Enable TOTP

POST

/v1/iam/auth/totp/enable

const url = 'http://localhost:8080/v1/iam/auth/totp/enable';
const options = {method: 'POST'};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request POST \
  --url http://localhost:8080/v1/iam/auth/totp/enable

Returns the otpauth:// URL (for the authenticator QR) and the recovery codes in plaintext — shown ONCE. The User row stores the encrypted secret (APOPHIS_IAM_TOTP_KEY, C4=b) but totpEnabledAt stays NULL until /iam/auth/totp/verify confirms the user scanned the QR.

Responses

200

TOTP enable payload.

application/json

object

status

required

string

Allowed value: success

code

required

string

data

required

object

otpauthUrl

required

string

secret

required

string

recoveryCodes

required

Array<string>

cache

object

hit

required

boolean

key

string

ageSeconds

integer

expiresAt

string format: date-time

timing

object

totalMs

required

integer

dbMs

integer

externalMs

integer

deprecation

object

sunset

required

string format: date-time

successor

string

note

string

Example

{
  "status": "success"
}

401

Authentification manquante ou invalide.

application/json

object

status

required

string

Allowed value: error

code

required

string

error

required

object

message

string

requestId

required

string

details

Array<object>

object

path

string

code

string

message

string

key

additional properties

Example

{
  "status": "error"
}

409

Conflit d’état (cannot_replay_<status>, idempotency_mismatch).

application/json

object

status

required

string

Allowed value: error

code

required

string

error

required

object

message

string

requestId

required

string

details

Array<object>

object

path

string

code

string

message

string

key

additional properties

Example

{
  "status": "error"
}