Disable MFA Method

POST/web/v1/users/self/security/mfa/{method}/disableJWT

Disables a specific MFA method for the authenticated user. Cannot disable the last MFA method if MFA is required. EMAIL method cannot be modified.

Authentication

Auth Chain: WEB Chain — requires Authorization: Bearer <jwt> These headers are injected by the system (frontend does nothing): X-PORTAL-ACCESS-CODE (Nginx), X-Request-Id (Gateway)

Request Parameters

Name	Type	Required	In	Description
`method`	`String`	Yes	path	MFA method identifier (e.g., EMAIL, OTP)

Success Response

No Content204

"{null}"

Error Responses

Unauthorized401

{
  "success": false,
  "code": "4010",
  "message": "Invalid or expired token"
}

Notes

Returns HTTP 204 No Content on success.
EMAIL method cannot be disabled.
If this removes the last MFA method, account-level MFA is automatically disabled.

Disable MFA Method ​

Authentication ​

Request Parameters ​

Success Response ​

Error Responses ​