Verify TOTP setup

POST

/api/user/security/totp/setup/verify

const url = 'https://hitkeep.com/api/user/security/totp/setup/verify';
const options = {
  method: 'POST',
  headers: {cookie: 'hk_token=<hk_token>', 'Content-Type': 'application/json'},
  body: '{"code":"example"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request POST \
  --url https://hitkeep.com/api/user/security/totp/setup/verify \
  --header 'Content-Type: application/json' \
  --cookie hk_token=<hk_token> \
  --data '{ "code": "example" }'

Verifies TOTP code and enables TOTP.

Authorizations

cookieAuth

Request Body^required

application/json

object

code

required

string

Example ^generated

{
  "code": "example"
}

Responses

200

Security status

application/json

object

passkeys

Array<object>

object

created_at

string format: date-time

string format: uuid

name

string

updated_at

string format: date-time

recovery_codes_generated

boolean

recovery_codes_remaining

integer

totp_enabled

boolean

totp_pending

boolean

Example ^generated

{
  "passkeys": [
    {
      "created_at": "2026-04-15T12:00:00Z",
      "id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
      "name": "example",
      "updated_at": "2026-04-15T12:00:00Z"
    }
  ],
  "recovery_codes_generated": true,
  "recovery_codes_remaining": 1,
  "totp_enabled": true,
  "totp_pending": true
}

Verify TOTP setup

Authorizations

Request Body required

Example generated

Responses

200

Example generated

Request Body^required

Example ^generated

Example ^generated