Begin 2FA enrollment
POST
/api/2fa/setup
Generates a TOTP secret (stored encrypted as pending) and returns the provisioning URI + QR. 2FA is not active until /confirm.
Authorizations
ApiToken
Long-lived API token created via POST /api/api-tokens (returned once in plaintext).
Type
API Key (header: X-API-TOKEN)
or
JWT
JWT access token obtained via POST /api/auth/login. Send as: Authorization: Bearer
Type
HTTP (bearer)
Responses
Setup data
application/json
JSON "secret": "JBSWY3DPEHPK3PXP", "otpauthUri": "otpauth://totp/Smoxy%20Hub:user@example.com?secret=...", "qrDataUri": "data:image/png;base64,iVBORw0..."
{
}
