Skip to main content

Add One-Time Password (OTP)

POST 

https://$CUSTOM-DOMAIN/auth/v1/users/me/auth_factors/otp

Add a new One-Time Password (OTP) factor to the authenticated user. OTP is an authenticator app like Google/Microsoft Authenticator, Authy, etc. Only one OTP per user is allowed. After adding a new OTP it has to be verified.

Request​

Bodyrequired

    objectobject

Responses​

A successful response.

Schema
    urlstring
    Example: otpauth://totp/ZITADEL:gigi@acme.zitadel.cloud?algorithm=SHA1&digits=6&issuer=ZITADEL&period=30&secret=TJOPWSDYILLHXFV4MLKNNJOWFG7VSDCK
    secretstring
    Example: TJOPWSDYILLHXFV4MLKNNJOWFG7VSDCK
    details object
    sequenceuint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    Example: 2
    creationDatedate-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

    changeDatedate-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

    resourceOwnerresource_owner is the organization an object belongs to (string)
    Example: 69629023906488334

Authorization: oauth2

name: OAuth2type: oauth2scopes: openidflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid"
    }
  }
}
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "https://$CUSTOM-DOMAIN/auth/v1/users/me/auth_factors/otp");
request.Headers.Add("Accept", "application/json");
request.Headers.Add("Authorization", "Bearer <token>");
var content = new StringContent("{}", null, "application/json");
request.Content = content;
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());
Request Collapse all
Base URL
https://$CUSTOM-DOMAIN/auth/v1
Auth
Body required
{}
ResponseClear

Click the Send API Request button above and see the response here!