Setup TOTP Device

POST/auth/mfa/setup-totp

200

400Invalid or expired code.

ApiErrorResponseDto

Field	Type	Required	Description
`statusCode`	`number`	required	HTTP status code Example: `401`
`error`	`string`	required	HTTP status text / exception name Example: `Unauthorized`
`message`	`string`	required	Human-readable message Example: `Invalid credentials`
`code`	`string`	required	Stable, machine-readable error code — branch on this, not the message Example: `INVALID_CREDENTIALS`

Example response

{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Invalid credentials",
  "code": "INVALID_CREDENTIALS"
}

401Missing, invalid, or expired authentication.

ApiErrorResponseDto

Field	Type	Required	Description
`statusCode`	`number`	required	HTTP status code Example: `401`
`error`	`string`	required	HTTP status text / exception name Example: `Unauthorized`
`message`	`string`	required	Human-readable message Example: `Invalid credentials`
`code`	`string`	required	Stable, machine-readable error code — branch on this, not the message Example: `INVALID_CREDENTIALS`

Example response

{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Invalid credentials",
  "code": "INVALID_CREDENTIALS"
}

403Authenticated but not permitted.

ApiErrorResponseDto

Field	Type	Required	Description
`statusCode`	`number`	required	HTTP status code Example: `401`
`error`	`string`	required	HTTP status text / exception name Example: `Unauthorized`
`message`	`string`	required	Human-readable message Example: `Invalid credentials`
`code`	`string`	required	Stable, machine-readable error code — branch on this, not the message Example: `INVALID_CREDENTIALS`

Example response

{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Invalid credentials",
  "code": "INVALID_CREDENTIALS"
}

curl -X POST 'https://api.example.com/auth/mfa/setup-totp' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN'

POST /auth/mfa/setup-totp