Skip to content

Complete 2FA login (partition-scoped)

POST
/v1/pt/{ptid}/login/2fa
curl --request POST \
--url https://example.com/v1/pt/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/login/2fa \
--header 'Content-Type: application/json' \
--data '{ "challenge_id": "example", "code": "example" }'
ptid
required
string format: uuid

Partition UUID

Media typeapplication/json
object
challenge_id
required

The challenge_id from the password-login response.

string
code
required

A 6-digit TOTP code or a recovery code (TOTP is tried first).

string
Examplegenerated
{
"challenge_id": "example",
"code": "example"
}

Full token issued

Media typeapplication/json

Returned by the API-key login and the 2FA-exchange step with a full token, and by password login (no TOTP enrolled) with a bootstrap token.

object
success
required
boolean
token
required

The JWT to send as Authorization: Bearer <jwt>.

string
type
required

full grants every endpoint the user is authorized for; bootstrap only opens the TOTP-enrollment endpoints.

string
Allowed values: full bootstrap
Example
{
"type": "full"
}

Error response

Media typeapplication/problem+json

RFC 7807 Problem Details

object
type

Problem type slug URI

string
title
string
status
integer
detail
string
key
additional properties
any
Examplegenerated
{
"type": "example",
"title": "example",
"status": 1,
"detail": "example"
}