Generate Backup Codes
POST
/web/v1/users/self/security/mfa/backup-codes/generate JWTGenerates a new set of backup codes, invalidating any previously generated codes. Backup codes are only returned once and should be stored securely by the user.
Required Headers
| Header | Example Value | Description |
|---|---|---|
| Content-Type | application/json | Request content type |
| Accept | application/json | Expected response type |
| X-Client-Hash | Client device fingerprint | |
| Accept-Language | en, zh, zh-Hant, ja, vi | Response language (default: en) |
| Authorization | Bearer | JWT access token |
| X-SC-Session-Id | Secure channel session ID |
Request Parameters
No request parameters required.
Success Response
Success 200
{
"version": "1.3.0",
"timestamp": 1709337600000,
"success": true,
"code": "2000",
"message": "SUCCESS",
"data": {
"codes": [
"abc12345",
"def67890",
"ghi11223",
"jkl44556",
"mno77889",
"pqr00112",
"stu33445",
"vwx66778",
"yza99001",
"bcd22334"
]
}
}Error Responses
Unauthorized 401
{
"success": false,
"code": "4010",
"message": "Invalid or expired token"
}Notes
- Generates 10 backup codes by default.
- Previously generated codes are invalidated.
- Codes are hashed before storage and cannot be retrieved again after this response.
- Users should store these codes securely offline.
- Rate limited to 3 requests per 300-second window.