# Create TOTP secret

**POST /api/experience/verification/totp/secret**

Create a new TOTP verification record and generate a new TOTP secret for the user. This secret can be used to bind a new TOTP verification to the user's profile. The verification record must be verified before the secret can be used to bind a new TOTP verification to the user's profile.


## Servers
- Logto endpoint address.: https://[tenant_id].logto.app (Logto endpoint address.)



## Parameters




## Responses
### 200: TOTP secret successfully generated.

#### Body Parameters: application/json (object)
- **verificationId** (string)
  The unique verification ID for the TOTP record. This ID is required to verify the TOTP code.
- **secret** (string)
  The newly generated TOTP secret.
- **secretQrCode** (string)
  A QR code image data URL for the TOTP secret. The user can scan this QR code with their TOTP authenticator app.

### 400: Bad Request

### 404: Entity not found. <br/> - `session.identifier_not_found:` The current interaction is not identified yet. All MFA verification records must be associated with a identified user.


[Powered by Bump.sh](https://bump.sh)