Remove TOTP Device
Remove a specific TOTP device from the user's account.
Quick Navigation
Endpoint
DELETE /api/v1/mfa/totp/devices/{device_id}
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer <access_token> |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
device_id | integer | Yes | ID of the TOTP device to remove |
Validations
- Device ID must exist
- Device must belong to current user
- Device must be verified
Response
Success (200)
{
"success": true,
"data": {
"success": true,
"message": "TOTP device removed successfully"
},
"message": "TOTP device removed successfully"
}
Error Codes
| Status | Code | Description |
|---|---|---|
| 401 | UNAUTHORIZED | Invalid or missing token |
| 404 | DEVICE_NOT_FOUND | Device not found or doesn't belong to user |
| 500 | DEVICE_REMOVE_ERROR | Internal server error |
Data Flow
-
Authentication
- Verify access token
- Get current user
-
Device Validation
- Query MfaMethod table
- Verify device exists and belongs to user
- Verify device type is "totp"
- Verify device is verified
-
Device Removal
- Delete device from database
- Check if this was the last TOTP device
-
Backup Code Cleanup
- If last TOTP device: Delete all backup codes
- Mark backup codes as expired
-
MFA Status Update
- If last method: Disable MFA for user
- Update MFA enabled status
-
Audit Logging
- Log device removal event
- Record device information
-
Response
- Return success confirmation
Features
- Removes the specified TOTP device
- Automatically removes backup codes if this was the last TOTP device
- Prevents removal of non-existent devices
- Audit logging for security
- Updates MFA status if needed
Important Notes
- Removing the last TOTP device will also remove all backup codes
- User should set up a new MFA method before removing all devices
- Cannot remove device if it doesn't exist or doesn't belong to user
Example
curl -X DELETE https://api.rivergen.com/api/v1/mfa/totp/devices/1 \
-H "Authorization: Bearer <access_token>"
Related Endpoints
- List TOTP Devices - View all TOTP devices
- TOTP Setup - Add new TOTP device