Deactivate MFA

Deactivate MFA method(s) for the current authenticated user.

Quick Navigation

• Endpoint
• Headers
• Request Body
• Parameters
• Validations
• Response
• Success (200)
• Error Codes
• Data Flow
• Features
• Example
• Related Endpoints

Endpoint

POST /api/v1/auth/mfa/deactivate

Headers

Header	Required	Description
Authorization	Yes	Bearer <access_token>
Content-Type	Yes	application/json

Request Body

{
  "method": "totp"
}

Parameters

Field	Type	Required	Description
method	string	No	MFA method to deactivate: "totp", "email_otp", or null for all

Validations

• User authentication required
• MFA method existence check
• Cannot deactivate if it's the only method (optional validation)

Response

Success (200)

{
  "success": true,
  "data": {
    "deactivated_methods": ["totp"],
    "message": "MFA method deactivated successfully"
  },
  "message": "MFA method deactivated successfully"
}

Error Codes

Status	Code	Description
400	VALIDATION_ERROR	Invalid request
401	UNAUTHORIZED	Invalid or missing token
401	USER_NOT_FOUND	User not found
404	MFA_METHOD_NOT_FOUND	Specified MFA method not found

Data Flow

1. Authentication

   • Verify access token
   • Get current user

2. Method Validation

   • If method specified: Check method exists for user
   • If no method: Prepare to deactivate all methods

3. Deactivation

   • Mark MFA method(s) as inactive
   • Remove method from active methods
   • If last method: Automatically remove backup codes

4. Backup Code Cleanup

   • If deactivating last method: Delete all backup codes
   • Mark codes as expired

5. Audit Logging

   • Log MFA deactivation event
   • Record which methods were deactivated

6. Response

   • Return list of deactivated methods
   • Confirm deactivation

Features

• Deactivate specific MFA method or all methods
• Automatically removes backup codes when last method is deactivated
• Audit logging for security
• Returns list of deactivated methods

Example

curl -X POST https://api.rivergen.com/api/v1/auth/mfa/deactivate \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "method": "totp"
  }'

Related Endpoints

• MFA Status - Check current MFA status
• TOTP Setup - Setup TOTP again if needed
• Email OTP Setup - Setup Email OTP again