Unify and manage your data

MFA Setup APIs

Learn about MFA setup APIs

Let's understand the various endpoints related to MFA Setup.

View current user MFA enrollment status

This endpoint retrieves the MFA enrollment status for the user executing the request.
Request
GET {oauth_uri}/oauth/users/mfaDetails
{
  "availables": [
    "AUTHENTICATOR",
    "EMAIL"
  ],
  "details": {
    "AUTHENTICATOR": {
      "verified": true
    },
    "EMAIL": {
      "verified": true
    }
  }
}

Get a QR code to enroll in app-based MFA

Request
PUT {oauth_uri}/users/mfa/associateQRCode?mfatype=AUTHENTICATOR
Table 1. Parameters
Name Required Description
Headers Authorization Yes Bearer {{token}}
Body No MFA details for a customer
QuerymfatypeYesAUTHENTICATOR for Authenticator
Response

Displays the QR code. For example:

Scan the QR code using an authenticator app such as, Okta Verify, Google Authenticator, or Microsoft Authenticator. After a successful scanning, the account shows the OTP at regular intervals, refreshing every 30 seconds.

Verify the QR code to enroll in app-based MFA

Input the TOTP code from your authenticator app.
Request
PUT {oauth_uri}/users/mfa/verifyQRCodeEnroll
Table 2. Parameters
Name Required Description
Headers Authorization Yes Bearer {{token}}
Body Yes QR code verification details.
Payload
{
    "mfatype": "AUTHENTICATOR",
    "totp": "331425"
}
Response
200 Ok as the HTTP status code

Self-reset app-based MFA enrollment

This endpoint resets the user MFA configuration and the user must manually enroll again, by scanning the QR code.
Request
POST {oauth_uri}/users/mfa/resetMyQRCodeEnroll
Table 3. Parameters
Name Required Description
Headers Authorization Yes Basic {{clientId:secret}} with the base 64 encoding
Body Yes QR code verification details.
Response
200 Ok as the HTTP status code.

Reset app-based MFA enrollment by Admin

You must have the customer admin role to reset MFA for users (ROLE_ADMIN_CUSTOMER).
Request
PUT {oauth_uri}/users/{username}/mfa/resetQRCodeEnroll
Table 4. Parameters
Name Required Description
Headers Authorization Yes Bearer {{token}}
Path Paramusername Yes your.email@domain.com
Response
200 Ok as the HTTP status code.

Enroll in Email MFA

This request sends an email notification to the the current user that contains an OTP code. The user must use this in the subsequent request.
Request
PUT {oauth_uri}/oauth/users/mfa/enrollEmail?mfatype=EMAIL
Table 5. Parameters
Name Required Description
Headers Authorization Yes Bearer {{token}}
Response
200 Ok as the HTTP status code.

Verify Email MFA enrollment

Copy the OTP code that you received in your email and paste into the body of this request. After the successful verification, the user authenticates using email-based MFA every time.
Request
PUT {oauth_uri}/oauth/users/mfa/verifyEmail
Table 6. Parameters
Name Required Description
Headers Authorization Yes Bearer {{token}}
Body Yes QR code verification details.
Payload
{
    "mfatype": "EMAIL",
    "totp": "786416"
}
Response
200 Ok as the HTTP status code