POST /auth/mfa/verify-totp-setup
Verify TOTP Setup
Verify TOTP Setup
/auth/mfa/verify-totp-setupRequest body
NestAuthVerifyTotpSetupRequestDto
| Field | Type | Required | Description |
|---|---|---|---|
otp | string | required | The TOTP code from authenticator app Example: 123456 |
secret | string | required | Secret key from TOTP setup Example: JBSWY3DPEHPK3PXP |
Examples
Example
{
"otp": "123456",
"secret": "JBSWY3DPEHPK3PXP"
}Responses
200
NestAuthMfaDeviceVerifiedResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
message | string | required | Response message Example: Device setup successfully |
Example response
{
"message": "Device setup successfully"
}400Invalid or expired code.
ApiErrorResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
statusCode | number | required | HTTP status code Example: 401 |
error | string | required | HTTP status text / exception name Example: Unauthorized |
message | string | required | Human-readable message Example: Invalid credentials |
code | string | required | Stable, machine-readable error code — branch on this, not the message Example: INVALID_CREDENTIALS |
Example response
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid credentials",
"code": "INVALID_CREDENTIALS"
}401Missing, invalid, or expired authentication.
ApiErrorResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
statusCode | number | required | HTTP status code Example: 401 |
error | string | required | HTTP status text / exception name Example: Unauthorized |
message | string | required | Human-readable message Example: Invalid credentials |
code | string | required | Stable, machine-readable error code — branch on this, not the message Example: INVALID_CREDENTIALS |
Example response
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid credentials",
"code": "INVALID_CREDENTIALS"
}403Authenticated but not permitted.
ApiErrorResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
statusCode | number | required | HTTP status code Example: 401 |
error | string | required | HTTP status text / exception name Example: Unauthorized |
message | string | required | Human-readable message Example: Invalid credentials |
code | string | required | Stable, machine-readable error code — branch on this, not the message Example: INVALID_CREDENTIALS |
Example response
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid credentials",
"code": "INVALID_CREDENTIALS"
}Try it
curl -X POST 'https://api.example.com/auth/mfa/verify-totp-setup' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
-d '{"otp":"123456","secret":"JBSWY3DPEHPK3PXP"}'