Generate MFA OTP
Generate MFA OTP code for login verification using temporary token from login.
Quick Navigation
Endpoint
POST /api/v1/auth/mfa/otp/generate
Headers
| Header | Required | Description |
|---|---|---|
Content-Type | Yes | application/json |
Request Body
{
"temporary_token": "temp_token_from_login",
"method": "email_otp"
}
Parameters
| Field | Type | Required | Description |
|---|---|---|---|
temporary_token | string | Yes | Temporary token from login when MFA is required |
method | string | Yes | MFA method: "email_otp" or "totp" |
Validations
- Temporary token validation
- Token expiration check
- User account status check
- Session validation
- MFA method availability check
Response
Success (200)
{
"success": true,
"data": {
"temporary_token": "new_temp_token_for_verification",
"message": "MFA OTP generated successfully"
},
"message": "MFA OTP generated successfully"
}
Error Codes
| Status | Code | Description |
|---|---|---|
| 400 | INVALID_REQUEST | Invalid request parameters |
| 401 | INVALID_TEMPORARY_TOKEN | Invalid or expired temporary token |
| 401 | USER_NOT_FOUND | User not found or disabled |
| 404 | SESSION_NOT_FOUND | Session not found |
| 422 | VALIDATION_ERROR | Request validation failed |
Data Flow
-
Token Validation
- Validate temporary token from Redis
- Check token expiration
- Extract user ID and session ID
-
User Validation
- Verify user exists and is not disabled
- Check account status
-
Session Validation
- Verify session exists
- Check session is valid
-
MFA Method Processing
- For email_otp:
- Generate 6-digit OTP code
- Store OTP in Redis (10 minute expiry)
- Send OTP via email
- For totp:
- Prepare for TOTP verification
- No OTP sent (user enters code from app)
- For email_otp:
-
Token Refresh
- Create new temporary token for verification step
- Store challenge information in token
-
Audit Logging
- Log MFA OTP generation event
Features
- Generates email OTP or prepares TOTP verification
- Creates temporary token for verification
- Sends email OTP automatically for email_otp method
- Returns temporary token for verification step
- Supports both email OTP and TOTP methods
Example
curl -X POST https://api.rivergen.com/api/v1/auth/mfa/otp/generate \
-H "Content-Type: application/json" \
-d '{
"temporary_token": "temp_token_from_login",
"method": "email_otp"
}'
Related Endpoints
- Login - Initial login that may require MFA
- Verify MFA - Verify MFA code
- MFA Status - Check MFA configuration