> For the complete documentation index, see [llms.txt](https://docs.flashback.tech/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.flashback.tech/support-reference/platform-api-reference/mfa-multi-factor-authentication/post__mfa_verify-status.md).

# post\_\_mfa\_verify-setup

`POST /mfa/verify-setup`

*Verify MFA Setup*

Verify and complete the setup process for a multi-factor authentication method. This endpoint validates the user's setup verification and enables the MFA method upon successful verification.

#### TypeScript Client Library

```typescript
// Note: This endpoint doesn't have a direct client method in the provided TypeScript client
// You would need to use the generic makeRequest method:
// this.makeRequest<any>('mfa/verify-setup', 'POST', {
//   mfaType: 'GOOGLE_AUTH',
//   code: '123456'
// });
```

#### Code Samples

{% tabs %}
{% tab title="Shell" %}

```shell
# You can also use wget
curl -X POST https://backend.flashback.tech/mfa/verify-setup \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}' \
  -d '{
    "mfaType": "GOOGLE_AUTH",
    "code": "123456"
  }'
```

{% endtab %}

{% tab title="HTTP" %}

```http
POST https://backend.flashback.tech/mfa/verify-setup HTTP/1.1
Host: localhost:3000
Content-Type: application/json
Accept: application/json
Authorization: Bearer {access-token}

{
  "mfaType": "GOOGLE_AUTH",
  "code": "123456"
}
```

{% endtab %}

{% tab title="JavaScript" %}

```javascript
const inputBody = '{
  "mfaType": "GOOGLE_AUTH",
  "code": "123456"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'
};

fetch('https://backend.flashback.tech/mfa/verify-setup',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});
```

{% endtab %}

{% tab title="Ruby" %}

```ruby
require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://backend.flashback.tech/mfa/verify-setup',
  params: {
  }, headers: headers

p JSON.parse(result)
```

{% endtab %}

{% tab title="Python" %}

```python
import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://backend.flashback.tech/mfa/verify-setup', headers = headers)

print(r.json())
```

{% endtab %}

{% tab title="PHP" %}

```php
<?php

require 'vendor/autoload.php';

$headers = array(
    'Content-Type' => 'application/json',
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {access-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array(
    'mfaType' => 'GOOGLE_AUTH',
    'code' => '123456'
);

try {
    $response = $client->request('POST','https://backend.flashback.tech/mfa/verify-setup', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...
```

{% endtab %}

{% tab title="Java" %}

```java
URL obj = new URL("https://backend.flashback.tech/mfa/verify-setup");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("Authorization", "Bearer {access-token}");
con.setDoOutput(true);

String jsonInputString = "{\"mfaType\":\"GOOGLE_AUTH\",\"code\":\"123456\"}";
try(OutputStream os = con.getOutputStream()) {
    byte[] input = jsonInputString.getBytes("utf-8");
    os.write(input, 0, input.length);
}

int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());
```

{% endtab %}

{% tab title="Go" %}

```go
package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
    }

    data := bytes.NewBuffer([]byte{`{"mfaType":"GOOGLE_AUTH","code":"123456"}`})
    req, err := http.NewRequest("POST", "https://backend.flashback.tech/mfa/verify-setup", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}
```

{% endtab %}
{% endtabs %}

#### Request Body <a href="#post__mfa_verify-status-request-body" id="post__mfa_verify-status-request-body"></a>

| Name       | Type   | Required | Description                         |
| ---------- | ------ | -------- | ----------------------------------- |
| mfaType    | string | true     | Type of MFA method to verify        |
| code       | string | false    | Verification code (for Google Auth) |
| credential | object | false    | Passkey credential (for passkeys)   |

> Body parameter

```json
{
  "mfaType": "GOOGLE_AUTH",
  "code": "123456"
}
```

> Example responses

> 200 Response

```json
{
  "success": true,
  "message": "MFA setup verified and enabled"
}
```

> 400 Response

```json
{
  "success": false,
  "error": "MFA setup verification failed"
}
```

> 500 Response

```json
{
  "success": false,
  "error": "Failed to verify MFA setup"
}
```

#### Responses <a href="#post__mfa_verify-status-responses" id="post__mfa_verify-status-responses"></a>

| Status | Meaning                                                                    | Description                     | Schema |
| ------ | -------------------------------------------------------------------------- | ------------------------------- | ------ |
| 200    | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1)                    | MFA setup verified successfully | Inline |
| 400    | [Bad Request](https://tools.ietf.org/html/rfc7231#section-6.5.1)           | Verification failed             | Inline |
| 500    | [Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1) | Internal server error           | Inline |

#### Response Schema <a href="#post__mfa_verify-status-responseschema" id="post__mfa_verify-status-responseschema"></a>

Status Code **200**

| Name      | Type    | Required | Restrictions | Description                             |
| --------- | ------- | -------- | ------------ | --------------------------------------- |
| » success | boolean | false    | none         | Indicates if the request was successful |
| » message | string  | false    | none         | Success message confirming verification |

Status Code **400**

| Name      | Type    | Required | Restrictions | Description                                       |
| --------- | ------- | -------- | ------------ | ------------------------------------------------- |
| » success | boolean | false    | none         | Indicates if the request was successful           |
| » error   | string  | false    | none         | Error message describing the verification failure |

Status Code **500**

| Name      | Type    | Required | Restrictions | Description                             |
| --------- | ------- | -------- | ------------ | --------------------------------------- |
| » success | boolean | false    | none         | Indicates if the request was successful |
| » error   | string  | false    | none         | Error message describing the issue      |

**Enumerated Values**

| Parameter | Value        | Description                     |
| --------- | ------------ | ------------------------------- |
| » mfaType | GOOGLE\_AUTH | Google Authenticator TOTP       |
| » mfaType | MAGIC\_LINK  | Magic link email verification   |
| » mfaType | PASSKEY      | WebAuthn passkey authentication |


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.flashback.tech/support-reference/platform-api-reference/mfa-multi-factor-authentication/post__mfa_verify-status.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.