POST /auth/mfa/toggle
Enable or disable MFA for the current user
Enable or disable MFA for the current user
/auth/mfa/toggleRequest body
NestAuthToggleMfaRequestDto
| Field | Type | Required | Description |
|---|---|---|---|
enabled | boolean | required | Whether MFA should be enabled for the current user Example: true |
Examples
Example
{
"enabled": true
}Responses
200
NestAuthMfaToggleResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
message | string | required | Response message Example: MFA enabled successfully |
Example response
{
"message": "MFA enabled successfully"
}400Invalid or expired code.
ApiErrorResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
statusCode | number | required | HTTP status code Example: 401 |
error | string | required | HTTP status text / exception name Example: Unauthorized |
message | string | required | Human-readable message Example: Invalid credentials |
code | string | required | Stable, machine-readable error code — branch on this, not the message Example: INVALID_CREDENTIALS |
Example response
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid credentials",
"code": "INVALID_CREDENTIALS"
}401Missing, invalid, or expired authentication.
ApiErrorResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
statusCode | number | required | HTTP status code Example: 401 |
error | string | required | HTTP status text / exception name Example: Unauthorized |
message | string | required | Human-readable message Example: Invalid credentials |
code | string | required | Stable, machine-readable error code — branch on this, not the message Example: INVALID_CREDENTIALS |
Example response
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid credentials",
"code": "INVALID_CREDENTIALS"
}403Authenticated but not permitted.
ApiErrorResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
statusCode | number | required | HTTP status code Example: 401 |
error | string | required | HTTP status text / exception name Example: Unauthorized |
message | string | required | Human-readable message Example: Invalid credentials |
code | string | required | Stable, machine-readable error code — branch on this, not the message Example: INVALID_CREDENTIALS |
Example response
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid credentials",
"code": "INVALID_CREDENTIALS"
}Try it
curl -X POST 'https://api.example.com/auth/mfa/toggle' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
-d '{"enabled":true}'