Start TOTP login.
POST
/api/auth/totp/login/start
Code sample: Shell / cURL
curl --request POST \ --url https://auth.example.com/api/auth/totp/login/start \ --header 'Content-Type: application/json' \Creates a short-lived TOTP login challenge for an email or username identifier.
Request Body required
Section titled “Request Body required ” Media type application/json
object
identifier
required
Email address or username/user identifier.
string
key
additional properties
Example
{}Responses
Section titled “ Responses ”TOTP login challenge response.
Media type application/json
object
challenge_id
required
string
expires_in
required
integer
Example generated
{ "challenge_id": "example", "expires_in": 1}Error response.
Media type application/json
object
error
string
error_description
string
message
string
webauthn_signal
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
unknown_credential
boolean
key
additional properties
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}