Send a Multi-Factor Code When Enabling MFA
You are enabling MFA for a user. You must provide an API key or a valid JWT for the User you are modifying. This should only be used if you want FusionAuth to send the code. Do not use this if you are using a TOTP based authentication method.
Request#
OpenAPI Spec
Request Headers#
X-FusionAuth-TenantIdStringoptionalThe unique Id of the tenant used to scope this API request.
The tenant Id is not required on this request even when more than one tenant has been configured because the tenant can be identified based upon the request parameters or it is otherwise not required.
Specify a tenant Id on this request when you want to ensure the request is scoped to a specific tenant. The tenant Id may be provided through this header or by using a tenant locked API key to achieve the same result.
See Making an API request using a Tenant Id for additional information.
Request Body#
applicationIdUUIDoptionalAvailable since 1.46.0An optional Application Id. When this value is provided, it will be used to resolve an application-specific email or message template and make application available as a template variable.
If not provided, only the tenant configuration will be used when resolving templates, and application will not be available as a template variable.
emailStringoptionalThe email to which send Multi-Factor codes. If the method is equal to email, this is required.
messageTypeStringoptionalDefaults to SMSAvailable since 1.65.0The message type used when sending a code for a phone-based MFA method.
This value is only used when method is equal to sms.
Valid values are:
SMSVoice
methodStringrequiredThe type of the MFA method which will be added. The value provided here must be allowed in the Tenant MFA configuration as well.
Valid values are:
emailsms
mobilePhoneStringoptionalThe mobile phone to which send Multi-Factor codes. If the method is equal to sms, this is required.
userIdUUIDrequiredThe User Id.
Example Request JSON
{
"messageType": "Voice",
"method": "sms",
"mobilePhone": "+13035551212",
"userId": "c075e472-a732-47d6-865a-d385a5fcb525"
}
OpenAPI Spec
Request Headers#
X-FusionAuth-TenantIdStringoptionalThe unique Id of the tenant used to scope this API request.
The tenant Id is not required on this request even when more than one tenant has been configured because the tenant can be identified based upon the request parameters or it is otherwise not required.
Specify a tenant Id on this request when you want to ensure the request is scoped to a specific tenant. The tenant Id may be provided through this header or by using a tenant locked API key to achieve the same result.
See Making an API request using a Tenant Id for additional information.
Request Body#
applicationIdUUIDoptionalAvailable since 1.46.0An optional Application Id. When this value is provided, it will be used to resolve an application-specific email or message template and make application available as a template variable.
If not provided, only the tenant configuration will be used when resolving templates, and application will not be available as a template variable.
emailStringoptionalThe email to which send Multi-Factor codes. If the method is equal to email, this is required.
messageTypeStringoptionalDefaults to SMSAvailable since 1.65.0The message type used when sending a code for a phone-based MFA method.
This value is only used when method is equal to sms.
Valid values are:
SMSVoice
methodStringrequiredThe type of the MFA method which will be added. The value provided here must be allowed in the Tenant MFA configuration as well.
Valid values are:
emailsms
mobilePhoneStringoptionalThe mobile phone to which send Multi-Factor codes. If the method is equal to sms, this is required.
Example Request JSON
{
"messageType": "Voice",
"method": "sms",
"mobilePhone": "+13035551212"
}
Response#
This API does not return a JSON response body.
Response Codes| Code | Description |
|---|---|
| 200 | The request was successful. |
| 400 | The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
| 401 | You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
| 500 | There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
| 503 | The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |