Begin TOTP enrollment
POST
/v1/me/totp/enroll
const url = 'https://example.com/v1/me/totp/enroll';const options = {method: 'POST', headers: {Authorization: 'Bearer <token>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/v1/me/totp/enroll \ --header 'Authorization: Bearer <token>'Generates a fresh shared secret (overwriting any prior pending enrollment) and returns it plus an otpauth URI. Accepts both full and bootstrap JWTs. Returns 409 if an active TOTP is already enrolled — remove it via DELETE /v1/me/totp first.
Authorizations
Section titled “Authorizations”Responses
Section titled “Responses”Enrollment started
Media typeapplication/json
Returned when TOTP enrollment starts. Render qr_uri as a QR code (or enter secret manually) in an authenticator app, then confirm via POST /v1/me/totp/enroll/verify. The credential stays inactive until verified.
object
success
required
boolean
secret
required
Base32 shared secret.
string
qr_uri
required
Otpauth:// URI for QR display.
string
Examplegenerated
{ "success": true, "secret": "example", "qr_uri": "example"}default
Section titled “default”Error response
Media typeapplication/problem+json
RFC 7807 Problem Details
object
type
Problem type slug URI
string
title
string
status
integer
detail
string
key
additional properties
any
Examplegenerated
{ "type": "example", "title": "example", "status": 1, "detail": "example"}