MFA
Start MFA enrollment
Generates a TOTP secret, persists it encrypted with mfa_enabled still false, and returns otpauth_url plus Base32 secret for manual entry.
The SPA should render a QR code from otpauth_url locally. 409 if MFA is already fully enabled.
curl -X POST "//api/auth/mfa/enroll/begin" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_TOKEN (API token)"
import requests
import json
url = "//api/auth/mfa/enroll/begin"
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN (API token)"
}
response = requests.post(url, headers=headers)
print(response.json())
const response = await fetch("//api/auth/mfa/enroll/begin", {
method: "POST",
headers: {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN (API token)"
}
});
const data = await response.json();
console.log(data);
package main
import (
"fmt"
"net/http"
)
func main() {
req, err := http.NewRequest("POST", "//api/auth/mfa/enroll/begin", nil)
if err != nil {
panic(err)
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", "Bearer YOUR_API_TOKEN (API token)")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println("Response Status:", resp.Status)
}
require 'net/http'
require 'json'
uri = URI('//api/auth/mfa/enroll/begin')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri)
request['Content-Type'] = 'application/json'
request['Authorization'] = 'Bearer YOUR_API_TOKEN (API token)'
response = http.request(request)
puts response.body
{
"otpauth_url": "example_string",
"secret": "example_string"
}
{
"error": "Unauthorized",
"message": "Authentication required. Please provide a valid API token",
"code": 401
}
{
"error": "Conflict",
"message": "The request conflicts with the current state of the resource",
"code": 409,
"details": "Resource already exists"
}
{
"error": "Too Many Requests",
"message": "Rate limit exceeded. Please try again later",
"code": 429,
"retryAfter": 3600
}
POST
/api/auth/mfa/enroll/begin
POST
API Key (cookie: slugbase.sid)
slugbase.sidstring
RequiredSession cookie after login
Session cookie after login
Bearer Token (API token)
Bearer Tokenstring
RequiredBearer token (API token) - just enter the token, "Bearer" prefix will be added automatically
Request Preview
Response
Response will appear here after sending the request
Authentication
path
parameterstring
RequiredAPI Key for authentication. Session cookie after login
header
Authorizationstring
RequiredBearer token (API token). Authentication token required.
Responses
otpauth_urlstring
Requiredotpauth URI for QR / authenticator import (do not log in production)
secretstring
RequiredBase32 secret for manual entry
Was this page helpful?
Last updated today
Built with Documentation.AI