Verify a TOTP registration

Verify the time-based one-time-password (TOTP) registration with the generated code.

Path Parameters

userId string required

unique identifier of the user.

totpId string required

unique identifier of the TOTP registration, which was returned in the start TOTP registration.

application/json

application/grpc

application/grpc-web+proto

Request Body required

code string required

Possible values: >= 6 characters and <= 9 characters

Code generated by TOTP app or device.

Request Body required

code string required

Possible values: >= 6 characters and <= 9 characters

Code generated by TOTP app or device.

Request Body required

code string required

Possible values: >= 6 characters and <= 9 characters

Code generated by TOTP app or device.

Responses

• 200
• 403
• 404
• default

---

TOTP registration successfully verified

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
resourceOwner resource_owner is the organization or instance_id an object belongs to

{
  "details": {
    "sequence": "2",
    "changeDate": "2024-04-10T04:31:13.812Z",
    "resourceOwner": "69629023906488334"
  }
}

Schema

Example (from schema)

---

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
resourceOwner resource_owner is the organization or instance_id an object belongs to

{
  "details": {
    "sequence": "2",
    "changeDate": "2024-04-10T04:31:13.812Z",
    "resourceOwner": "69629023906488334"
  }
}

Schema

Example (from schema)

---

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
resourceOwner resource_owner is the organization or instance_id an object belongs to

{
  "details": {
    "sequence": "2",
    "changeDate": "2024-04-10T04:31:13.812Z",
    "resourceOwner": "69629023906488334"
  }
}

Returned when the user does not have permission to access the resource.

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Returned when the resource does not exist.

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

An unexpected error response.

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

POST /v3alpha/users/:userId/totp/:totpId/verify

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL

https://$CUSTOM-DOMAIN

Bearer Token

userId — path required

totpId — path required

Content-Type

application/jsonapplication/grpcapplication/grpc-web+proto

Body required

{
  "code": "123456"
}

Accept

application/jsonapplication/grpcapplication/grpc-web+proto

curl / cURL

curl -L -X POST 'https://$CUSTOM-DOMAIN/v3alpha/users/:userId/totp/:totpId/verify' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "code": "123456"
}'

python / requests

curl -L -X POST 'https://$CUSTOM-DOMAIN/v3alpha/users/:userId/totp/:totpId/verify' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "code": "123456"
}'

go / native

curl -L -X POST 'https://$CUSTOM-DOMAIN/v3alpha/users/:userId/totp/:totpId/verify' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "code": "123456"
}'

nodejs / axios

curl -L -X POST 'https://$CUSTOM-DOMAIN/v3alpha/users/:userId/totp/:totpId/verify' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "code": "123456"
}'

ruby / Net::HTTP

curl -L -X POST 'https://$CUSTOM-DOMAIN/v3alpha/users/:userId/totp/:totpId/verify' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "code": "123456"
}'

csharp / RestSharp

curl -L -X POST 'https://$CUSTOM-DOMAIN/v3alpha/users/:userId/totp/:totpId/verify' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "code": "123456"
}'

php / cURL

curl -L -X POST 'https://$CUSTOM-DOMAIN/v3alpha/users/:userId/totp/:totpId/verify' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "code": "123456"
}'

java / OkHttp

curl -L -X POST 'https://$CUSTOM-DOMAIN/v3alpha/users/:userId/totp/:totpId/verify' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "code": "123456"
}'

powershell / RestMethod

curl -L -X POST 'https://$CUSTOM-DOMAIN/v3alpha/users/:userId/totp/:totpId/verify' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "code": "123456"
}'