Skip to content

Begin 2FA enrollment

POST
/api/2fa/setup

Generates a TOTP secret (stored encrypted as pending) and returns the provisioning URI + QR. 2FA is not active until /confirm.

Authorizations

ApiToken

Long-lived API token created via POST /api/api-tokens (returned once in plaintext).

Type
API Key (header: X-API-TOKEN)
or
JWT

JWT access token obtained via POST /api/auth/login. Send as: Authorization: Bearer .

Type
HTTP (bearer)

Responses

Setup data

application/json
JSON
{
  
"secret": "JBSWY3DPEHPK3PXP",
  
"otpauthUri": "otpauth://totp/Smoxy%20Hub:user@example.com?secret=...",
  
"qrDataUri": "data:image/png;base64,iVBORw0..."
}

Playground

Authorization

Samples

Powered by VitePress OpenAPI