Turn off Multi-Factor Authentication for Signing In

API Method: DELETE /settings/MfaSignIn

Description:

This API method disables Multi-Factor Authentication (MFA) for signing into a user's account. Once MFA is turned off, the user will only need to provide their password to log in, eliminating the need for a second authentication step such as an SMS code, email code, or authenticator app.

Endpoint:

DELETE /settings/MfaSignIn

Functionality:

  • Purpose: Deactivates Multi-Factor Authentication, removing the extra layer of security for the user's login process. This reverts the sign-in flow back to single-factor authentication (password only).
  • User Flow: When a user no longer wants to use MFA for signing in, this API is called to disable it. After successful deactivation, future sign-ins will only require a password.

Request Headers:

  • Authorization: Bearer token required to authenticate the user and authorize the operation.
  • Content-Type: application/json

Request Body:

  • This endpoint does not typically require a request body, as it only disables MFA for sign-in. The bearer token is sufficient to identify the user and disable MFA for their account.

Response:

  • 200 OK: Indicates that MFA has been successfully turned off. A JSON object confirms that MFA is no longer active.

  • 401 Unauthorized: If the bearer token is invalid or expired, indicating that the user is not authenticated.

  • 500 Internal Server Error: If there is an issue disabling MFA due to a server-side error.

Notes:

  • Security Considerations: Disabling MFA reduces the security of the user's account, so this action should only be performed if the user is certain that they no longer need the extra protection.
  • Single-Factor Authentication: Once MFA is disabled, the account will revert to single-factor authentication (password only), which makes it more vulnerable to unauthorized access.
  • This endpoint is typically available in the account security or settings section where users manage their authentication preferences.
Language
Credentials
Bearer
JWT
Click Try It! to start a request and see the response here!