MFA enrollment status
Whether TOTP MFA is enabled and when it was enrolled. No secrets.
curl -X GET "//api/auth/mfa/status" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_TOKEN (JWT or sb_ API token)"
import requests
import json
url = "//api/auth/mfa/status"
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN (JWT or sb_ API token)"
}
response = requests.get(url, headers=headers)
print(response.json())
const response = await fetch("//api/auth/mfa/status", {
method: "GET",
headers: {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN (JWT or sb_ API token)"
}
});
const data = await response.json();
console.log(data);
package main
import (
"fmt"
"net/http"
)
func main() {
req, err := http.NewRequest("GET", "//api/auth/mfa/status", nil)
if err != nil {
panic(err)
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", "Bearer YOUR_API_TOKEN (JWT or sb_ API token)")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println("Response Status:", resp.Status)
}
require 'net/http'
require 'json'
uri = URI('//api/auth/mfa/status')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Get.new(uri)
request['Content-Type'] = 'application/json'
request['Authorization'] = 'Bearer YOUR_API_TOKEN (JWT or sb_ API token)'
response = http.request(request)
puts response.body
{
"enabled": true,
"enrolled_at": "example_string"
}
{
"error": "Unauthorized",
"message": "Authentication required. Please provide a valid API token",
"code": 401
}
GET
/api/auth/mfa/status
GET
Bearer Token (JWT or sb_ API token)
Bearer Tokenstring
RequiredUse Authorization: Bearer <token>. Personal API tokens from Profile use the sb_ prefix.
You may also send the access JWT as Bearer (same value as the token cookie after login).
Use
Authorization: Bearer <token>. Personal API tokens from Profile use the sb_ prefix.
You may also send the access JWT as Bearer (same value as the token cookie after login).
Request Preview
Response
Response will appear here after sending the request
Authentication
header
Authorizationstring
RequiredBearer token (JWT or sb_ API token). Use Authorization: Bearer \<token\>. Personal API tokens from Profile use the sb_ prefix.
You may also send the access JWT as Bearer (same value as the token cookie after login).
Responses
enabledboolean
enrolled_atstring
ISO timestamp when MFA was enabled, if applicable
errorstring
Was this page helpful?
Last updated Apr 17, 2026
Built with Documentation.AI