Create TOTP secret

POST /api/experience/verification/totp/secret

Create a new TOTP verification record and generate a new TOTP secret for the user. This secret can be used to bind a new TOTP verification to the user's profile. The verification record must be verified before the secret can be used to bind a new TOTP verification to the user's profile.

Responses

200 application/json

TOTP secret successfully generated.
Hide response attributes Show response attributes object
- verificationId string Required
  
  The unique verification ID for the TOTP record. This ID is required to verify the TOTP code.
- secret string Required
  
  The newly generated TOTP secret.
- secretQrCode string Required
  
  A QR code image data URL for the TOTP secret. The user can scan this QR code with their TOTP authenticator app.
400

Bad Request
404

Entity not found.
- session.identifier_not_found: The current interaction is not identified yet. All MFA verification records must be associated with a identified user.

POST /api/experience/verification/totp/secret

curl \
 -X POST https://[tenant_id].logto.app/api/experience/verification/totp/secret

Response examples (200)

{
  "verificationId": "string",
  "secret": "string",
  "secretQrCode": "string"
}