See api-docs Menu

Generate MFA Token

Use to generate a temporary MFA token that can be used in place of other MFA tokens for a set time period. For example, use this token for account recovery.

Resource URL

https://api.<us_or_eu>.onelogin.com/api/1/users/:user_id/mfa_token

Header Parameters

Authorization

required

string

Set to bearer:<access_token>.

Set <access_token> to the access token generated with the Generate Token API.

Generate an access token with the API credential pair created using the scope required to call this API. Call this API with any one of the following scopes: Manage Users or Manage All.

Content-Type

required

string

Set to application/json.

Resource Parameters

user_id

required

integer

Set to the id of the user to generate a token.

If you don’t know the user’s id, the Get Users API returns all users and their id values.

Request Parameter

expires_in

integer

Set the duration of the token in seconds.

Token expiration defaults to 259200 seconds = 72 hours. 72 hours is the max value.

reusable

string

Defines if the token is reusable multiple times within the expiry window.

Value defaults to false. If set to true, token can be used multiple times, until it expires.

Sample Request Body

For the sample request, token expires in 300 seconds. The token can be used multiple times within the 300 seconds.

{
   "expires_in": "300",
   "reusable": true    
}

Sample Response

{
    "mfa_token": "55647655",
    "reusable": true,
    "expires_at": "2019-01-16T22:16:38Z"
}

Typically, this error indicates your access token value is invalid.

{
    "status": {
        "error": true,
        "code": 401,
        "type": "Unauthorized",
        "message": "Authentication Failure"
 }
}

Typically, the following error indicates the access token used to make the call was generated using API credentials with insufficient permissions. Call this API using the Manage Users or Manage All scope.

{
    "status": {
        "error": true,
        "code": 401,
        "type": "Unauthorized",
        "message": "Insufficient Permission"
    }
}

Response Elements

mfa_token

Token can function as a temporary MFA token. It can be used to authenticate for any app when valid.

reusable true indcates the token can be used multiple times, until it expires. false indicates the token is invalid after a single use or once it expires. Defaults to false.
expires_at Defines the expiration time and date for the token. Format is UTC time.

Postman Collection

Replace sample variables indicated by < > in the sample request body with your actual values. Also, be sure to set Postman-specific environment variables indicated by {{ }}.

Download for the Users API

Sample Code

cURL

Replace sample values indicated by < > with your actual values.

curl 'https://api.<us_or_eu>.onelogin.com/api/1/users/:user_id/mfa_token' \
-X POST \
-H "Authorization: bearer:<access_token>" \
-H "Content-Type: application/json" \
-d '{
  "expires_in":"<300>",
  "reusable":"<true>",
}'

Have a Question?

Have a how-to question? Seeing a weird error? Ask us about it on StackOverflow.

Found a bug? Submit a support ticket.

Have a product idea or request? Share it with us in our Ideas Portal.