DocsAPI ReferenceAccount/bff/account/setup-otp-save
postAccountAdmin BFF

/bff/account/setup-otp-save

Verifies the 6-digit TOTP code against the supplied base32 secret. On success persists the secret on cas__user.otp_code and sets otp_enabled_date = NOW(); on failure returns { success: false, reason: "invalid-code" } so the UI can prompt the user to retry.

AccountpostBffAccountSetup-otp-save

Parameters

2 body

2 total
Body · 2
secretstringRequired

Base32 TOTP secret returned by /setup-otp-generate-secret.

otpCodestringRequired

6-digit code shown by the authenticator app right now — proves the user actually scanned the QR.

Request

POST /bff/account/setup-otp-save

post
curl -X POST "https://api.bizkithub.com/bff/account/setup-otp-save" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{
  "secret": "example_secret",
  "otpCode": "example_otpCode"
}'

Response

JSON payload

{
  "success": true
}

All response codes

1 status code documented

Need an API key?

All BizKitHub API endpoints require authentication via API key.

Get API Key