API Reference | API Docs

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

emailstring · emailRequired

passwordstringRequired

Responses

200

Login successful

application/json

idTokenstringRequired

refreshTokenstringRequired

403

Authentication error

application/json

500

Internal error

application/json

post

/auth/login

POST /auth/login HTTP/1.1
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 44

{
  "email": "[email protected]",
  "password": "text"
}

{
  "idToken": "text",
  "refreshToken": "text"
}

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

refreshTokenstringRequired

Responses

200

ID Token refreshed successfully

application/json

idTokenstringRequired

403

Invalid refresh token

application/json

500

Internal error

application/json

post

/auth/login/refresh

POST /auth/login/refresh HTTP/1.1
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 23

{
  "refreshToken": "text"
}

{
  "idToken": "text"
}

post

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

phonestring · min: 1Required

countrystring · enumRequiredPossible values:

Responses

200

Number added to the user successfully. A SMS message will be sent to the user, and they will need to validate it to use the phone number as MFA.

application/json

emailstring · emailRequired

Obfuscated email of the user

hasValidatedEmailbooleanRequired

Whether the email has been confirmed.

emailVerificationDatestring · date-timeOptional

ISO-8601 string representing the time the user verified the email

hasValidatedSecretbooleanRequired

Whether the secret has been validated with user input or not.

secretVerificationDatestring · date-timeOptional

ISO-8601 string representing the time the user verified the TOTP secret

phoneNumberstringOptional

Obfuscated E.164 phone number of the user

hasValidatedPhonebooleanRequired

Whether the secret has been validated with user input or not.

phoneVerificationDatestring · date-timeOptional

ISO-8601 string representing the time the user verified the phone number

lastLoggedDatestring · date-timeRequired

ISO-8601 string representing the last date the user logged in.

statusstring · enumRequired

The current status of the user.

Possible values:

lastLoggedDevicestringRequired

User-agent string of the last logged in device.

lastPasswordChangeDatestring · date-timeRequired

When was the last time the user changed the password.

400

The user already has a valid SMS phone added.

application/json

403

Authentication error

application/json

500

Internal error

application/json

post

/auth/otp/methods/sms

POST /auth/otp/methods/sms HTTP/1.1
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 31

{
  "phone": "text",
  "country": "AC"
}

{
  "email": "[email protected]",
  "hasValidatedEmail": true,
  "emailVerificationDate": "2026-03-23T00:39:06.198Z",
  "hasValidatedSecret": true,
  "secretVerificationDate": "2026-03-23T00:39:06.198Z",
  "phoneNumber": "text",
  "hasValidatedPhone": true,
  "phoneVerificationDate": "2026-03-23T00:39:06.198Z",
  "lastLoggedDate": "2026-03-23T00:39:06.198Z",
  "status": "ACTIVE",
  "lastLoggedDevice": "text",
  "lastPasswordChangeDate": "2026-03-23T00:39:06.198Z"
}

post

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Body

objectOptional

Responses

200

Secret created successfully

application/json

emailstring · emailRequired

Obfuscated email of the user

hasValidatedEmailbooleanRequired

Whether the email has been confirmed.

emailVerificationDatestring · date-timeOptional

ISO-8601 string representing the time the user verified the email

hasValidatedSecretbooleanRequired

Whether the secret has been validated with user input or not.

secretVerificationDatestring · date-timeOptional

ISO-8601 string representing the time the user verified the TOTP secret

phoneNumberstringOptional

Obfuscated E.164 phone number of the user

hasValidatedPhonebooleanRequired

Whether the secret has been validated with user input or not.

phoneVerificationDatestring · date-timeOptional

ISO-8601 string representing the time the user verified the phone number

lastLoggedDatestring · date-timeRequired

ISO-8601 string representing the last date the user logged in.

statusstring · enumRequired

The current status of the user.

Possible values:

lastLoggedDevicestringRequired

User-agent string of the last logged in device.

lastPasswordChangeDatestring · date-timeRequired

When was the last time the user changed the password.

400

The TOTP secret is already configured

application/json

403

Authentication error

application/json

500

Internal error

application/json

post

/auth/otp/methods/totp

POST /auth/otp/methods/totp HTTP/1.1
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

{
  "email": "[email protected]",
  "hasValidatedEmail": true,
  "emailVerificationDate": "2026-03-23T00:39:06.198Z",
  "hasValidatedSecret": true,
  "secretVerificationDate": "2026-03-23T00:39:06.198Z",
  "phoneNumber": "text",
  "hasValidatedPhone": true,
  "phoneVerificationDate": "2026-03-23T00:39:06.198Z",
  "lastLoggedDate": "2026-03-23T00:39:06.198Z",
  "status": "ACTIVE",
  "lastLoggedDevice": "text",
  "lastPasswordChangeDate": "2026-03-23T00:39:06.198Z"
}

delete

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Header parameters

x-otpstringRequired

Responses

200

User secret deleted successfully

application/json

emailstring · emailRequired

Obfuscated email of the user

hasValidatedEmailbooleanRequired

Whether the email has been confirmed.

