Set up 2FA (confirm)
curl --request POST \
--url https://api.next.orenda.finance/v1/auth/security-setup/mfa/confirm \
--header 'Content-Type: application/json' \
--header 'x-program-id: <x-program-id>' \
--data '
{
"session_token": "3f1c2e8a-9b4d-4e6f-8a1b-2c3d4e5f6a7b",
"totp_code": "123456"
}
'import requests
url = "https://api.next.orenda.finance/v1/auth/security-setup/mfa/confirm"
payload = {
"session_token": "3f1c2e8a-9b4d-4e6f-8a1b-2c3d4e5f6a7b",
"totp_code": "123456"
}
headers = {
"x-program-id": "<x-program-id>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {'x-program-id': '<x-program-id>', 'Content-Type': 'application/json'},
body: JSON.stringify({session_token: '3f1c2e8a-9b4d-4e6f-8a1b-2c3d4e5f6a7b', totp_code: '123456'})
};
fetch('https://api.next.orenda.finance/v1/auth/security-setup/mfa/confirm', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.next.orenda.finance/v1/auth/security-setup/mfa/confirm",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'session_token' => '3f1c2e8a-9b4d-4e6f-8a1b-2c3d4e5f6a7b',
'totp_code' => '123456'
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"x-program-id: <x-program-id>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.next.orenda.finance/v1/auth/security-setup/mfa/confirm"
payload := strings.NewReader("{\n \"session_token\": \"3f1c2e8a-9b4d-4e6f-8a1b-2c3d4e5f6a7b\",\n \"totp_code\": \"123456\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("x-program-id", "<x-program-id>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.next.orenda.finance/v1/auth/security-setup/mfa/confirm")
.header("x-program-id", "<x-program-id>")
.header("Content-Type", "application/json")
.body("{\n \"session_token\": \"3f1c2e8a-9b4d-4e6f-8a1b-2c3d4e5f6a7b\",\n \"totp_code\": \"123456\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.next.orenda.finance/v1/auth/security-setup/mfa/confirm")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["x-program-id"] = '<x-program-id>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"session_token\": \"3f1c2e8a-9b4d-4e6f-8a1b-2c3d4e5f6a7b\",\n \"totp_code\": \"123456\"\n}"
response = http.request(request)
puts response.read_body{
"success": true,
"data": {
"mfa_enabled": true
}
}{
"success": false,
"code": "INVALID_CREDENTIALS",
"message": "<string>",
"retryable": true
}{
"success": false,
"code": "SESSION_EXPIRED",
"message": "Challenge session has expired"
}{
"success": false,
"code": "VALIDATION_ERROR",
"message": "email is required"
}{
"success": false,
"code": "USER_LOCKED",
"message": "Too many failed attempts"
}{
"success": false,
"code": "INTERNAL_SERVER_ERROR",
"message": "Internal Server Error"
}Security setup
Set up 2FA (confirm)
Turn on 2FA with the first code from the app.
POST
/
v1
/
auth
/
security-setup
/
mfa
/
confirm
Set up 2FA (confirm)
curl --request POST \
--url https://api.next.orenda.finance/v1/auth/security-setup/mfa/confirm \
--header 'Content-Type: application/json' \
--header 'x-program-id: <x-program-id>' \
--data '
{
"session_token": "3f1c2e8a-9b4d-4e6f-8a1b-2c3d4e5f6a7b",
"totp_code": "123456"
}
'import requests
url = "https://api.next.orenda.finance/v1/auth/security-setup/mfa/confirm"
payload = {
"session_token": "3f1c2e8a-9b4d-4e6f-8a1b-2c3d4e5f6a7b",
"totp_code": "123456"
}
headers = {
"x-program-id": "<x-program-id>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {'x-program-id': '<x-program-id>', 'Content-Type': 'application/json'},
body: JSON.stringify({session_token: '3f1c2e8a-9b4d-4e6f-8a1b-2c3d4e5f6a7b', totp_code: '123456'})
};
fetch('https://api.next.orenda.finance/v1/auth/security-setup/mfa/confirm', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.next.orenda.finance/v1/auth/security-setup/mfa/confirm",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'session_token' => '3f1c2e8a-9b4d-4e6f-8a1b-2c3d4e5f6a7b',
'totp_code' => '123456'
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"x-program-id: <x-program-id>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.next.orenda.finance/v1/auth/security-setup/mfa/confirm"
payload := strings.NewReader("{\n \"session_token\": \"3f1c2e8a-9b4d-4e6f-8a1b-2c3d4e5f6a7b\",\n \"totp_code\": \"123456\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("x-program-id", "<x-program-id>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.next.orenda.finance/v1/auth/security-setup/mfa/confirm")
.header("x-program-id", "<x-program-id>")
.header("Content-Type", "application/json")
.body("{\n \"session_token\": \"3f1c2e8a-9b4d-4e6f-8a1b-2c3d4e5f6a7b\",\n \"totp_code\": \"123456\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.next.orenda.finance/v1/auth/security-setup/mfa/confirm")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["x-program-id"] = '<x-program-id>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"session_token\": \"3f1c2e8a-9b4d-4e6f-8a1b-2c3d4e5f6a7b\",\n \"totp_code\": \"123456\"\n}"
response = http.request(request)
puts response.read_body{
"success": true,
"data": {
"mfa_enabled": true
}
}{
"success": false,
"code": "INVALID_CREDENTIALS",
"message": "<string>",
"retryable": true
}{
"success": false,
"code": "SESSION_EXPIRED",
"message": "Challenge session has expired"
}{
"success": false,
"code": "VALIDATION_ERROR",
"message": "email is required"
}{
"success": false,
"code": "USER_LOCKED",
"message": "Too many failed attempts"
}{
"success": false,
"code": "INTERNAL_SERVER_ERROR",
"message": "Internal Server Error"
}Step 2 of the 2FA path. Send the
session_token and the 6-digit code now showing in the
user’s authenticator app. On success, 2FA is enabled.
Then call Finish security setup to get tokens.Headers
Identifies the program. Can also be sent as the programId query parameter.
Body
application/json
⌘I