Send Email 2FA Code

POST 
/api/auth/2fa/email/send

Send an email containing a 2FA code to the user.

Learn more about email as 2FA method here.

This endpoint is used to send a 2FA email code for enabling email as a 2FA method and to resend 2FA codes when authenticating user that already enabled email as a 2FA method.

Note: Each request will generate a new code and invalidate all old codes.

If email is the preferred 2FA method, an email will be sent automatically after successful authentication with the user's password. You can learn more about preferred 2FA methods here.

Requirements

• The user can authenticate using password. 2FA will not work with OAuth2. The OAuth2 provider will validate the second factor if the user enabled it for the provider.

Locale

A locale can be specified for this request. The email will be sent in the specified locale. You can learn more about locale in emails here.

If no locale is specified, the applications default locale will be used. You can learn more about configuring the default locale here.

Tokens

There are two options:

1. If email as a 2FA method is disabled, you can request an email with a token to enable it. In this case you need a valid AccessToken. If email is already enabled, this request will return 400 - BAD REQUEST.
2. If email as 2FA method is already enabled, you can request a 2FA email code with a valid TwoFactorAuthenticationToken.

Note: After each email, a cooldown will be started. When the cooldown is active, no new email can be sent. You can request the remaining cooldown throw the endpoint GET /api/auth/2fa/email/cooldown. The cooldown can be configured here.

Request

Responses

200

Success.

400

The following error codes correspond to this status:

• NO_PASSWORD_PROVIDER: The user needs to set a password in to perform this action.

401

The following error codes correspond to this status:

• ACCESS_TOKEN_EXPIRED: Indicates that the access token is expired.
• ACCESS_TOKEN_INVALID: Indicates that the access token cannot be decoded.
• TWO_FACTOR_AUTHENTICATION_TOKEN_EXPIRED: Indicates that the two-factor authentication token is expired.
• TWO_FACTOR_AUTHENTICATION_TOKEN_INVALID: Indicates that the two-factor authentication token cannot be decoded.
• TWO_FACTOR_AUTHENTICATION_TOKEN_MISSING: Thrown when the two-factor authentication token is missing.

404

The following error codes correspond to this status:

• USER_NOT_FOUND: User not found.

429

The following error codes correspond to this status:

• EMAIL_COOLDOWN_ACTIVE: Failed to send email because cooldown is active.

500

The following error codes correspond to this status:

• ACCESS_TOKEN_ALLOWLIST_READING_FAILURE: Represents an exception indicating a failure when reading the allowlist for an access token cache.
• DATABASE_FAILURE: Exception representing a general failure related to database operations.
• DATABASE_ENCRYPTION_FAILURE: Exception representing a general failure related to database encryption operations.
• EMAIL_COOLDOWN_CACHE_FAILURE: Thrown when an exception occurs when setting or getting cooldown.
• EMAIL_AUTHENTICATION_FAILURE: Thrown when there is a failure related to email authentication.
• INVALID_USER_DOCUMENT: A requested user document was stored in an invalid format.
• POST_COMMIT_SIDE_EFFECT_FAILURE: Exception representing a failure to perform a side effect after a successful database operation.
• EMAIL_SEND_FAILURE: Represents an exception that occurs when an email cannot be sent.
• EMAIL_TEMPLATE_FAILURE: Thrown when there is a failure related to email template creation.

503

The following error codes correspond to this status:

• EMAIL_DISABLED: Thrown when email functionality is disabled in the application.