totp
Configure TOTP MFA Method
This endpoint defines a MFA method of type TOTP.
Method | Path |
---|---|
POST | /sys/mfa/method/totp/:name |
Parameters
name
(string: <required>)
– Name of the MFA method.issuer
(string: <required>)
- The name of the key's issuing organization.period
(int or duration format string: 30)
- The length of time used to generate a counter for the TOTP token calculation.key_size
(int: 20)
– Specifies the size in bytes of the generated key.qr_size
(int: 200)
- The pixel size of the generated square QR code.algorithm
(string: "SHA1")
– Specifies the hashing algorithm used to generate the TOTP code. Options include "SHA1", "SHA256" and "SHA512".digits
(int: 6)
- The number of digits in the generated TOTP token. This value can either be 6 or 8.skew
(int: 1)
- The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1.max_validation_attempts
(int: 5)
- The maximum number of consecutive TOTP code failed validation.
Sample Payload
Sample Request
Read TOTP MFA Method
This endpoint queries the MFA configuration of TOTP type for a given method name.
Method | Path |
---|---|
GET | /sys/mfa/method/totp/:name |
Parameters
name
(string: <required>)
– Name of the MFA method.
Sample Request
Sample Response
Delete TOTP MFA Method
This endpoint deletes a TOTP MFA method.
Method | Path |
---|---|
DELETE | /sys/mfa/method/totp/:name |
Parameters
name
(string: <required>)
- Name of the MFA method.
Sample Request
Generate a TOTP MFA Secret
This endpoint generates an MFA secret in the entity of the calling token, if it doesn't exist already, using the configuration stored under the given MFA method name.
Method | Path |
---|---|
GET | /sys/mfa/method/totp/:name/generate |
Parameters
name
(string: <required>)
- Name of the MFA method.
Sample Request
Sample Response
Administratively Generate a TOTP MFA Secret
This endpoint can be used to generate a TOTP MFA secret. Unlike the generate
API which stores the generated secret on the entity ID of the calling token,
the admin-generate
API stores the generated secret on the given entity ID.
Method | Path |
---|---|
POST | /sys/mfa/method/totp/:name/admin-generate |
Parameters
name
(string: <required>)
- Name of the MFA method.entity_id
(string: <required>)
- Entity ID on which the generated secret needs to get stored.
Sample Payload
Sample Request
Sample Response
Administratively Destroy TOTP MFA Secret
This endpoint deletes a TOTP MFA secret from the given entity ID.
Note that in order to overwrite a secret on the entity, it is required to
explicitly delete the secret first. This API can be used to delete the secret
and the generate
or admin-generate
APIs should be used to regenerate a new
secret.
Method | Path |
---|---|
POST | /sys/mfa/method/:name/admin-destroy |
Parameters
name
(string: <required>)
– Name of the MFA method.entity_id
(string: <required>)
- Entity ID from which the MFA secret should be removed.
Sample Payload
Sample Request