> ## Documentation Index
> Fetch the complete documentation index at: https://docs.streambird.io/llms.txt
> Use this file to discover all available pages before exploring further.

# TOTP Recovery (beta)

> Verify an TOTP (time-based one-time passcode) recovery code against a user ID to authenticate the user.
## Returns

A successful response returns an object with `totp_id` and verified `user_id` properties.



## OpenAPI

````yaml post /v1/auth/totps/recovery
openapi: 3.1.0
info:
  title: MoonKey Auth API
  description: >-
    Explore all the details of MoonKey Auth API. All of our APIs are RESTful and
    accept and return JSON.
  version: v1
servers:
  - url: https://api.moonkey.fun
    description: Production
    variables: {}
security:
  - Authorization: []
tags:
  - name: Users
    description: User management API
  - name: Magic Links
    description: ''
  - name: OTPs
    description: >-
      Send OTP (One-time passcodes) by all the supported delivery methods such
      as SMS, email.
  - name: OAuth
    description: ''
  - name: Wallets Login
    description: ''
  - name: Managed Wallets
    description: ''
  - name: Wallet Import
    description: >-
      Import existing wallets into the platform using secure HPKE encryption.
      This flow ensures raw entropy (seed phrases or private keys) never touches
      the server in plaintext.
externalDocs:
  url: ''
  description: ''
paths:
  /v1/auth/totps/recovery:
    parameters: []
    post:
      tags:
        - TOTP (Time-based one-time passcode)
      summary: TOTP Recovery (beta)
      description: >-
        Verify an TOTP (time-based one-time passcode) recovery code against a
        user ID to authenticate the user.

        ## Returns


        A successful response returns an object with `totp_id` and verified
        `user_id` properties.
      operationId: VerifyTOTPRecovery
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/VerifyTOTPRecoveryRequest'
            examples:
              VerifyTOTPReq:
                value:
                  user_id: user_26l7dbfAY59ftejmm6m3OTf4oz1
                  totp: '505361'
                  session_expires_in: 100
        description: ''
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                description: ''
                type: object
                properties:
                  totp_id:
                    type: string
                    minLength: 1
                  user_id:
                    type: string
                    minLength: 1
                  session_token:
                    type: string
                    minLength: 1
                  session_jwt:
                    type: string
                    minLength: 1
                  session:
                    $ref: '#/components/schemas/Session'
                required:
                  - totp_id
                  - user_id
              examples:
                VerifyTOTPResp:
                  value:
                    totp_id: totp_27LbM1TMjS3gQN1vuzb1jn8Fshw
                    user_id: user_26l7dbfAY59ftejmm6m3OTf4oz1
                    session_token: >-
                      1C8qaDSelbO6jLvv37yi31SvPx3t4AFWYe3O3lrmRJWxEws9s4Fle9m4JANi4hgr
                    session_jwt: >-
                      eyJhbGciOiJSUzI1NiIsImtpZCI6Imp3a18yN0Q1dU9UaFIyZHNncmFYN1dWb0VMRzRxRVgiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NDkxMTA3NTgsImlhdCI6MTY0OTEwNDc1OCwiaXNzIjoiYXBpLnN0cmVhbWJpcmQuaW8vNmU3YzlmMWItNWU2Ni00MDBjLTk5YTctNzgzNDExZTAzYWFjIiwianRpIjoic2Vzc18yN0xnUGx3SUpWTlJPZW96dlBzbXVxcko0aEUiLCJuYmYiOjE2NDkxMDQ3NTgsInNlc3Npb24iOnsiaWQiOiJzZXNzXzI3TGdQbHdJSlZOUk9lb3p2UHNtdXFySjRoRSIsInVzZXJfaWQiOiJ1c2VyXzI2bDdkYmZBWTU5ZnRlam1tNm0zT1RmNG96MSIsInN0YXJ0ZWRfYXQiOjE2NDkxMDQ3NTgsImV4cGlyZXNfYXQiOjE2NDkxMTA3NTgsImxhc3RfYWN0aXZlX2F0IjoxNjQ5MTA0NzU4LCJmYWN0b3JzIjpbeyJkZWxpdmVyeV9jaGFubmVsIjoidG90cF9hdXRoZW50aWNhdG9yIiwidHlwZSI6InRvdHAiLCJtZXRob2QiOnsibWV0aG9kX2lkIjoiZW1haWxfMjZsN2RZbzBKUEZMR21XTnYxdk53Y1loMEZGIiwibWV0aG9kX3R5cGUiOiJ0b3RwIiwidG90cF9pZCI6InRvdHBfMjdMYk0xVE1qUzNnUU4xdnV6YjFqbjhGc2h3IiwibGFzdF92ZXJpZmllZF9hdCI6MTY0OTEwNDc1OH19XSwiZGV2aWNlX2ZpbmdlcnByaW50Ijp7InVzZXJfYWdlbnQiOiIiLCJpcCI6IiJ9LCJ1cGRhdGVkX2F0IjoxNjQ5MTA0NzU4LCJjcmVhdGVkX2F0IjoxNjQ5MTA0NzU4fSwic3ViIjoidXNlcl8yNmw3ZGJmQVk1OWZ0ZWptbTZtM09UZjRvejEifQ.JAFd_ut2LdEgnmVtMO3Ul2Hk9MR_4FhuMvejCmZPuA4FhdjYI0NemD7Hz7FqPaAUuq9hNH4LVGqpjwnpBXtWtYPR4mQT6Jx4T8EKVqi4UWCT3oXblQIm5--iMhOilXzDelLNwyKP2Z3PrkkatUKHRv86LFcJn0nyv5yn-T8dK7F2cnMpEg6YLQc17Dq-FgBj2ciLcr_JJkvz65ezyrh0o2_599DKxrhVns9XPRRaBTjXZlfPDdV5p69JAFyujiCHZjk7gL1zYNY5h46yFndBB5m-8MWBNSQSWanONTYXwnDNrMvD9TJIQDtqak8ROeKhVLdnd47sX_jSR7lgYQOZ3w
