Verify OTP

POST/web/v1/users/self/security/mfa/otp/verifyJWT

Verifies the OTP setup by validating a code from the user's authenticator app. On success, the OTP method is automatically enabled. Returns 204 No Content.

Authentication

Auth Chain: WEB Chain — requires Authorization: Bearer <jwt> These headers are injected by the system (frontend does nothing): X-PORTAL-ACCESS-CODE (Nginx), X-Request-Id (Gateway)

Request Parameters

Name	Type	Required	In	Description
`request`	`Object`	Yes	body	OtpVerifyRequest object (see request body schema)

Success Response

No Content204

"{null}"

Error Responses

Unauthorized401

{
  "success": false,
  "code": "4010",
  "message": "Invalid or expired token"
}

Notes

Returns HTTP 204 No Content on success.
The OTP setup session is valid for a limited time.
On successful verification, the OTP MFA method is automatically enabled.
If this is the first MFA method, account-level MFA is automatically enabled.

Verify OTP ​

Authentication ​

Request Parameters ​

Success Response ​

Error Responses ​