Verify OTP token and enable 2FA

POST /2fa/verify-otp

Bearer auth

application/json

Body Required

username string Required
otp string Required

TOTP code or recovery code

Responses

200 application/json

OTP verified successfully
Hide response attributes Show response attributes object
- code integer
- message string
- data object
  
  Hide data attributes Show data attributes object
  
  token string
  
  expire string(date-time)
400 application/json

Invalid OTP
Hide response attributes Show response attributes object
- code integer
- message string
- data
- error string
401 application/json

Unauthorized
Hide response attributes Show response attributes object
- code integer
- message string
- data
- error string
404 application/json

User secret not found
Hide response attributes Show response attributes object
- code integer
- message string
- data
- error string
500 application/json

Failed to generate refreshed JWT
Hide response attributes Show response attributes object
- code integer
- message string
- data
- error string

POST /2fa/verify-otp

curl \
 --request POST 'http://localhost:8080/2fa/verify-otp' \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: application/json" \
 --data '{"username":"string","otp":"string"}'

Request examples

{
  "username": "string",
  "otp": "string"
}

Response examples (200)

{
  "code": 42,
  "message": "string",
  "data": {
    "token": "string",
    "expire": "2026-05-04T09:42:00Z"
  }
}

Response examples (400)

{
  "code": 42,
  "message": "string",
  "error": "string"
}

Response examples (401)

{
  "code": 42,
  "message": "string",
  "error": "string"
}

Response examples (404)

{
  "code": 42,
  "message": "string",
  "error": "string"
}

Response examples (500)

{
  "code": 42,
  "message": "string",
  "error": "string"
}