Disable 2FA
POST
/api/2fa/disable
Verifies a current TOTP or recovery code, then disables 2FA. Forbidden while an organization enforces 2FA.
Authorizations
ApiToken
Long-lived API token created via POST /api/api-tokens (returned once in plaintext).
Type
API Key (header: X-API-TOKEN)
or
JWT
JWT access token obtained via POST /api/auth/login. Send as: Authorization: Bearer
Type
HTTP (bearer)
Request Body
application/json
JSON "code": "123456"
{
}
Responses
Success
application/json
JSON "message": "Two-factor authentication disabled."
{
}
