コンテンツにスキップ

Start TOTP login.

POST
/api/auth/totp/login/start
Code sample: Shell / cURL
curl --request POST \
--url https://auth.example.com/api/auth/totp/login/start \
--header 'Content-Type: application/json' \
--data '{ "identifier": "[email protected]" }'

Creates a short-lived TOTP login challenge for an email or username identifier.

Media type application/json
object
identifier
required

Email address or username/user identifier.

string
>= 1 characters
key
additional properties
Example
{
"identifier": "[email protected]"
}

TOTP login challenge response.

Media type application/json
object
challenge_id
required
string
expires_in
required
integer
>= 1
Example generated
{
"challenge_id": "example",
"expires_in": 1
}

Error response.

Media type application/json
object
error
string
error_description
string
message
string
webauthn_signal

Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.

object
unknown_credential
boolean
key
additional properties
Example generated
{
"error": "example",
"error_description": "example",
"message": "example",
"webauthn_signal": {
"unknown_credential": true
}
}