emailVerificationDatestring · date-timeOptional

ISO-8601 string representing the time the user verified the email

hasValidatedSecretbooleanRequired

Whether the secret has been validated with user input or not.

secretVerificationDatestring · date-timeOptional

ISO-8601 string representing the time the user verified the TOTP secret

phoneNumberstringOptional

Obfuscated E.164 phone number of the user

hasValidatedPhonebooleanRequired

Whether the secret has been validated with user input or not.

phoneVerificationDatestring · date-timeOptional

ISO-8601 string representing the time the user verified the phone number

lastLoggedDatestring · date-timeRequired

ISO-8601 string representing the last date the user logged in.

statusstring · enumRequired

The current status of the user.

Possible values:

lastLoggedDevicestringRequired

User-agent string of the last logged in device.

lastPasswordChangeDatestring · date-timeRequired

When was the last time the user changed the password.

400

User doesn't have a secret configured

application/json

401

OTP is not valid

application/json

403

Authentication error

application/json

500

Internal error

application/json

delete

/auth/otp/methods/totp

DELETE /auth/otp/methods/totp HTTP/1.1
Authorization: Bearer YOUR_SECRET_TOKEN
x-otp: text
Accept: */*

{
  "email": "[email protected]",
  "hasValidatedEmail": true,
  "emailVerificationDate": "2026-03-23T00:39:06.198Z",
  "hasValidatedSecret": true,
  "secretVerificationDate": "2026-03-23T00:39:06.198Z",
  "phoneNumber": "text",
  "hasValidatedPhone": true,
  "phoneVerificationDate": "2026-03-23T00:39:06.198Z",
  "lastLoggedDate": "2026-03-23T00:39:06.198Z",
  "status": "ACTIVE",
  "lastLoggedDevice": "text",
  "lastPasswordChangeDate": "2026-03-23T00:39:06.198Z"
}

get

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Query parameters

methodstring · enumRequiredPossible values:

Responses

201

OTP requested successfully

application/json

400

The MFA method is not allowed to be used

application/json

401

The user has exhausted its available attempts and must wait before requesting another

application/json

403

Authentication error

application/json

500

Internal error

application/json

get

/auth/otp/code

GET /auth/otp/code?method=EMAIL HTTP/1.1
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "validUntil": "2026-03-23T00:39:06.198Z",
  "channel": "EMAIL",
  "validated": true
}

post

Authorizations

AuthorizationstringRequired

Bearer authentication header of the form Bearer <token>.

Header parameters

x-otpany ofRequired

stringOptional

or

stringOptional

Body

channelstring · enumRequired

Channel to verify OTP. If a channel is not configured or is already verified, the response will be an error.

Possible values:

Responses

200

Method correctly verified

application/json

emailstring · emailRequired

Obfuscated email of the user

hasValidatedEmailbooleanRequired

Whether the email has been confirmed.

emailVerificationDatestring · date-timeOptional

ISO-8601 string representing the time the user verified the email

hasValidatedSecretbooleanRequired

Whether the secret has been validated with user input or not.

secretVerificationDatestring · date-timeOptional

ISO-8601 string representing the time the user verified the TOTP secret

phoneNumberstringOptional

Obfuscated E.164 phone number of the user

hasValidatedPhonebooleanRequired

Whether the secret has been validated with user input or not.

phoneVerificationDatestring · date-timeOptional

ISO-8601 string representing the time the user verified the phone number

lastLoggedDatestring · date-timeRequired

ISO-8601 string representing the last date the user logged in.

statusstring · enumRequired

The current status of the user.

Possible values:

lastLoggedDevicestringRequired

User-agent string of the last logged in device.

lastPasswordChangeDatestring · date-timeRequired

When was the last time the user changed the password.

400

SMS is already configured

application/json

401

OTP is not valid

application/json

403

Authentication error

application/json

500

Internal error

application/json

post

/auth/otp/code

POST /auth/otp/code HTTP/1.1
Authorization: Bearer YOUR_SECRET_TOKEN
x-otp: text
Content-Type: application/json
Accept: */*
Content-Length: 17

{
  "channel": "SMS"
}

{
  "email": "[email protected]",
  "hasValidatedEmail": true,
  "emailVerificationDate": "2026-03-23T00:39:06.198Z",
  "hasValidatedSecret": true,
  "secretVerificationDate": "2026-03-23T00:39:06.198Z",
  "phoneNumber": "text",
  "hasValidatedPhone": true,
  "phoneVerificationDate": "2026-03-23T00:39:06.198Z",
  "lastLoggedDate": "2026-03-23T00:39:06.198Z",
  "status": "ACTIVE",
  "lastLoggedDevice": "text",
  "lastPasswordChangeDate": "2026-03-23T00:39:06.198Z"
}