1. Identity
QSTOD
  • Integrations
    • General
  • Identity
    • Platform liveness probe
      GET
    • Get JSON Web Key Set
      GET
    • Login with identifier and password
      POST
    • Logout and invalidate refresh token
      POST
    • Verify MFA during login
      POST
    • Refresh access token
      POST
    • Register a new user
      POST
    • Initiate step-up authentication
      POST
    • Verify step-up MFA and issue step-up token
      POST
    • Verify email OTP
      POST
    • Verify phone OTP
      POST
    • Platform liveness probe
      GET
    • Get current user profile
      GET
    • GET /v1/users/me/mfa
      GET
    • PATCH /v1/users/me/mfa
      PATCH
    • DELETE /v1/users/me/mfa/totp
      DELETE
    • POST /v1/users/me/mfa/totp/confirm
      POST
    • POST /v1/users/me/mfa/totp/setup
      POST
    • Change password (step-up required)
      POST
    • Update user profile
      PATCH
  • Finance
    • List openable account types
      GET
    • List user accounts
      GET
    • Open account (step-up required)
      POST
    • Aggregated balance history across accounts
      GET
    • Submit account open request
      POST
    • List my account open requests
      GET
    • Get accounts summary totals
      GET
    • Get account details
      GET
    • Account balance history
      GET
    • List account ledger transactions
      GET
    • List issuable card products
      GET
    • List user cards
      GET
    • Issue card on existing account (step-up required)
      POST
    • Open account and issue card (step-up required)
      POST
    • Get card details
      GET
    • Reveal card CVV (step-up required)
      GET
    • Reveal card number
      GET
    • Block or unblock card
      PATCH
    • List recent transfer recipients
      GET
    • Search transactions and recipients
      GET
    • List available transfer types
      GET
    • Create transfer (step-up required)
      POST
    • List user transfers
      GET
    • Quote transfer fees and FX
      POST
    • Get transfer details
      GET
    • Cancel pending transfer (step-up required)
      POST
  • Admin
    • Finance
      • List pending account requests
      • Review account request
      • List account types
      • Create account type
      • Get account type
      • Update account type
      • Delete account type
      • List accounts
      • Open account for user
      • Count accounts
      • Get account detail
      • Clear AML flag on account
      • Close, block, or unblock account
      • List account ledger transactions
      • List account transfers
      • List card payment systems
      • Create card payment system
      • Get card payment system
      • Update card payment system
      • List card products
      • Create card product
      • Get card product
      • Update card product
      • Issue card (admin)
      • Open account and issue card (admin)
      • Block or unblock card (admin)
      • Create fee rule
      • List fee rules
      • Get fee rule
      • Update fee rule
      • List FX rates
      • Upsert FX rate
      • List transfer type configuration
      • Update transfer type configuration
      • Create admin credit/debit adjustment
      • Count transfers by status
      • List pending transfers
      • Get transfer details (admin)
      • Cancel pending transfer
      • Execute pending transfer
      • Reject pending transfer
      • Export ledger transaction statement
    • AML
      • List AML flags
      • Count AML flags
      • Get AML flag
      • Clear or mark false positive on AML flag
      • List AML rules
      • Create AML rule
      • Get AML rule
      • Update AML rule
      • Delete AML rule
    • Crypto
      • List crypto wallets (admin)
      • Refresh wallet balance (admin)
    • Compliance
      • List KYB applications
      • Get KYB application by user
      • Count KYB applications
      • Get KYB application details
      • Review KYB application
      • List KYC applications
      • Get KYC application by user
      • Count KYC applications
      • Get KYC application details
      • Review KYC application
    • Notifications
      • Send admin message to user
      • List notification templates
      • Create notification template
      • List template variables
      • Get notification template
      • Update notification template
      • Delete notification template
      • List notification types
      • Create notification type
      • Update notification type
    • Identity
      • List permission action catalog
      • List users (admin)
      • Create admin user
      • Count users (admin)
      • Get user details (admin)
      • Update user profile (admin)
      • Get user permissions
      • Grant permissions
      • Revoke permissions
      • Promote user to admin
      • Block or unblock user
    • Tickets
      • List tickets (admin)
      • Get ticket (admin)
      • Close ticket
      • Reply to ticket (admin)
      • POST /v1/admin/tickets/{id}/messages/{message_id}/attachments
      • POST /v1/admin/tickets/{id}/messages/{message_id}/attachments/upload-url
      • POST /v1/admin/tickets/{id}/messages/{message_id}/attachments/{attachment_id}/confirm
  • Crypto
