API Reference/Authenticator App (TOTP)
POST
/v1/auth/totp/signup

Authorization

AuthorizationRequiredBearer <token>

In: header

Request Body

application/jsonRequired
loginIdstring
userobject
ssoAppIdstring
curl -X POST "https://api.descope.com/v1/auth/totp/signup" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "loginId": "string",
    "user": {
      "loginId": "string",
      "name": "string",
      "phone": "string",
      "email": "string",
      "givenName": "string",
      "middleName": "string",
      "familyName": "string"
    },
    "ssoAppId": "string"
  }'

OK

{
  "provisioningURL": "string",
  "image": "string",
  "key": "string"
}

Was this helpful?

TOTP API Overview

Use the Descope REST API to add TOTP authenticator apps to your application.

Sign-In / Verify POST

### Verify the TOTP of an end user Verify the TOTP code of an end user. This endpoint is the final API call for the following TOTP flows: * Sign-In - If the end user is already registered, this end-point is the only call you need to sign-in that user. * Sign-Up - If you are implementing a sign-up flow, this endpoint will verify the TOTP code and complete the sign-up process * Add/ Update - If you are implementing an Add / Update flow, this endpoint completes the process of adding/updating the TOTP key for that user. The response object includes the session JWT `sessionJwt` and refresh JWT `refreshJwt` when the endpoint completes successfully, and the end user will be signed in. ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email addresses and phone number. - See [User Login Options](/api/overview#user-login-options) for further details on loginOptions. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <Project ID>`