Autional Autional
API Reference GitHub autional.com →

POST /mfa/step-up

Perform secondary MFA verification for sensitive operations of logged-in users, supporting TOTP, SMS, and email. Rate limiting is applied. Reference: NIST SP 800-63B §5.1.7, OWASP ASVS V2.8.

Multi-Factor Authentication `bearerAuth` application/json

Request Body

Schema: dto.StepUpRequest

FieldTypeRequiredExampleConstraintsDescription
code string Yes 123456
method string Yes totp enum: `totp`, `sms`, `email`
user_id string Yes usr_abc123

Responses

StatusDescriptionSchema
200Step-Up Authentication Resultdto.StepUpDetailResponse
400Invalid Parametersgitee_com_linmes_authms_base_dto.SimpleResponse
401Unauthenticatedgitee_com_linmes_authms_base_dto.SimpleResponse
429Request Too Frequentgitee_com_linmes_authms_base_dto.SimpleResponse
500Internal Server Errorgitee_com_linmes_authms_base_dto.SimpleResponse

Referenced Schemas

dto.StepUpDetailResponse

FieldTypeRequiredExampleConstraintsDescription
code integer No
data dto.StepUpResponse No
message string No
timestamp string No

dto.StepUpResponse

FieldTypeRequiredExampleConstraintsDescription
expires_in integer No 300
message string No step-up authentication successful
step_up_token string No eyJ...
valid boolean No True

gitee_com_linmes_authms_base_dto.SimpleResponse

FieldTypeRequiredExampleConstraintsDescription
code integer No
message string No
timestamp string No