Disable user MFA

POSThttps://app.speybooks.com/api/v1/admin/users/{id}/disable-mfa

Disable multi-factor authentication for a user who has lost access to their authenticator. Clears the user's MFA enrolment entirely. Returns 404 if the user does not exist or MFA is not currently enabled.

This is a high-privilege operation. The audit trail records which admin disabled MFA and when (a USER_MFA_DISABLED action), and the user should be advised to re-enable MFA after regaining authenticator access.

Path parameters

idstringrequired
User ID whose MFA to disable.

Response

200MFA disabled. TOTP secret cleared.

Error codes

400Invalid user ID.
404User not found or MFA not enabled.