Issue a challenge for a TOTP factor

curl --request POST \
  --url https://api.mnemom.ai/v1/auth/mfa/challenge \
  --header 'Content-Type: application/json' \
  --cookie mnemom_session= \
  --data '
{
  "factor_id": "<string>"
}
'

{
  "challenge_id": "<string>"
}

POST

auth

mfa

challenge

Issue a challenge for a TOTP factor

curl --request POST \
  --url https://api.mnemom.ai/v1/auth/mfa/challenge \
  --header 'Content-Type: application/json' \
  --cookie mnemom_session= \
  --data '
{
  "factor_id": "<string>"
}
'

{
  "challenge_id": "<string>"
}

Authorizations

mnemom_session

string

required

HttpOnly, Secure, SameSite=Lax cookie issued by /v1/auth/sign-in (or the SSO / email-callback flows). The value is an AES-256-GCM-encrypted blob of {access_token, refresh_token, issued_at, auth_method}. Browser clients include this automatically with credentials: "include".

Body

application/json

factor_id

string

required

Response

Challenge issued.

challenge_id

string

required

Exchange a cookie session for raw Supabase tokens Complete MFA step-up or enrollment

⌘I