Verify TOTP code

POST https://app.speybooks.com/api/v1/auth/totp/verify

Complete two-factor authentication by verifying a 6-digit TOTP code. Requires the temporary token from the login endpoint in the Authorization header. Returns full access and refresh tokens along with the user profile — identical to a successful non-TOTP login response.

Header parameters

authorization string required

Body parameters

token string required

Six-digit TOTP code from the authenticator app.

min length: 6 · max length: 6

Response

200 TOTP verified. Returns full access and refresh tokens.

Show response fields

accessToken string

expiresIn integer

refreshToken string

user object

Show child attributes

email string

fullName string

id integer

isAdmin boolean

username string

Error codes

400 Validation error or invalid token type.

401 Invalid TOTP code, expired temp token, or TOTP not configured.

429 Rate limit exceeded.

Request POST /v1/auth/totp/verify curl

curl -X POST https://api.speybooks.com/v1/auth/totp/verify \
  -H "Authorization: Bearer <tempToken>" \
  -H "Content-Type: application/json" \
  -d '{"token": "123456"}'

Response 200

{
  "success": true,
  "data": {
    "accessToken": "eyJ...",
    "refreshToken": "eyJ...",
    "expiresIn": 900,
    "user": {
      "id": 1,
      "username": "user@example.com",
      "email": "user@example.com",
      "fullName": "Jane Doe",
      "isAdmin": false
    }
  }
}