Complete MFA step-up or enrollment

curl --request POST \
  --url https://api.mnemom.ai/v1/auth/mfa/verify \
  --header 'Content-Type: application/json' \
  --cookie mnemom_session= \
  --data '
{
  "factor_id": "<string>",
  "challenge_id": "<string>",
  "code": "<string>"
}
'

{
  "user": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "email": "[email protected]",
    "app_metadata": {},
    "user_metadata": {}
  }
}

POST

auth

mfa

verify

Complete MFA step-up or enrollment

curl --request POST \
  --url https://api.mnemom.ai/v1/auth/mfa/verify \
  --header 'Content-Type: application/json' \
  --cookie mnemom_session= \
  --data '
{
  "factor_id": "<string>",
  "challenge_id": "<string>",
  "code": "<string>"
}
'

{
  "user": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "email": "[email protected]",
    "app_metadata": {},
    "user_metadata": {}
  }
}

Authorizations

mnemom_session

string

required

HttpOnly, Secure, SameSite=Lax cookie issued by /v1/auth/sign-in (or the SSO / email-callback flows). The value is an AES-256-GCM-encrypted blob of {access_token, refresh_token, issued_at, auth_method}. Browser clients include this automatically with credentials: "include".

Body

application/json

factor_id

string

required

challenge_id

string

required

code

string

required

6-digit TOTP code.

Response

Full session issued. Response sets mnemom_session cookie.

user

object

required

Supabase user shape. Fields beyond id and email are passthrough.

Show child attributes

Issue a challenge for a TOTP factor List the current user's TOTP factors

⌘I