List MFA Methods

GET/web/v1/users/self/security/mfa JWT

Lists all MFA methods for the authenticated user, including their enabled status and whether each is set as the primary method. EMAIL is always included.

Required Headers

Header	Example Value	Description
Content-Type	application/json	Request content type
Accept	application/json	Expected response type
X-Client-Hash		Client device fingerprint
Accept-Language	`en`, `zh`, `zh-Hant`, `ja`, `vi`	Response language (default: `en`)
Authorization	Bearer	JWT access token

Request Parameters

No request parameters required.

Success Response

Success 200

{
  "version": "1.3.0",
  "timestamp": 1709337600000,
  "success": true,
  "code": "2000",
  "message": "SUCCESS",
  "data": [
    {
      "method": "EMAIL",
      "enabled": true,
      "primary": true
    },
    {
      "method": "OTP",
      "enabled": false,
      "primary": false
    }
  ]
}

Error Responses

Unauthorized 401

{
  "success": false,
  "code": "4010",
  "message": "Invalid or expired token"
}

Notes

EMAIL method is always included in the response, even if not explicitly configured.
Each method includes its enabled status and whether it is the primary MFA method.

List MFA Methods ​

Required Headers ​

Request Parameters ​

Success Response ​

Error Responses ​