GET /auth/mfa/devices
List registered MFA devices
List registered MFA devices
/auth/mfa/devicesResponses
200
Array of MfaDeviceDto
| Field | Type | Required | Description |
|---|---|---|---|
id | string | required | Unique identifier of the MFA device Example: 4b3c9c9c-9a9d-4d1e-8d9f-123456789abc |
deviceName | string | required | Friendly name of the registered device Example: Work laptop |
method | "email" | "sms" | "totp" | required | MFA method this device supportsemailsmstotpExample: totp |
lastUsedAt | string<date-time> | optional | Timestamp of when the device was last used Example: 2024-05-20T12:34:56.000Z |
verified | boolean | required | Whether the device setup has been verified Example: true |
createdAt | string<date-time> | optional | Timestamp of when the device was registered Example: 2024-05-18T10:15:00.000Z |
Example response
[
{
"id": "4b3c9c9c-9a9d-4d1e-8d9f-123456789abc",
"deviceName": "Work laptop",
"method": "totp",
"lastUsedAt": "2024-05-20T12:34:56.000Z",
"verified": true,
"createdAt": "2024-05-18T10:15:00.000Z"
}
]400Invalid or expired code.
ApiErrorResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
statusCode | number | required | HTTP status code Example: 401 |
error | string | required | HTTP status text / exception name Example: Unauthorized |
message | string | required | Human-readable message Example: Invalid credentials |
code | string | required | Stable, machine-readable error code — branch on this, not the message Example: INVALID_CREDENTIALS |
Example response
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid credentials",
"code": "INVALID_CREDENTIALS"
}401Missing, invalid, or expired authentication.
ApiErrorResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
statusCode | number | required | HTTP status code Example: 401 |
error | string | required | HTTP status text / exception name Example: Unauthorized |
message | string | required | Human-readable message Example: Invalid credentials |
code | string | required | Stable, machine-readable error code — branch on this, not the message Example: INVALID_CREDENTIALS |
Example response
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid credentials",
"code": "INVALID_CREDENTIALS"
}403Authenticated but not permitted.
ApiErrorResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
statusCode | number | required | HTTP status code Example: 401 |
error | string | required | HTTP status text / exception name Example: Unauthorized |
message | string | required | Human-readable message Example: Invalid credentials |
code | string | required | Stable, machine-readable error code — branch on this, not the message Example: INVALID_CREDENTIALS |
Example response
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid credentials",
"code": "INVALID_CREDENTIALS"
}Try it
curl -X GET 'https://api.example.com/auth/mfa/devices' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer YOUR_ACCESS_TOKEN'