                    session:
                      id: sess_27LgPlwIJVNROeozvPsmuqrJ4hE
                      user_id: user_26l7dbfAY59ftejmm6m3OTf4oz1
                      session_token: >-
                        1C8qaDSelbO6jLvv37yi31SvPx3t4AFWYe3O3lrmRJWxEws9s4Fle9m4JANi4hgr
                      started_at: 1649104758
                      expires_at: 1649110758
                      last_active_at: 1649104758
                      factors:
                        - delivery_channel: totp_authenticator
                          type: totp
                          method:
                            method_id: email_26l7dYo0JPFLGmWNv1vNwcYh0FF
                            method_type: totp
                            totp_id: totp_27LbM1TMjS3gQN1vuzb1jn8Fshw
                            last_verified_at: 1649104758
                      device_fingerprint:
                        user_agent: ''
                        ip: ''
                      updated_at: 1649104758
                      created_at: 1649104758
components:
  schemas:
    VerifyTOTPRecoveryRequest:
      description: ''
      type: object
      properties:
        user_id:
          type: string
          minLength: 1
          description: '`Required` User ID to verify the TOTP against.'
        recovery_code:
          type: string
          minLength: 1
          description: >-
            `Required` TOTP (time-based one-time passcode) recovery code for the
            totp registered to the given user ID.
        session_expires_in:
          type: number
          description: >-
            `Optional` Extend the session expiration time to N minutes from now,
            must be between 5 to 525600 minutes (365 days). This parameter will
            create a new session if there is no existing session along with a
            `session_token` and `session_jwt`. However, if a valid
            `session_token` or `session_jwt` is sent in, it will extend that
            session by the minutes specified. If not sent in, no session will be
            created by default.
        session_token:
          type: string
          description: '`Optional` Unique session token to verify.'
        session_jwt:
          type: string
          description: '`Optional` Unique Session JWT to verify.'
        device_fingerprint:
          type: object
          description: >-
            Device fingerprinting metadata for fraud detection during TOTP code
            verification step. This is useful to ensure that the user who
            originated the request matches the user that verifies the token.
            Verification requirements can be enabled by matching fields in the
            `device_fingerprint` such as IP, User Agent or the combination of
            them (more fraud detection features **coming soon**!) 
          properties:
            ip:
              type: string
              description: IP of the user originating the request.
            user_agent:
              type: string
              description: User Agent of the browser originating the request.
      required:
        - user_id
        - recovery_code
    Session:
      description: ''
      type: object
      x-examples:
        Session:
          id: sess_24tZ6tlJ7CxlTwB6Zoj6SHQ9vU3
          user_id: user_24wFP9pDa9YiMJLun94iKykoZs2
          session_token: 7hssInGtOjKGUh8w7T4NjgLIKKSw6UdZ8uOduBYmJzrtfV6GrNtaUYoGehRS6jBh
          started_at: 1643496805
          expires_at: 1643502805
          last_active_at: 1643496805
          factors:
            - delivery_channel: sms
              type: otp
              method:
                method_id: pn_24oXBLRv6BoHXbNZoTAZkAFlRsy
                method_type: phone_number
                phone_number_id: pn_24oXBLRv6BoHXbNZoTAZkAFlRsy
                phone_number: '+14152222222'
                last_verified_at: 1643496805
          device_fingerprint:
