Verifies MFA setup with TOTP code and enables MFA
POST /api/user/profile/mfa/verify
Auto-generated from server.go. Handler: s.verifyMFASetupProfile.
Authorizations
Section titled “Authorizations ”Request Body
Section titled “Request Body ”object
Responses
Section titled “ Responses ”MFA enabled
Response from POST /api/user/profile/mfa/verify. Returned after the
user enters a valid TOTP code against a pending MFA secret; MFA becomes
enabled and backup codes are returned. Mirrors the gin.H literal in
internal/api/handlers_security.go::verifyMFASetupProfile (hand-lifted
Phase 70-03 Session 6 — sampler cannot synthesise a valid TOTP code
for the seeded secret).
object
One-time backup codes generated (or echoed) at MFA enable.
The request body or parameters failed validation.
Standardised error envelope per RFC 7807. Many existing endpoints still
return an older shape (e.g. {"error": "..."}). This schema documents the
target shape; legacy endpoints will be migrated in Phase 70. Per D-21 the
spec describes current behaviour without enforcing the migration here.
object
A URI reference that identifies the problem type.
A short human-readable summary of the problem.
The HTTP status code generated by the origin server.
A human-readable explanation specific to this occurrence.
A URI reference that identifies the specific occurrence.
Legacy error message field. Will be removed once handlers are migrated.
Legacy per-field error details. Will be removed once handlers are migrated.
object
The request id middleware-assigned identifier for tracing.
Authentication is required or the supplied token is invalid.
Standardised error envelope per RFC 7807. Many existing endpoints still
return an older shape (e.g. {"error": "..."}). This schema documents the
target shape; legacy endpoints will be migrated in Phase 70. Per D-21 the
spec describes current behaviour without enforcing the migration here.
object
A URI reference that identifies the problem type.
A short human-readable summary of the problem.
The HTTP status code generated by the origin server.
A human-readable explanation specific to this occurrence.
A URI reference that identifies the specific occurrence.
Legacy error message field. Will be removed once handlers are migrated.
Legacy per-field error details. Will be removed once handlers are migrated.
object
The request id middleware-assigned identifier for tracing.
Internal server error
Standardised error envelope per RFC 7807. Many existing endpoints still
return an older shape (e.g. {"error": "..."}). This schema documents the
target shape; legacy endpoints will be migrated in Phase 70. Per D-21 the
spec describes current behaviour without enforcing the migration here.
object
A URI reference that identifies the problem type.
A short human-readable summary of the problem.
The HTTP status code generated by the origin server.
A human-readable explanation specific to this occurrence.
A URI reference that identifies the specific occurrence.
Legacy error message field. Will be removed once handlers are migrated.
Legacy per-field error details. Will be removed once handlers are migrated.
object
The request id middleware-assigned identifier for tracing.