Generate Backup Codes

POST/web/v1/users/self/security/mfa/backup-codes/generateJWT

Generates a new set of backup codes, invalidating any previously generated codes. Backup codes are only returned once and should be stored securely by the user.

Authentication

Auth Chain: WEB Chain — requires Authorization: Bearer <jwt> These headers are injected by the system (frontend does nothing): X-PORTAL-ACCESS-CODE (Nginx), X-Request-Id (Gateway)

Request Parameters

No request parameters required.

Success Response

Success200

{
  "version": "1.3.0",
  "timestamp": 1709337600000,
  "success": true,
  "code": "2000",
  "message": "SUCCESS",
  "data": {
    "codes": [
      "abc12345",
      "def67890",
      "ghi11223",
      "jkl44556",
      "mno77889",
      "pqr00112",
      "stu33445",
      "vwx66778",
      "yza99001",
      "bcd22334"
    ]
  }
}

Error Responses

Unauthorized401

{
  "success": false,
  "code": "4010",
  "message": "Invalid or expired token"
}

Notes

Generates 10 backup codes by default.
Previously generated codes are invalidated.
Codes are hashed before storage and cannot be retrieved again after this response.
Users should store these codes securely offline.

Generate Backup Codes ​

Authentication ​

Request Parameters ​

Success Response ​

Error Responses ​