List TOTP Devices

List all registered TOTP devices for the current user.

Quick Navigation

• Endpoint
• Headers
• Response
• Success (200)
• Error Codes
• Data Flow
• Features
• Example
• Related Endpoints

Endpoint

GET /api/v1/mfa/totp/devices

Headers

Header	Required	Description
Authorization	Yes	Bearer <access_token>

Response

Success (200)

{
  "success": true,
  "data": {
    "devices": [
      {
        "id": 1,
        "device_name": "iPhone 14",
        "type": "totp",
        "created_at": "2024-01-01T10:00:00Z",
        "last_used_at": "2024-01-01T12:00:00Z",
        "is_primary": true,
        "verified": true
      },
      {
        "id": 2,
        "device_name": "Google Authenticator",
        "type": "totp",
        "created_at": "2024-01-02T10:00:00Z",
        "last_used_at": "2024-01-02T14:00:00Z",
        "is_primary": false,
        "verified": true
      }
    ],
    "total_count": 2
  },
  "message": "TOTP devices retrieved successfully"
}

Error Codes

Status	Code	Description
401	UNAUTHORIZED	Invalid or missing token
500	DEVICE_LIST_ERROR	Internal server error

Data Flow

1. Authentication

   • Verify access token
   • Get current user

2. TOTP Devices Query

   • Query MfaMethod table
   • Filter by user ID and type = "totp"
   • Filter by verified = true
   • Order by is_primary DESC, created_at DESC

3. Data Formatting

   • Format device details
   • Include timestamps
   • Include usage statistics

4. Response

   • Return devices list
   • Return total count

Features

• Shows all verified TOTP devices
• Includes device names, creation dates, and last used timestamps
• Returns device IDs for removal operations
• Indicates primary device

Example

curl -X GET https://api.rivergen.com/api/v1/mfa/totp/devices \
  -H "Authorization: Bearer <access_token>"

Related Endpoints

• Remove TOTP Device - Remove a TOTP device
• TOTP Setup - Add new TOTP device