post__mfa_reset

POST /mfa/reset

Reset MFA Configuration

Reset the user's multi-factor authentication configuration. This endpoint allows users to reset their MFA setup when they lose access to their MFA methods. Organization owners and administrators can also reset MFA settings for other users in their organization.

Request Body

Name

Type

Required

Description

resetUserId

string

false

Optional user ID to reset MFA for. If not provided, resets the authenticated user's MFA. Requires OWNER or ADMINISTRATOR role.

TypeScript Client Library

// Note: This endpoint doesn't have a direct client method in the provided TypeScript client
// You would need to use the generic makeRequest method:
// For self-reset:
// this.makeRequest<any>('mfa/reset', 'POST', null);
// For admin reset:
// this.makeRequest<any>('mfa/reset', 'POST', { resetUserId: 'user-id' });

Code Samples

# Self-reset (reset your own MFA)
curl -X POST https://backend.flashback.tech/mfa/reset \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

# Admin reset (reset another user's MFA - requires OWNER or ADMINISTRATOR role)
curl -X POST https://backend.flashback.tech/mfa/reset \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}' \
  -H 'Content-Type: application/json' \
  -d '{"resetUserId": "user-id-to-reset"}'

# Self-reset
POST https://backend.flashback.tech/mfa/reset HTTP/1.1
Host: localhost:3000
Accept: application/json
Authorization: Bearer {access-token}

# Admin reset
POST https://backend.flashback.tech/mfa/reset HTTP/1.1
Host: localhost:3000
Accept: application/json
Authorization: Bearer {access-token}
Content-Type: application/json

{"resetUserId": "user-id-to-reset"}

// Self-reset
const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'
};

fetch('https://backend.flashback.tech/mfa/reset',
{
  method: 'POST',
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

// Admin reset
const adminHeaders = {
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}',
  'Content-Type':'application/json'
};

const body = JSON.stringify({
  resetUserId: 'user-id-to-reset'
});

fetch('https://backend.flashback.tech/mfa/reset',
{
  method: 'POST',
  headers: adminHeaders,
  body: body
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

# Self-reset
headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://backend.flashback.tech/mfa/reset',
  params: {
  }, headers: headers

p JSON.parse(result)

# Admin reset
admin_headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}',
  'Content-Type' => 'application/json'
}

body = {
  resetUserId: 'user-id-to-reset'
}.to_json

result = RestClient.post 'https://backend.flashback.tech/mfa/reset',
  body, headers: admin_headers

p JSON.parse(result)

import requests
import json

# Self-reset
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://backend.flashback.tech/mfa/reset', headers = headers)
print(r.json())

# Admin reset
admin_headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}',
  'Content-Type': 'application/json'
}

data = {
  'resetUserId': 'user-id-to-reset'
}

r = requests.post('https://backend.flashback.tech/mfa/reset', 
                 headers = admin_headers, 
                 data = json.dumps(data))
print(r.json())

<?php

require 'vendor/autoload.php';

// Self-reset
$headers = array(
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {access-token}',
);

$client = new \GuzzleHttp\Client();

try {
    $response = $client->request('POST','https://backend.flashback.tech/mfa/reset', array(
        'headers' => $headers,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

// Admin reset
$admin_headers = array(
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {access-token}',
    'Content-Type' => 'application/json',
);

$body = json_encode(array(
    'resetUserId' => 'user-id-to-reset'
));

try {
    $response = $client->request('POST','https://backend.flashback.tech/mfa/reset', array(
        'headers' => $admin_headers,
        'body' => $body
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

// Self-reset
URL obj = new URL("https://backend.flashback.tech/mfa/reset");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("Authorization", "Bearer {access-token}");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

// Admin reset
URL adminObj = new URL("https://backend.flashback.tech/mfa/reset");
HttpURLConnection adminCon = (HttpURLConnection) adminObj.openConnection();
adminCon.setRequestMethod("POST");
adminCon.setRequestProperty("Accept", "application/json");
adminCon.setRequestProperty("Authorization", "Bearer {access-token}");
adminCon.setRequestProperty("Content-Type", "application/json");
adminCon.setDoOutput(true);

String jsonInputString = "{\"resetUserId\": \"user-id-to-reset\"}";
try(OutputStream os = adminCon.getOutputStream()) {
    byte[] input = jsonInputString.getBytes("utf-8");
    os.write(input, 0, input.length);
}

int adminResponseCode = adminCon.getResponseCode();
BufferedReader adminIn = new BufferedReader(
    new InputStreamReader(adminCon.getInputStream()));
String adminInputLine;
StringBuffer adminResponse = new StringBuffer();
while ((adminInputLine = adminIn.readLine()) != null) {
    adminResponse.append(adminInputLine);
}
adminIn.close();
System.out.println(adminResponse.toString());

package main

import (
       "bytes"
       "net/http"
       "encoding/json"
)

func main() {
    // Self-reset
    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
    }

    data := bytes.NewBuffer([]byte{})
    req, err := http.NewRequest("POST", "https://backend.flashback.tech/mfa/reset", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...

    // Admin reset
    adminHeaders := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
        "Content-Type": []string{"application/json"},
    }

    requestBody := map[string]string{
        "resetUserId": "user-id-to-reset",
    }
    jsonData, _ := json.Marshal(requestBody)
    
    adminData := bytes.NewBuffer(jsonData)
    adminReq, err := http.NewRequest("POST", "https://backend.flashback.tech/mfa/reset", adminData)
    adminReq.Header = adminHeaders

    adminResp, err := client.Do(adminReq)
    // ...
}

Example responses

200 Response

{
  "success": true,
  "message": "MFA reset successfully"
}

403 Response

{
  "success": false,
  "error": "Insufficient permissions. OWNER or ADMINISTRATOR role required to reset another user's MFA."
}

404 Response

{
  "success": false,
  "error": "User not found"
}

500 Response

{
  "success": false,
  "error": "Failed to reset MFA"
}

Responses

Status

Meaning

Description

Schema

200

MFA reset completed successfully

Inline

403

Forbidden

Insufficient permissions to reset another user's MFA

Inline

404

Not Found

User not found

Inline

500

Internal Server Error

Internal server error

Inline

Response Schema

Status Code 200

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

Indicates if the request was successful

» message

string

false

none

Success message confirming the reset

Status Code 403

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

Indicates if the request was successful

» error

string

false

none

Error message describing the permission issue

Status Code 404

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

Indicates if the request was successful

» error

string

false

none

Error message describing the user not found

Status Code 500

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

Indicates if the request was successful

» error

string

false

none

Error message describing the issue

Previouspost__mfa_passkey_complete-registration Nextpost__mfa_organization_enforce

Last updated 19 days ago

Was this helpful?