# Verify TOTP (beta)

**POST /v1/auth/totps/verify**

Verify an TOTP (time-based one-time passcode) against a user ID to authenticate the user. This endpoints verifies that the TOTP sent in is valid for the given user ID.

## HTTP Request

`POST /v1/auth/totps/verify`

## Returns

A successful response returns an object with `totp_id` and verified `user_id` properties.


## Servers
- Production: https://api.moonkey.fun (Production)


## Authentication methods
- Authorization


## Parameters



## Body parameters
Content-type: application/json

- **user_id** (string)
  `Required` User ID to verify the TOTP against.
- **totp** (string)
  `Required` TOTP code (time-based one-time passcode) generated by TOTP authenticator. 
- **session_expires_in** (number)
  `Optional` Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days). This parameter will create a new session if there is no existing session along with a `session_token` and `session_jwt`. However, if a valid `session_token` or `session_jwt` is sent in, it will extend that session by the minutes specified. If not sent in, no session will be created by default.
- **session_token** (string)
  `Optional` Unique session token to verify.
- **session_jwt** (string)
  `Optional` Unique Session JWT to verify.
- **device_fingerprint** (object)
  Device fingerprinting metadata for fraud detection during TOTP code verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled by matching fields in the `device_fingerprint` such as IP, User Agent or the combination of them (more fraud detection features **coming soon**!) 

## Responses
### 200: OK

#### Body Parameters: application/json (object)
- **totp_id** (string)
  
- **user_id** (string)
  
- **session_token** (string)
  
- **session_jwt** (string)
  
- **session** (object)
  


[Powered by Bump.sh](https://bump.sh)