

Built with Documentation.AI

curl -X POST "//api/auth/mfa/backup/regenerate" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_API_TOKEN (API token)" \ -d '{ "code": "example_string", "password": "example_string" }'