    • Get crypto portfolio balance
    • Get crypto balance history snapshots
    • List crypto assets and ensure wallets
    • List crypto deposits
    • Create crypto order from quote
    • List crypto orders
    • Get crypto order
    • Get buy/sell quote
    • List crypto transactions
    • List user crypto wallets
    • Create crypto withdrawal (step-up required)
    • Privy custodian webhook
  • Compliance
    • Submit KYB application
    • Get my KYB application
    • POST /v1/kyb/applications/{id}/documents
    • POST /v1/kyb/applications/{id}/documents/upload-url
    • POST /v1/kyb/applications/{id}/documents/{document_id}/confirm
    • Submit KYC application
    • Get my KYC application
    • Get KYC draft prefilled from profile
    • POST /v1/kyc/applications/{id}/documents
    • POST /v1/kyc/applications/{id}/documents/upload-url
    • POST /v1/kyc/applications/{id}/documents/{document_id}/confirm
    • Skip KYC when allowed
  • Notifications
    • List in-app notifications
    • Get notification channel preferences
    • Update notification preferences
    • Mark all notifications as read
    • Mark notification as read
  • Tickets
    • Create support ticket
    • List user tickets
    • Get ticket with messages
    • Add message to ticket
    • POST /v1/tickets/{id}/messages/{message_id}/attachments
    • POST /v1/tickets/{id}/messages/{message_id}/attachments/upload-url
    • POST /v1/tickets/{id}/messages/{message_id}/attachments/{attachment_id}/confirm
  • Schemas
    • Problem
    • Address
    • RegisterRequest
    • LoginRequest
    • MFAVerifyRequest
    • OpenAccountRequest
    • TransferRequest
    • CryptoWithdrawalRequest
    • CreateTicketRequest
    • KYCSubmitRequest
    • KYBSubmitRequest
    • AdminTransferAdjustRequest
    • CountResponse
    • MessageResponse
    • TokenResponse
    • RegisterResponse
    • LoginResponse
    • StepUpInitResponse
    • StepUpVerifyResponse
    • UserProfile
    • UserProfileDetails
    • MFASettings
    • TOTPSetupResponse
    • JWKSResponse
    • AdminUser
    • AdminUserList
    • PermissionActionsResponse
    • UserPermissionsResponse
    • AccountType
    • AccountTypeList
    • TransferTypeConfig
    • TransferTypeList
    • CardProduct
    • CardProductList
    • UserAccount
    • UserAccountList
    • AccountsSummary
    • UserAccountDetail
    • AccountOpenRequest
    • AccountOpenRequestList
    • Transaction
    • TransactionListResponse
    • StatementLine
    • TransactionStatementList
    • BalancePoint
    • BalanceHistory
    • AllAccountsBalanceHistory
    • Card
    • CardList
    • CardNumberResponse
    • CardCVVResponse
    • CardWithAccountResponse
    • Transfer
    • AdminTransfer
    • TransferList
    • AdminTransferList
    • TransferQuote
    • RecentRecipient
    • RecentRecipientList
    • SearchResponse
    • AdminAccount
    • AdminAccountList
    • AdminAccountDetail
    • FeeRule
    • FeeRuleList
    • FxRate
    • FxRateList
    • CardPaymentSystem
    • CardPaymentSystemList
    • AdminCardProduct
    • AdminCardProductList
    • AMLRule
    • AMLRuleList
    • AMLFlag
    • AMLFlagList
    • Notification
    • NotificationListResponse
    • NotificationPreferencesResponse
    • NotificationType
    • NotificationTypeList
    • NotificationTemplate
    • NotificationTemplateList
    • TemplateVariablesResponse
    • TicketSummary
    • TicketListResponse
    • TicketDetail
    • TicketMessage
    • TicketCloseResponse
    • UploadURLResponse
    • DocumentCreatedResponse
    • AttachmentCreatedResponse
    • KYCApplication
    • KYCApplicationDetail
    • KYCApplicationList
    • KYBApplication
    • KYBApplicationDetail
    • KYBApplicationList
    • KYCDraftResponse
    • KYCStatusResponse
    • KYCSubmitResponse
    • CryptoAsset
    • CryptoWallet
    • CryptoAssetsResponse
    • CryptoWalletList
    • CryptoAccountBalance
    • CryptoBalanceSnapshots
    • CryptoTransaction
    • CryptoTransactionList
    • CryptoQuote
    • CryptoOrder
    • CryptoOrderList
    • CryptoWithdrawal
    • CryptoDeposit
    • CryptoDepositList
    • AdminCryptoWallet
    • AdminCryptoWalletList
    • AdminCryptoWalletBalance
    • HealthResponse
  1. Identity

Verify MFA during login

POST
/v1/auth/mfa/verify
Completes login after MFA challenge. Requires mfa_session_id (UUID from login response) and OTP code. Returns JWT access and refresh tokens on success. Invalid or expired session returns 400 INVALID_SESSION.
Authentication: none. Rate limit: auth_mfa (gateway).

Request

Body Params application/jsonRequired

Examples

Responses

🟢200
application/json
Tokens issued
Bodyapplication/json

🟠400BadRequest
🟠401Unauthorized
🟠403Forbidden
🟠404NotFound
🟠409Conflict
🔴500InternalError
Request Request Example
Shell
JavaScript
Java
Swift
curl --location '/v1/auth/mfa/verify' \
--header 'Content-Type: application/json' \
--data '{
    "mfa_session_id": "461e97b2-c859-4b19-98fe-554c7300bc07",
    "code": "string"
}'
Response Response Example
200 - Example 1
{
    "access_token": "string",
    "refresh_token": "string",
    "expires_in": 0,
    "token_type": "Bearer"
}
Modified at 2026-06-23 04:24:01
Previous
Logout and invalidate refresh token
Next
Refresh access token
Built with