Sofar logo
Sofar logo
Api
Activate email OTP POSTActivate TOTP POSTGet active 2FA methods GETSet or reset email OTP POSTInitiate email OTP challenge POSTInitiate an email address transfer POSTSet or reset TOTP POSTTime until the next email OTP may be generated GETSend a password reset email POSTComplete an email address transfer PUTTime until the next recovery code guess GETDeactivate email OTP DELETEDeactivate TOTP DELETEReset the recovery codes of a user POSTSend a password reset OTP POSTTime until the next TOTP guess GETUpdate password via OTP PUTUpdate password via sudo token PUTCheck a password reset OTP POSTComplete email OTP challenge POSTVerify a recovery code POSTVerify TOTP code POST
User
POST
/user/2fa/totp/enable

Authorization

accessToken
AuthorizationBearer <token>

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

totp*string
Length6 <= length <= 6

Activate email OTP POST

Activate email OTP after it was initialized by providing a received OTP, enabling it as a 2FA method

Get active 2FA methods GET

Get an object with the active 2FA methods for your account and when they were enabled

Response Body

application/json

application/json

application/json

application/json

application/json

application/json

curl -X POST "https://authentication.eniris.be/user/2fa/totp/enable" \  -H "Content-Type: application/json" \  -d '{    "totp": "string"  }'
{
  "recoveryCodes": [
    "string"
  ]
}
{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "Invalid email address"
}
{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "NO_TOKEN_PROVIDED"
}
{
  "statusCode": 409,
  "error": "Conflict",
  "message": "TOTP_UNINITIALIZED"
}
{
  "statusCode": 429,
  "retryAfter": 0,
  "error": "Too many requests",
  "message": "TOO_MANY_TOTP_CHECKS"
}
{
  "statusCode": 500,
  "error": "Internal server error",
  "message": "TOTP_CORRUPT"
}

Activate the current TOTP secret after it was initialized, enabling TOTP as a 2FA method

A valid access token (proof of identity) can be obtained via the /accesstoken endpoint. It has a 5 minutes validity period.