Skip to main content
Manage two-factor authentication (2FA) for user accounts.

Verify Two-Factor Code

Verify a two-factor authentication code after login.

Authentication

This endpoint does not require authentication, but requires a temporary token from the login response.

Request Body

code
string
required
The 6-digit two-factor authentication code. Must contain only numbers.
token
string
required
Temporary token received from the login response when requires2FA is true.

Response

success
boolean
Indicates whether the 2FA verification was successful.
token
string
JWT access token for authenticating subsequent requests (only provided on successful verification).
refreshToken
string
Refresh token for obtaining new access tokens.
refreshTokenExpiry
string
Expiration date and time of the refresh token (ISO 8601 format).
user
object
User information object.
message
string
A message describing the result of the operation.
errors
string[]
Array of error messages if verification failed.

Error Responses

{
  "success": false,
  "token": null,
  "refreshToken": null,
  "user": null,
  "message": "2FA verification failed",
  "errors": [
    "Invalid two-factor authentication code"
  ]
}

curl -X POST https://api.sapfiai.com/authentication/verify-2fa \
  -H "Content-Type: application/json" \
  -d '{
    "code": "123456",
    "token": "temp-2fa-token-xyz"
  }'

{
  "success": true,
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "8f7d6e5c4b3a2918e7f6d5c4b3a29180",
  "refreshTokenExpiry": "2026-04-05T10:30:00Z",
  "user": {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "email": "[email protected]",
    "userName": "johndoe",
    "phoneNumber": "+1234567890",
    "twoFactorEnabled": true,
    "lastLoginDate": "2026-03-05T10:30:00Z",
    "lastLoginIp": "192.168.1.1"
  },
  "message": "2FA verification successful",
  "errors": null
}

Enable Two-Factor Authentication

Enable or disable two-factor authentication for the authenticated user.

Authentication

Required: This endpoint requires authentication via Bearer token. 
Authorization: Bearer {token}

Request Body

email
string
required
User’s email address for verification.
password
string
required
User’s password for verification. Must be at least 6 characters.
enable
boolean
default:"true"
Set to true to enable 2FA, or false to disable it.

Response

isSuccess
boolean
Indicates whether the 2FA setting change was successful.
succeeded
boolean
Alias for isSuccess. Indicates whether the operation succeeded.
error
object
Error information if the operation failed.
errors
object[]
Array of error objects if the operation failed.

Error Responses

{
  "type": "https://tools.ietf.org/html/rfc7235#section-3.1",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authorization token is missing or invalid"
}

curl -X POST https://api.sapfiai.com/authentication/enable-2fa \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecureP@ssw0rd",
    "enable": true
  }'

{
  "isSuccess": true,
  "succeeded": true,
  "error": {
    "code": "",
    "description": ""
  },
  "errors": []
}

Build docs developers (and LLMs) love

Get started for freeTalk to us