List MFA Methods

GET/web/v1/users/self/security/mfaJWT

Lists all MFA methods for the authenticated user, including their enabled status and whether each is set as the primary method. EMAIL is always included.

Authentication

Auth Chain: WEB Chain — requires Authorization: Bearer <jwt> These headers are injected by the system (frontend does nothing): X-PORTAL-ACCESS-CODE (Nginx), X-Request-Id (Gateway)

Request Parameters

No request parameters required.

Success Response

Success200

{
  "version": "1.3.0",
  "timestamp": 1709337600000,
  "success": true,
  "code": "2000",
  "message": "SUCCESS",
  "data": [
    {
      "method": "EMAIL",
      "enabled": true,
      "primary": true
    },
    {
      "method": "OTP",
      "enabled": false,
      "primary": false
    }
  ]
}

Error Responses

Unauthorized401

{
  "success": false,
  "code": "4010",
  "message": "Invalid or expired token"
}

Notes

EMAIL method is always included in the response, even if not explicitly configured.
Each method includes its enabled status and whether it is the primary MFA method.

List MFA Methods ​

Authentication ​

Request Parameters ​

Success Response ​

Error Responses ​