Generate MFA Token
Use to generate a temporary MFA token that can be used in place of other MFA tokens for a set time period. For example, use this token for account recovery when an MFA device has been lost.
Resource URL
https://<subdomain>/api/1/users/:user_id/mfa_token
Header Parameters
Authorization required string |
Set to Set Generate an access token with the API credential pair created using the scope required to call this API. Call this API with any one of the following scopes: |
Content-Type required string |
Set to application/json . |
Resource Parameters
user_id required integer |
Set to the If you don’t know the user’s |
Request Parameter
expires_in integer |
Set the duration of the token in seconds. Token expiration defaults to 259200 seconds = 72 hours. 72 hours is the max value. |
reusable string |
Defines if the token is reusable multiple times within the expiry window. Value defaults to false. If set to |
Sample Request Body
For the sample request, token expires in 300 seconds. The token can be used multiple times within the 300 seconds.
{
"expires_in": "300",
"reusable": true
}
Sample Response
- 200 OK
- 401 Unauthorized
{
"mfa_token": "55647655",
"reusable": true,
"expires_at": "2019-01-16T22:16:38Z"
}
Typically, this error indicates your access token value is invalid.
{
"status": {
"error": true,
"code": 401,
"type": "Unauthorized",
"message": "Authentication Failure"
}
}
Typically, the following error indicates the access token used to make the call was generated using API credentials with insufficient permissions. Call this API using the Manage Users
or Manage All
scope.
{
"status": {
"error": true,
"code": 401,
"type": "Unauthorized",
"message": "Insufficient Permission"
}
}
Response Elements
|
Token can function as a temporary MFA token. It can be used to authenticate for any app when valid. |
reusable |
true indcates the token can be used multiple times, until it expires. false indicates the token is invalid after a single use or once it expires. Defaults to false . |
expires_at |
Defines the expiration time and date for the token. Format is UTC time. |
Postman Collection
Replace sample variables indicated by {{ }}
with your actual values.
Download for the MFA API
Sample Code
cURL
Replace sample values indicated by < >
with your actual values.
curl 'https://<subdomain>/api/1/users/:user_id/mfa_token' \
-X POST \
-H "Authorization: bearer:<access_token>" \
-H "Content-Type: application/json" \
-d '{
"expires_in":"<300>",
"reusable":"<true>",
}'
Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.