Skip Navigation Links

One Time Passwords

Check OTP configuration

Requires authentication via bearer.

Returns whether the user has enrolled an authenticator app for OTP-based two-factor authentication via the is_set flag.

  • Requires VIEW permission on the target user.
  • Use the delete endpoint to revoke an existing enrollment.

Path Params

user_id stringrequired

Unique identifier of a user.

Query Params

embed string[]

Options for embedding additional data in OTP (two-factor authentication) responses:

  • ACTIONS: Include available actions for the OTP configuration (delete)

Response Body

200 OK

Error Codes

  • FEATURE_DISABLED
  • PERMISSION_MISSING

Delete OTP

Requires authentication via bearer.

Revokes the user's OTP enrollment. On next login the user is prompted to enrol a new authenticator.

  • Requires EDIT permission on the target user.
  • Idempotent: returns 200 with is_set: false even if no OTP was previously configured.

Path Params

user_id stringrequired

Unique identifier of a user.

Query Params

embed string[]

Options for embedding additional data in OTP (two-factor authentication) responses:

  • ACTIONS: Include available actions for the OTP configuration (delete)

Response Body

200 OK

Error Codes

  • FEATURE_DISABLED
  • PERMISSION_MISSING