Skip to content

Begin TOTP enrollment

POST
/v1/me/totp/enroll
curl --request POST \
--url https://example.com/v1/me/totp/enroll \
--header 'Authorization: Bearer <token>'

Generates a fresh shared secret (overwriting any prior pending enrollment) and returns it plus an otpauth URI. Accepts both full and bootstrap JWTs. Returns 409 if an active TOTP is already enrolled — remove it via DELETE /v1/me/totp first.

Enrollment started

Media typeapplication/json

Returned when TOTP enrollment starts. Render qr_uri as a QR code (or enter secret manually) in an authenticator app, then confirm via POST /v1/me/totp/enroll/verify. The credential stays inactive until verified.

object
success
required
boolean
secret
required

Base32 shared secret.

string
qr_uri
required

Otpauth:// URI for QR display.

string
Examplegenerated
{
"success": true,
"secret": "example",
"qr_uri": "example"
}

Error response

Media typeapplication/problem+json

RFC 7807 Problem Details

object
type

Problem type slug URI

string
title
string
status
integer
detail
string
key
additional properties
any
Examplegenerated
{
"type": "example",
"title": "example",
"status": 1,
"detail": "example"
}