FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Does 'POST /api/two-factor/start' also send out mails/sms

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    2
    2
    717
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      t.vanherwijnen
      last edited by

      I have only tested the authenticator method for mfa.
      But when I wanted to change my password after enabling the authenticator mfa, it required me to complete an mfa challenge. After reading the docs I figured out I'm required to request to POST /api/two-factor/start. Which I did with the userId. This returns a code, array of configured mfa methods and a two factor id. The part that made me ask this question is that there's a valid code being returned. This made me wonder if you have to send out the mfa mail/sms yourself or does FusionAuth does this for you. (I am assuming it does when hitting POST /api/login when mfa is enabled).

      joshuaJ 1 Reply Last reply Reply Quote 0
      • joshuaJ
        joshua @t.vanherwijnen
        last edited by

        @t-vanherwijnen

        Thanks for the question! I believe that you might want to reference this bit of doco

        https://fusionauth.io/docs/v1/tech/guides/multi-factor-authentication#optionally-send-the-code

        Thanks,
        Josh

        1 Reply Last reply Reply Quote 0
        • First post
          Last post