MFA API's Route Improvement
Overview
This document provides a route mapping for LoginRadius Multi-Factor Authentication (MFA) APIs. It shows how legacy MFA endpoints map to newer, more consistent routes, making it easier to integrate and maintain MFA flows across different factors such as Email OTP, SMS OTP, TOTP, Security Questions, Push, Duo, Backup Codes, and Passkeys. Use this page as a migration reference when updating an existing integration to the newer MFA routes.
What’s changing
- Legacy paths are being replaced with cleaner, channel-specific endpoints (for example,
/account/2fa/email,/account/2fa/sms,/account/2fa/totp). - MFA operations are organized into two categories:
- Auth APIs: endpoints used during login/reauth and OTP verification flows.
- Manage APIs: endpoints used to manage or remove MFA factors configured on an account.
- In some cases, multiple legacy routes consolidate into a single new route (for example, older TOTP verification routes map to
/account/2fa/totp).
Auth APIs
| Method | Old Path | New Path | Description |
|---|---|---|---|
GET | /account/2fa/otp/email | /account/2fa/email | Resend Email OTP |
GET | /account/reauth/2fa/otp/email | /account/reauth/2fa/email | Resend ReAuth OTP |
DELETE | /account/2fa/authenticator | /account/2fa/totp/account/2fa/sms | Remove profile TOTP / Remove profile SMS OTP |
DELETE | /account/2fa/authenticator/otp/email | /account/2fa/email | Delete profile Email OTP |
DELETE | /account/2fa/authenticator/securityquestionanswer | /account/2fa/securityquestion | Delete profile Security Questions |
DELETE | /account/2fa/authenticator/push | /account/2fa/push | Delete profile Push |
DELETE | /account/2fa/authenticator/duo | /account/2fa/duo | Delete profile Duo |
DELETE | /account/2fa/authenticator/passkey | /account/2fa/passkey | Delete profile Passkey |
PUT | /account/2fa/verification/otp/email | /account/2fa/email | Verify Email OTP |
PUT | /account/2fa/verification/googleauthenticatorcode/account/2fa/verification/authenticatorcode | /account/2fa/totp | Verify TOTP |
PUT | /account/2fa/verification/duo | /account/2fa/duo | Verify Duo |
PUT | /account/2fa/securityquestionanswer | /account/2fa/securityquestion | Verify Security Questions |
PUT | /account/2fa | /account/2fa/sms/phone | Update MFA phone number |
PUT | /account/2fa/verification/otp | /account/2fa/sms | Verify SMS OTP |
POST | /login/2fa/otp/email | /login/2fa/email | Resend Email OTP |
PUT | /login/2fa/verification/otp/email | /login/2fa/email | Login by Email OTP verification |
PUT | /login/2fa/verification/googleauthenticatorcode/login/2fa/verification/authenticatorcode | /login/2fa/totp | Login by TOTP verification |
PUT | /login/2fa/securityquestionanswer | /login/2fa/securityquestion | Login by Security Questions verification |
POST | /login/2fa/verification/securityquestionanswer | /login/2fa/securityquestion | Update Security Questions |
PUT | /login/2fa/verification/backupcode | /login/2fa/backupcode | Login by Backup Code verification |
PUT | /login/2fa/verification/otp | /login/2fa/sms | Login by SMS OTP verification |
PUT | /login/2fa | /login/2fa/sms/phone | Update MFA phone number |
GET | /login/2fa/resend | /login/2fa/sms/resend | Resend SMS OTP |
PUT | /login/2fa/verification/push | /login/2fa/duo | Login by Duo verification |
PUT | /login/2fa/verification/duo | /login/2fa/push | Login by Push verification |
Manage APIs
| Method | Old Path | New Path | API Description |
|---|---|---|---|
DELETE | /account/2fa/authenticator | /account/2fa/totp/account/2fa/sms | Delete profile TOTP / Delete profile SMS OTP |
DELETE | /account/2fa/authenticator/otp/email | /account/2fa/email | Delete profile Email OTP |
DELETE | /account/2fa/authenticator/securityquestionanswer | /account/2fa/securityquestion | Delete profile Security Questions |
DELETE | /account/2fa/authenticator/push | /account/2fa/push | Delete profile Push |
DELETE | /account/2fa/authenticator/duo | /account/2fa/duo | Delete profile Duo |
DELETE | /account/2fa/authenticator/passkey | /account/2fa/passkey | Delete profile Passkey |
Please reach out to LoginRadius Support for any further queries.