# post\_mfa\_setup `POST /mfa/setup` *Setup MFA Method* Initialize the setup process for a multi-factor authentication method. This endpoint prepares the MFA setup and returns the necessary configuration data. #### TypeScript Client Library ```typescript // Note: This endpoint doesn't have a direct client method in the provided TypeScript client // You would need to use the generic makeRequest method: // this.makeRequest('mfa/setup', 'POST', { // mfaType: 'GOOGLE_AUTH', // email: 'user@example.com', // deviceInfo: { name: 'iPhone 12', type: 'mobile' } // }); ``` #### Code Samples {% tabs %} {% tab title="Shell" %} ```shell # You can also use wget curl -X POST https://backend.flashback.tech/mfa/setup \ -H 'Content-Type: application/json' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer {access-token}' \ -d '{ "mfaType": "GOOGLE_AUTH", "email": "user@example.com", "deviceInfo": { "name": "iPhone 12", "type": "mobile" } }' ``` {% endtab %} {% tab title="HTTP" %} ```http POST https://backend.flashback.tech/mfa/setup HTTP/1.1 Host: localhost:3000 Content-Type: application/json Accept: application/json Authorization: Bearer {access-token} { "mfaType": "GOOGLE_AUTH", "email": "user@example.com", "deviceInfo": { "name": "iPhone 12", "type": "mobile" } } ``` {% endtab %} {% tab title="JavaScript" %} ```javascript const inputBody = '{ "mfaType": "GOOGLE_AUTH", "email": "user@example.com", "deviceInfo": { "name": "iPhone 12", "type": "mobile" } }'; const headers = { 'Content-Type':'application/json', 'Accept':'application/json', 'Authorization':'Bearer {access-token}' }; fetch('https://backend.flashback.tech/mfa/setup', { method: 'POST', body: inputBody, headers: headers }) .then(function(res) { return res.json(); }).then(function(body) { console.log(body); }); ``` {% endtab %} {% tab title="Ruby" %} ```ruby require 'rest-client' require 'json' headers = { 'Content-Type' => 'application/json', 'Accept' => 'application/json', 'Authorization' => 'Bearer {access-token}' } result = RestClient.post 'https://backend.flashback.tech/mfa/setup', params: { }, headers: headers p JSON.parse(result) ``` {% endtab %} {% tab title="Python" %} ```python import requests headers = { 'Content-Type': 'application/json', 'Accept': 'application/json', 'Authorization': 'Bearer {access-token}' } r = requests.post('https://backend.flashback.tech/mfa/setup', headers = headers) print(r.json()) ``` {% endtab %} {% tab title="PHP" %} ```php 'application/json', 'Accept' => 'application/json', 'Authorization' => 'Bearer {access-token}', ); $client = new \GuzzleHttp\Client(); // Define array of request body. $request_body = array( 'mfaType' => 'GOOGLE_AUTH', 'email' => 'user@example.com', 'deviceInfo' => array( 'name' => 'iPhone 12', 'type' => 'mobile' ) ); try { $response = $client->request('POST','https://backend.flashback.tech/mfa/setup', array( 'headers' => $headers, 'json' => $request_body, ) ); print_r($response->getBody()->getContents()); } catch (\GuzzleHttp\Exception\BadResponseException $e) { // handle exception or api errors. print_r($e->getMessage()); } // ... ``` {% endtab %} {% tab title="Java" %} ```java URL obj = new URL("https://backend.flashback.tech/mfa/setup"); HttpURLConnection con = (HttpURLConnection) obj.openConnection(); con.setRequestMethod("POST"); con.setRequestProperty("Content-Type", "application/json"); con.setRequestProperty("Accept", "application/json"); con.setRequestProperty("Authorization", "Bearer {access-token}"); con.setDoOutput(true); String jsonInputString = "{\"mfaType\":\"GOOGLE_AUTH\",\"email\":\"user@example.com\",\"deviceInfo\":{\"name\":\"iPhone 12\",\"type\":\"mobile\"}}"; try(OutputStream os = con.getOutputStream()) { byte[] input = jsonInputString.getBytes("utf-8"); os.write(input, 0, input.length); } int responseCode = con.getResponseCode(); BufferedReader in = new BufferedReader( new InputStreamReader(con.getInputStream())); String inputLine; StringBuffer response = new StringBuffer(); while ((inputLine = in.readLine()) != null) { response.append(inputLine); } in.close(); System.out.println(response.toString()); ``` {% endtab %} {% tab title="Go" %} ```go package main import ( "bytes" "net/http" ) func main() { headers := map[string][]string{ "Content-Type": []string{"application/json"}, "Accept": []string{"application/json"}, "Authorization": []string{"Bearer {access-token}"}, } data := bytes.NewBuffer([]byte{`{"mfaType":"GOOGLE_AUTH","email":"user@example.com","deviceInfo":{"name":"iPhone 12","type":"mobile"}}`}) req, err := http.NewRequest("POST", "https://backend.flashback.tech/mfa/setup", data) req.Header = headers client := &http.Client{} resp, err := client.Do(req) // ... } ``` {% endtab %} {% endtabs %} #### Request Body | Name | Type | Required | Description | | ---------- | ------ | -------- | ---------------------------------------- | | mfaType | string | true | Type of MFA method to setup | | email | string | false | Email address (required for magic links) | | deviceInfo | object | false | Device information for passkeys | > Body parameter ```json { "mfaType": "GOOGLE_AUTH", "email": "user@example.com", "deviceInfo": { "name": "iPhone 12", "type": "mobile" } } ``` > Example responses > 200 Response ```json { "success": true, "data": { "secret": "JBSWY3DPEHPK3PXP", "qrCode": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAA...", "backupCodes": ["123456", "789012", "345678"] } } ``` > 400 Response ```json { "success": false, "error": "Invalid MFA type specified" } ``` > 500 Response ```json { "success": false, "error": "Failed to setup MFA" } ``` #### Responses | Status | Meaning | Description | Schema | | ------ | -------------------------------------------------------------------------- | -------------------------------- | ------ | | 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | MFA setup initiated successfully | Inline | | 400 | [Bad Request](https://tools.ietf.org/html/rfc7231#section-6.5.1) | Invalid request parameters | Inline | | 500 | [Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1) | Internal server error | Inline | #### Response Schema Status Code **200** | Name | Type | Required | Restrictions | Description | | --------- | ------- | -------- | ------------ | --------------------------------------- | | » success | boolean | false | none | Indicates if the request was successful | | » data | object | false | none | MFA setup configuration data | Status Code **400** | Name | Type | Required | Restrictions | Description | | --------- | ------- | -------- | ------------ | --------------------------------------------- | | » success | boolean | false | none | Indicates if the request was successful | | » error | string | false | none | Error message describing the validation issue | Status Code **500** | Name | Type | Required | Restrictions | Description | | --------- | ------- | -------- | ------------ | --------------------------------------- | | » success | boolean | false | none | Indicates if the request was successful | | » error | string | false | none | Error message describing the issue | **Enumerated Values** | Parameter | Value | Description | | --------- | ------------ | ------------------------------- | | » mfaType | GOOGLE\_AUTH | Google Authenticator TOTP | | » mfaType | MAGIC\_LINK | Magic link email verification | | » mfaType | PASSKEY | WebAuthn passkey authentication |