Skip to main content
POST
/
api
/
v1
/
pub
/
{project_id}
/
auth
/
totp
/
setup
Start TOTP setup
curl --request POST \
  --url https://org-api.hexoforge.dev/api/v1/pub/{project_id}/auth/totp/setup \
  --header 'X-API-Key: <api-key>'
import requests

url = "https://org-api.hexoforge.dev/api/v1/pub/{project_id}/auth/totp/setup"

headers = {"X-API-Key": "<api-key>"}

response = requests.post(url, headers=headers)

print(response.text)
const options = {method: 'POST', headers: {'X-API-Key': '<api-key>'}};

fetch('https://org-api.hexoforge.dev/api/v1/pub/{project_id}/auth/totp/setup', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://org-api.hexoforge.dev/api/v1/pub/{project_id}/auth/totp/setup",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_HTTPHEADER => [
"X-API-Key: <api-key>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"net/http"
"io"
)

func main() {

url := "https://org-api.hexoforge.dev/api/v1/pub/{project_id}/auth/totp/setup"

req, _ := http.NewRequest("POST", url, nil)

req.Header.Add("X-API-Key", "<api-key>")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://org-api.hexoforge.dev/api/v1/pub/{project_id}/auth/totp/setup")
.header("X-API-Key", "<api-key>")
.asString();
require 'uri'
require 'net/http'

url = URI("https://org-api.hexoforge.dev/api/v1/pub/{project_id}/auth/totp/setup")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["X-API-Key"] = '<api-key>'

response = http.request(request)
puts response.read_body
{
  "secret": "<string>",
  "uri": "<string>"
}
Creates a TOTP secret in a pending state. Requires X-API-Key and Bearer access token.
Send both X-API-Key and Authorization: Bearer. Complete setup with Verify TOTP setup within 5 minutes.

Response

200 OK
{
  "secret": "JBSWY3DPEHPK3PXP",
  "uri": "otpauth://totp/MyApp:user@example.com?secret=JBSWY3DPEHPK3PXP&issuer=MyApp"
}
secret
string
Base32 secret for manual entry.
uri
string
otpauth URI for QR apps.

Status codes

CodeMeaning
200Secret generated (pending verification)
400TOTP already enabled
401Invalid token
403TOTP disabled for project, IP blocked, or firewall deny