Verify TOTP (beta)
Verify an TOTP (time-based one-time passcode) against a user ID to authenticate the user. This endpoints verifies that the TOTP sent in is valid for the given user ID.
HTTP Request
POST /v1/auth/totps/verify
Returns
A successful response returns an object with totp_id and verified user_id properties.
Body
-
user_id string Required
RequiredUser ID to verify the TOTP against.Minimum length is
1. -
totp string Required
RequiredTOTP code (time-based one-time passcode) generated by TOTP authenticator.Minimum length is
1. -
session_expires_in number
OptionalExtend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with asession_tokenandsession_jwt. However, if a validsession_tokenorsession_jwtis sent in, it will extend that session by the minutes specified. If not sent in, no session will be created by default. -
session_token string
OptionalUnique session token to verify. -
session_jwt string
OptionalUnique Session JWT to verify. -
device_fingerprint object
Device fingerprinting metadata for fraud detection during TOTP code verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled by matching fields in the
device_fingerprintsuch as IP, User Agent or the combination of them (more fraud detection features coming soon!)
curl \
-X POST https://api.streambird.io/v1/auth/totps/verify \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"user_id":"user_26l7dbfAY59ftejmm6m3OTf4oz1","totp":"505361","session_expires_in":100}'{
"user_id": "user_26l7dbfAY59ftejmm6m3OTf4oz1",
"totp": "505361",
"session_expires_in": 100
}{
"totp_id": "totp_27LbM1TMjS3gQN1vuzb1jn8Fshw",
"user_id": "user_26l7dbfAY59ftejmm6m3OTf4oz1",
"session_token": "1C8qaDSelbO6jLvv37yi31SvPx3t4AFWYe3O3lrmRJWxEws9s4Fle9m4JANi4hgr",
"session_jwt": "eyJhbGciOiJSUzI1NiIsImtpZCI6Imp3a18yN0Q1dU9UaFIyZHNncmFYN1dWb0VMRzRxRVgiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NDkxMTA3NTgsImlhdCI6MTY0OTEwNDc1OCwiaXNzIjoiYXBpLnN0cmVhbWJpcmQuaW8vNmU3YzlmMWItNWU2Ni00MDBjLTk5YTctNzgzNDExZTAzYWFjIiwianRpIjoic2Vzc18yN0xnUGx3SUpWTlJPZW96dlBzbXVxcko0aEUiLCJuYmYiOjE2NDkxMDQ3NTgsInNlc3Npb24iOnsiaWQiOiJzZXNzXzI3TGdQbHdJSlZOUk9lb3p2UHNtdXFySjRoRSIsInVzZXJfaWQiOiJ1c2VyXzI2bDdkYmZBWTU5ZnRlam1tNm0zT1RmNG96MSIsInN0YXJ0ZWRfYXQiOjE2NDkxMDQ3NTgsImV4cGlyZXNfYXQiOjE2NDkxMTA3NTgsImxhc3RfYWN0aXZlX2F0IjoxNjQ5MTA0NzU4LCJmYWN0b3JzIjpbeyJkZWxpdmVyeV9jaGFubmVsIjoidG90cF9hdXRoZW50aWNhdG9yIiwidHlwZSI6InRvdHAiLCJtZXRob2QiOnsibWV0aG9kX2lkIjoiZW1haWxfMjZsN2RZbzBKUEZMR21XTnYxdk53Y1loMEZGIiwibWV0aG9kX3R5cGUiOiJ0b3RwIiwidG90cF9pZCI6InRvdHBfMjdMYk0xVE1qUzNnUU4xdnV6YjFqbjhGc2h3IiwibGFzdF92ZXJpZmllZF9hdCI6MTY0OTEwNDc1OH19XSwiZGV2aWNlX2ZpbmdlcnByaW50Ijp7InVzZXJfYWdlbnQiOiIiLCJpcCI6IiJ9LCJ1cGRhdGVkX2F0IjoxNjQ5MTA0NzU4LCJjcmVhdGVkX2F0IjoxNjQ5MTA0NzU4fSwic3ViIjoidXNlcl8yNmw3ZGJmQVk1OWZ0ZWptbTZtM09UZjRvejEifQ.JAFd_ut2LdEgnmVtMO3Ul2Hk9MR_4FhuMvejCmZPuA4FhdjYI0NemD7Hz7FqPaAUuq9hNH4LVGqpjwnpBXtWtYPR4mQT6Jx4T8EKVqi4UWCT3oXblQIm5--iMhOilXzDelLNwyKP2Z3PrkkatUKHRv86LFcJn0nyv5yn-T8dK7F2cnMpEg6YLQc17Dq-FgBj2ciLcr_JJkvz65ezyrh0o2_599DKxrhVns9XPRRaBTjXZlfPDdV5p69JAFyujiCHZjk7gL1zYNY5h46yFndBB5m-8MWBNSQSWanONTYXwnDNrMvD9TJIQDtqak8ROeKhVLdnd47sX_jSR7lgYQOZ3w",
"session": {
"id": "sess_27LgPlwIJVNROeozvPsmuqrJ4hE",
"user_id": "user_26l7dbfAY59ftejmm6m3OTf4oz1",
"session_token": "1C8qaDSelbO6jLvv37yi31SvPx3t4AFWYe3O3lrmRJWxEws9s4Fle9m4JANi4hgr",
"started_at": 1649104758,
"expires_at": 1649110758,
"last_active_at": 1649104758,
"factors": [
{
"delivery_channel": "totp_authenticator",
"type": "totp",
"method": {
"method_id": "email_26l7dYo0JPFLGmWNv1vNwcYh0FF",
"method_type": "totp",
"totp_id": "totp_27LbM1TMjS3gQN1vuzb1jn8Fshw",
"last_verified_at": 1649104758
}
}
],
"device_fingerprint": {
"user_agent": "",
"ip": ""
},
"updated_at": 1649104758,
"created_at": 1649104758
}
}