Verify MFA Token
Early Preview
This API is in early preview and may be subject to change.
Use this API to verify a MFA token that has been sent to a user as a result of the Validate a User request.
Resource URL
https://<subdomain>/api/2/smart-mfa/verifyHeader Parameters
Authorization required string | Set to Set The access token must have been generated using an API credential pair created using the scope required to call this API. This API can be called using any one of the following scopes: |
Content-Type required string |
Set to application/json. |
Request Parameters
|
state_token required string |
The state_token value returned from the Validate a User endpoint. |
|
otp_token required string |
The MFA token that was sent to the user via Email or SMS using the Validate a User endpoint |
Sample Request Body
{
"state_token": "7eca471e256fffa4d8760dcf893f134279652ab1",
"otp_token": "817252"
}Sample Response
- 200 OK
- 400 Bad Request
- 401 Unauthorized
OK
{
"name": "BadRequestError",
"message": "State token is invalid or expired"
}
Invalid otp_token
{
"name": "Unauthorized",
"message": "Failed authentication with this factor"
}Invalid API access token
{
"name": "UnauthorizedError",
"message": "The request requires user authentication."
}Sample Code
cURL
curl -XPOST 'https://<subdomain>.onelogin.com/api/2/smart-mfa/verify' \
-H 'Authorization: Bearer xxxxxxxxxxxxx' \
-H 'Content-Type: application/json' \
-d '{
"state_token": "xxx-xxx-xxx",
"otp_token": "810455"
}'Postman Collection
Replace sample variables indicated by {{ }} with your actual values.
Download for the Smart MFA API
Have a Question?
Found a problem or a bug? Submit a support ticket.
Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.
Have a product idea or request? Share it with us in our Ideas Portal.