Verify OTP
POST
/web/v1/users/self/security/mfa/otp/verify JWTVerifies the OTP setup by validating a code from the user's authenticator app. On success, the OTP method is automatically enabled. Returns 204 No Content.
Required Headers
| Header | Example Value | Description |
|---|---|---|
| Content-Type | application/json | Request content type |
| Accept | application/json | Expected response type |
| X-Client-Hash | Client device fingerprint | |
| Accept-Language | en, zh, zh-Hant, ja, vi | Response language (default: en) |
| Authorization | Bearer | JWT access token |
Request Parameters
| Name | Type | Required | In | Description |
|---|---|---|---|---|
request | Object | Required | body | OtpVerifyRequest object (see request body schema) |
Success Response
No Content 204
Error Responses
Unauthorized 401
{
"success": false,
"code": "4010",
"message": "Invalid or expired token"
}Notes
- Returns HTTP 204 No Content on success.
- The OTP setup session is valid for a limited time.
- On successful verification, the OTP MFA method is automatically enabled.
- If this is the first MFA method, account-level MFA is automatically enabled.
- Rate limited to 5 requests per 300-second window.