Verify TOTP
Verify TOTP code for 2FA during login.
Requires the 2FA cookie set by /auth/sign-in/email.
Important: Use credentials: 'include' in fetch to send cookies.
Body
required
application/json
- Type: stringcoderequired
6-digit TOTP code from authenticator app
- Type: booleantrust
Device Trust this device for 30 days (skip 2FA on future logins)
Responses
- application/json
- 401
Invalid TOTP code or missing 2FA cookie
Request Example for post/auth/two-factor/verify-totp
curl https://api.gpcn.com/v1/auth/two-factor/verify-totp \
--request POST \
--header 'Content-Type: application/json' \
--data '{
"code": "123456",
"trustDevice": true
}'
{
"user": {},
"session": {
"id": "string",
"token": "string",
"expiresAt": "2026-05-19T14:02:02.487Z"
}
}.png)