Set OTP secret
SetManagerOTP¶
Description: Verifies a TOTP code for the provided secret and, if valid, stores this secret for the current manager account.
If OTP is already enabled, secret rotation is allowed, but the request must also include current_code generated from the currently active secret.
Access Control¶
🛡️ Access Level Required:
SESSION_MANAGER,SESSION_ADMIN, orSESSION_DEALER
Request Parameters¶
| Name | Type | Required | Description |
|---|---|---|---|
| secret | string | Yes | New Base32 TOTP secret |
| code | string | Yes | Current TOTP code generated from the new secret |
| current_code | string | No | Current TOTP code from the already active secret. Required only when OTP is already enabled |
Request Example¶
{
"secret": "JBSWY3DPEHPK3PXP",
"code": "123456"
}
Request Example For Secret Rotation¶
{
"secret": "MZXW6YTBOI======",
"code": "654321",
"current_code": "123456"
}
Response Parameters¶
| Name | Type | Description |
|---|---|---|
| otp_enabled | int | 1 when OTP is now enabled for the manager |
Response Example¶
{
"otp_enabled": 1
}
Error Examples¶
Invalid Setup Code¶
{
"error": "INVALID_OTP_CODE"
}
Invalid Existing OTP During Rotation¶
{
"error": "INVALID_CURRENT_OTP_CODE"
}
Existing OTP Required For Rotation¶
{
"error": "CURRENT_OTP_REQUIRED"
}
Invalid Secret Format¶
{
"error": "INVALID_OTP_SECRET"
}
Manager Not Found¶
{
"error": "MANAGER_NOT_FOUND"
}
Persistence Error¶
{
"error": "OTP_CANT_SET"
}