users

Initiate two-factor authentication setup (secret, QR code, backup codes)

Initiates two-factor authentication setup for the current user. Returns a secret, QR code, and manual entry key for the user to add to an authenticator app. Requires JWT Bearer token (BearerToken). API keys are not supported.

POST/api/users/2fa/setup

Authentication

Requires JWT
Note
Include your JWT in the Authorization: Bearer YOUR_TOKEN header (user-facing apps, RBAC). View authentication guide →

SDK setup

Create a client and set credentials (JWT and/or API key) before calling the API. Match the authentication type shown above.

import { MudbaseClient } from "mudbase";

const client = new MudbaseClient();
client.setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c3JfbW9yZ2FuX2RlIiwiZW1haWwiOiJtb3JnYW4uY2hlbkBub3J0aHdpbmQuZGV2IiwiZXhwIjoxODI1MTI5NjAwfQ.doc_preview_sig");
import { MudbaseClient } from "mudbase";

const client = new MudbaseClient();
client.setJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c3JfbW9yZ2FuX2RlIiwiZW1haWwiOiJtb3JnYW4uY2hlbkBub3J0aHdpbmQuZGV2IiwiZXhwIjoxODI1MTI5NjAwfQ.doc_preview_sig");

Example request

Call this endpoint using the client from SDK setup. Use View HTTP for a raw cURL example.

const result = await client.users.setup2fa();
const result = await client.users.setup2fa();

Try It Live

Test this endpoint with your own credentials. Your requests will be sent to the live API.

Use the auth endpoints to obtain a JWT.

No Request Yet

Send a request to see the full inspector

Responses

2002FA setup data
json
{
  "secret": "JBSWY3DPEHPK3PXP",
  "qrCode": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg==",
  "backupCodes": [
    "12345678",
    "87654321"
  ]
}
{
  "secret": "JBSWY3DPEHPK3PXP",
  "qrCode": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg==",
  "backupCodes": [
    "12345678",
    "87654321"
  ]
}
400Bad request or validation error.
401Authentication required or invalid token.
403Access denied or insufficient permissions.

Errors

CodeMeaning
400Bad request or validation error.
401Authentication required or invalid token.
403Access denied or insufficient permissions.

Next steps

Edit this page on GitHub