Download OpenAPI specification:Download
Login using time-based one-time passcodes (TOTP), which can be generated by authenticator apps like Google Authenticator. This provides passwordless, two-factor authentication using a single login method.
Authenticates a user using a TOTP code generated by the user's authenticator app. Once the TOTP is validated using the secret created upon registration and the TOTP method configuration, user tokens are returned.
resource | string Resource URI the authentication request is attempting to access, which is reflected in the audience ( |
object Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. | |
org_id | string Organization ID, used for member login in B2B scenarios |
object Client attributes | |
session_id | string Used to associate the authentication with an existing session (such as for MFA). If unspecified, a new session is created and the session ID is returned. |
token required | string TOTP code to validate |
identifier_type | string Default: "email" Type of user identifier used for validating the TOTP |
identifier required | string Identifier of the user that the TOTP was generated for |
Returns user tokens
{- "resource": "string",
- "claims": {
- "id_token": {
- "roles": null
}
}, - "org_id": "string",
- "client_attributes": {
- "user_agent": "string",
- "ip_address": "string"
}, - "session_id": "string",
- "token": "string",
- "identifier_type": "email",
- "identifier": "string"
}
{- "access_token": "string",
- "id_token": "string",
- "refresh_token": "string",
- "token_type": "string",
- "expires_in": 3600,
- "session_id": "string"
}
Start a transaction signing flow with TOTP. Receive a challenge to add to the authenticator app.
resource | string Resource URI the authentication request is attempting to access, which is reflected in the audience ( |
object Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. | |
org_id | string Organization ID, used for member login in B2B scenarios |
object Client attributes | |
session_id | string Used to associate the authentication with an existing session (such as for MFA). If unspecified, a new session is created and the session ID is returned. |
approval_data required | object Flat object that contains the data that your customer should approve for a transaction signing or custom approval flow. It can contain up to 10 keys, and only alphanumeric characters, underscores, hyphens, and periods. It will be returned as a claim in the ID token upon successful authentication. |
identifier_type required | string Type of user identifier used for login |
identifier required | string User identifier, which may correspond to the user's email, phone number, username, or user ID. The type of identifier should be specified as the |
Backend auth initialized successfully.
{- "resource": "string",
- "claims": {
- "id_token": {
- "roles": null
}
}, - "org_id": "string",
- "client_attributes": {
- "user_agent": "string",
- "ip_address": "string"
}, - "session_id": "string",
- "approval_data": {
- "transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT",
- "sum": "200"
}, - "identifier_type": "email",
- "identifier": "string"
}
{- "approval_data": {
- "transaction_id": "eFII2y40uB9hQ98nXt3tc1IHkRt8GrRZiqZuRn_59wT",
- "sum": "200"
}, - "challenge": "123456"
}
Authenticates a user using a TOTP code generated by the user's authenticator app with the challenge received from the transaction start. Once the TOTP is validated using the secret created upon registration and the TOTP method configuration, user tokens are returned.
resource | string Resource URI the authentication request is attempting to access, which is reflected in the audience ( |
object Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference. | |
org_id | string Organization ID, used for member login in B2B scenarios |
object Client attributes | |
session_id | string Used to associate the authentication with an existing session (such as for MFA). If unspecified, a new session is created and the session ID is returned. |
token required | string TOTP code to validate |
identifier_type | string Default: "email" Type of user identifier used for validating the TOTP |
identifier required | string Identifier of the user that the TOTP was generated for |
Returns user tokens
{- "resource": "string",
- "claims": {
- "id_token": {
- "roles": null
}
}, - "org_id": "string",
- "client_attributes": {
- "user_agent": "string",
- "ip_address": "string"
}, - "session_id": "string",
- "token": "string",
- "identifier_type": "email",
- "identifier": "string"
}
{- "access_token": "string",
- "id_token": "string",
- "refresh_token": "string",
- "token_type": "string",
- "expires_in": 3600,
- "session_id": "string"
}
Registers a TOTP authenticator for the logged-in user. The response contains the secret and other configuration that will be used to generate TOTP codes for authentication. The app must provide it to the user (such as via QR) so the user can complete the process using their authenticator app.
Note:
The TOTP authenticator has been successfully registered.
{- "label": "John Doe",
- "allow_override": false
}
{- "secret": "string",
- "uri": "string"
}