            user_agent: ''
            ip: 123.2.1.1
          updated_at: 1643496805
          created_at: 1643496805
      title: Session
      properties:
        id:
          type: string
          minLength: 1
        user_id:
          type: string
          minLength: 1
        session_token:
          type: string
          minLength: 1
        started_at:
          type: number
        expires_at:
          type: number
        last_active_at:
          type: number
        factors:
          type: array
          uniqueItems: true
          minItems: 1
          items:
            type: object
            properties:
              delivery_channel:
                type: string
                minLength: 1
                description: >-
                  Delivery channel for this factor. Possible values: sms, email,
                  totp_authenticator, totp_recovery_code, google_oauth,
                  apple_oauth, microsoft_oauth, discord_oauth, okta_oauth,
                  github_oauth, slack_oauth, facebook_oauth,
                  webauthn_credential, eth_wallet, sol_wallet.
              type:
                type: string
                minLength: 1
                description: >-
                  Authentication type of factor. Possible values: otp, oauth,
                  wallet, totp, webauthn.
              method:
                type: object
                required:
                  - method_id
                  - method_type
                  - last_verified_at
                properties:
                  id:
                    type: string
                  method_id:
                    type: string
                    minLength: 1
                  method_type:
                    type: string
                    minLength: 1
                    description: >-
                      Identifier method type. Possible values: email, wallet,
                      phone_number, webauthn.
                  last_verified_at:
                    type: number
                  phone_number_id:
                    type: string
                    minLength: 1
                  phone_number:
                    type: string
                    minLength: 1
                  email_id:
                    type: string
                  email:
                    type: string
                  wallet_type:
                    type: string
                  wallet_id:
                    type: string
                  wallet_public_address:
                    type: string
                  totp_id:
                    type: string
                  webauthn_credential_id:
                    type: string
                  provider_subject:
                    type: string
            required:
              - delivery_channel
              - type
              - method
        device_fingerprint:
          type: object
          required:
            - user_agent
            - ip
          properties:
            user_agent:
              type: string
            ip:
              type: string
              minLength: 1
        updated_at:
          type: number
        created_at:
          type: number
      required:
        - id
        - user_id
        - session_token
        - started_at
        - expires_at
        - last_active_at
        - factors
        - device_fingerprint
        - updated_at
        - created_at
  securitySchemes:
    Authorization:
      type: http
      scheme: bearer
      description: >-
        Auth Platform API includes all the Auth related features. All Users,
        Phone Numbers, Emails, and OTPs are associated with an `App` as the
        container.


        Endpoints only accept App's `Secret API keys` other than certain
        endpoints that are used client side or via SDK that accept the
        `public_token`.


        ## Authentication using App Api Key


        ## Header:


        ```

        Authorization: Bearer {api_key}

        ```


        ## Authenticated Request


        ```curl

        curl \
          -X GET https://api.moonkey.fun/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2 \
          -H "Authorization: Bearer sk_test_pRqweh3wvWmJAAVYv7Z0T5iPLzFM4ql0muoyQcjOxGeN3p1r"
        ```

````