Authentication

Verify 2FA code

post/auth/totp/verify

Exchange a login challenge token plus a TOTP or backup code for access and refresh tokens.

Body required

challengeTokenstringrequired

Challenge token returned by /auth/login when 2FA is enabled

codestringrequired

6-digit authenticator code or a backup code

Response

accessTokenstringrequired

Short-lived JWT — include as `Authorization: Bearer <token>`

refreshTokenstringrequired

Long-lived token — exchange via /auth/refresh for a new access token

expiresInintegerrequired

Access token lifetime in seconds

tokenTypestringrequired

Request

curl -X POST 'https://api.lira.com/api/v1/auth/totp/verify' \
  -H 'Content-Type: application/json' \
  -d '{
  "challengeToken": "string",
  "code": "123456"
}'

const response = await fetch('https://api.lira.com/api/v1/auth/totp/verify', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    "challengeToken": "string",
    "code": "123456"
  }),
});

const data = await response.json();

import requests

response = requests.post(
    "https://api.lira.com/api/v1/auth/totp/verify",
    headers={},
    json={
  "challengeToken": "string",
  "code": "123456"
},
)

data = response.json()

Response

{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzEyMyIsImlhdCI6MTc2MTEyMzQ1Nn0.access-token-signature",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzEyMyIsImlhdCI6MTc2MTEyMzQ1Nn0.refresh-token-signature",
  "expiresIn": 3600,
  "tokenType": "Bearer"
}

{
  "message": "NG Account Number verification is not enabled for your organisation.",
  "code": "SERVICE_NOT_ENABLED",
  "action": {
    "type": "CONTACT_ADMIN",
    "hint": "Ask your administrator to enable NG Account Number verification in the Lira dashboard."
  }
}