Send Login MFA Code

POST/web/v1/system/auth/login/mfa/send None

Sends a multi-factor authentication code to the user during the login flow. The code is sent via the specified MFA method (e.g., email).

Required Headers

Header	Example Value	Description
Content-Type	application/json	Request content type
Accept	application/json	Expected response type
X-Client-Hash		Client device fingerprint
Accept-Language	`en`, `zh`, `zh-Hant`, `ja`, `vi`	Response language (default: `en`)

Request Parameters

Name	Type	Required	In	Description
`rawRequestBody`	`String`	Required	body	Raw request body (encrypted via SecureChannel, auto-decrypted by the server)
`sessionId`	`String`	Required	body	Login session ID from the initiate step
`method`	`Integer`	Required	body	MFA method code: 10011001 (EMAIL), 10011002 (OTP), 10011005 (BACKUP_CODE)

Request Example

json

{
  "sessionId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
  "method": 10011001
}

Success Response

Success 200

{
  "version": "2.0.0",
  "timestamp": 1711929600000,
  "success": true,
  "code": "2000",
  "message": "SUCCESS",
  "data": {
    "sent": true,
    "cooldownSeconds": 60,
    "codeExpiresIn": 300
  }
}

Error Responses

Too Many Requests 429

{
  "success": false,
  "code": "AUTH.MFA_SEND_COOLDOWN",
  "message": "Please wait before requesting another code"
}

Notes

Rate limited to 5 requests per 60-second window.
The sessionId must come from a prior initiateLogin call.
The method field specifies which MFA channel to use (e.g., EMAIL, OTP).
Request body is strictly validated — unknown or unexpected fields will be rejected with HTTP 400.

Send Login MFA Code ​

Required Headers ​

Request Parameters ​

Request Example ​

Success Response ​

Error Responses ​