API ReferenceAuthenticator App (TOTP)
POST
/v1/auth/totp/signup

Authorization

Descope Project ID
AuthorizationBearer <token>

Project ID as bearer token.

In: header

Request Body

application/json

loginId?string
user?object
ssoAppId?string

Sign-up new end user via TOTP

Initiate a TOTP sign-up process for a new end user. Descope will generate a TOTP key (also called a secret or seed) that will be entered into the end user's authenticator app so that TOTP codes can be successfully verified. The new end user will be registered after the full TOTP sign-up flow has successfully completed.

If the end user is already registered use the add/update endpoint to add TOTP funtionality to an existing end user, to prevent the same person being registered twice.

Next Steps

  1. Display the TOTP key so it can be entered into their authenticator app. The TOTP key is returned in the response object in three ways, to ensure it can easily be entered into the end user's authenticator app.
  2. Prompt the end user user for a TOTP code generated by their authenticator app.
  3. Verify the TOTP code using the Sign-In / Verify endpoint to complete the sign-in process. After successfully verifying the TOTP code the new end user will be registered using the details you provided in the body of this endpoint.

See Also

  • See The User Object for further details on how to identify users and their contact information such as email addresses and phone number.
  • Use the add/update endpoint to add TOTP funtionality to an existing end user.
curl -X POST "https://api.descope.com/v1/auth/totp/signup" \  -H "Content-Type: application/json" \  -d '{}'
{  "provisioningURL": "string",  "image": "string",  "key": "string"}
export interface Response {/** * Clickable URL containing the TOTP key that will open an installed authenticator app */provisioningURL?: string/** * QR code of the TOTP key (as a Base64 image) that can be scanned from an authenticator app */image?: string/** * TOTP key that can be manually pasted into the authenticator app */key?: string}
Was this helpful?

TOTP API Overview

Use the Descope REST API to add TOTP authenticator apps to your application.

Sign-In / Verify POST

### Verify the TOTP of an end user Verify the TOTP code of an end user. This endpoint is the final API call for the following TOTP flows: * Sign-In - If the end user is already registered, this end-point is the only call you need to sign-in that user. * Sign-Up - If you are implementing a sign-up flow, this endpoint will verify the TOTP code and complete the sign-up process * Add/ Update - If you are implementing an Add / Update flow, this endpoint completes the process of adding/updating the TOTP key for that user. The response object includes the session JWT `sessionJwt` and refresh JWT `refreshJwt` when the endpoint completes successfully, and the end user will be signed in. ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email addresses and phone number. - See [User Login Options](/api/overview#user-login-options) for further details on loginOptions.