Send MFA code for setup/verification

POST/auth/mfa/challenge

Request body

NestAuthSendMfaCodeRequestDto

Field	Type	Required	Description
`method`	`object`	required	MFA delivery method Example: `email`

Examples

Example

{
  "method": "email"
}

Responses

200

NestAuthMfaCodeSentResponseDto

Field	Type	Required	Description
`message`	`string`	required	Response message Example: `MFA code sent successfully`

Example response

{
  "message": "MFA code sent successfully"
}

400Invalid or expired code.

ApiErrorResponseDto

Field	Type	Required	Description
`statusCode`	`number`	required	HTTP status code Example: `401`
`error`	`string`	required	HTTP status text / exception name Example: `Unauthorized`
`message`	`string`	required	Human-readable message Example: `Invalid credentials`
`code`	`string`	required	Stable, machine-readable error code — branch on this, not the message Example: `INVALID_CREDENTIALS`

Example response

{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Invalid credentials",
  "code": "INVALID_CREDENTIALS"
}

401Missing, invalid, or expired authentication.

ApiErrorResponseDto

Field	Type	Required	Description
`statusCode`	`number`	required	HTTP status code Example: `401`
`error`	`string`	required	HTTP status text / exception name Example: `Unauthorized`
`message`	`string`	required	Human-readable message Example: `Invalid credentials`
`code`	`string`	required	Stable, machine-readable error code — branch on this, not the message Example: `INVALID_CREDENTIALS`

Example response

{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Invalid credentials",
  "code": "INVALID_CREDENTIALS"
}

403Authenticated but not permitted.

ApiErrorResponseDto

Field	Type	Required	Description
`statusCode`	`number`	required	HTTP status code Example: `401`
`error`	`string`	required	HTTP status text / exception name Example: `Unauthorized`
`message`	`string`	required	Human-readable message Example: `Invalid credentials`
`code`	`string`	required	Stable, machine-readable error code — branch on this, not the message Example: `INVALID_CREDENTIALS`

Example response

{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Invalid credentials",
  "code": "INVALID_CREDENTIALS"
}

Try it

curl -X POST 'https://api.example.com/auth/mfa/challenge' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
  -d '{"method":"email"}'

POST /auth/mfa/challenge

Send MFA code for setup/verification

Request body

Responses

Try it

On this page