/bff/account/setup-otp-save
Verifies the 6-digit TOTP code against the supplied base32 secret. On success persists the secret on cas__user.otp_code and sets otp_enabled_date = NOW(); on failure returns { success: false, reason: "invalid-code" } so the UI can prompt the user to retry.
AccountpostBffAccountSetup-otp-save
Parameters
2 body
Body · 2
secretstringRequiredBase32 TOTP secret returned by /setup-otp-generate-secret.
otpCodestringRequired6-digit code shown by the authenticator app right now — proves the user actually scanned the QR.
Request
POST /bff/account/setup-otp-save
curl -X POST "https://api.bizkithub.com/bff/account/setup-otp-save" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d '{
"secret": "example_secret",
"otpCode": "example_otpCode"
}'Response
JSON payload
{
"success": true
}All response codes
1 status code documented
Need an API key?
All BizKitHub API endpoints require authentication via API key.