Enrolls an Authentication Factor to be used as an additional factor of authentication. The returned ID should be used to create an authentication Challenge.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); const factor = await workos.mfa.enrollFactor({ type: 'totp', issuer: 'Foo Corp', user: 'alan.turing@example.com', });
{ "object": "authentication_factor", "id": "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ", "type": "totp", "user_id": "user_01E4ZCR3C56J083X43JQXF3JK5", "totp": { "issuer": "WorkOS", "user": "user@example.com", "secret": "JBSWY3DPEHPK3PXP", "qr_code": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUg...", "uri": "otpauth://totp/WorkOS:user@example.com?secret=JBSWY3DPEHPK3PXP&issuer=WorkOS" }, "created_at": "2026-01-15T12:00:00.000Z", "updated_at": "2026-01-15T12:00:00.000Z" }
| curl --request POST \ | |
| --url "https://api.workos.com/auth/factors/enroll" \ | |
| --header "Authorization: Bearer sk_example_123456789" \ | |
| --header "Content-Type: application/json" \ | |
| -d @- <<'BODY' | |
| { | |
| "type": "totp", | |
| "totp_issuer": "Foo Corp", | |
| "totp_user": "alan.turing@example.com" | |
| } | |
| BODY |
| import { WorkOS } from '@workos-inc/node'; | |
| const workos = new WorkOS('sk_example_123456789'); | |
| const factor = await workos.mfa.enrollFactor({ | |
| type: 'totp', | |
| issuer: 'Foo Corp', | |
| user: 'alan.turing@example.com', | |
| }); |
| require "workos" | |
| WorkOS.configure do |config| | |
| config.api_key = "sk_example_123456789" | |
| end | |
| WorkOS.client.multi_factor_auth.enroll_factor(type: "totp") |
| from workos import WorkOSClient | |
| client = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") | |
| client.multi_factor_auth.enroll_factor(type="totp") |
| package main | |
| import ( | |
| "context" | |
| "github.com/workos/workos-go/v9" | |
| ) | |
| func main() { | |
| client := workos.NewClient("sk_example_123456789") | |
| _, err := client.MultiFactorAuth().EnrollFactor(context.Background(), &workos.MultiFactorAuthEnrollFactorParams{ | |
| Type: "totp", | |
| }) | |
| if err != nil { | |
| panic(err) | |
| } | |
| } |
| <?php | |
| use WorkOS\WorkOS; | |
| $workos = new WorkOS( | |
| apiKey: "sk_example_123456789", | |
| clientId: "client_123456789", | |
| ); | |
| $workos->multiFactorAuth()->enrollFactor(type: "totp"); |
| import com.workos.WorkOS; | |
| import com.workos.multifactorauth.MultiFactorAuthApi.EnrollFactorOptions; | |
| WorkOS workos = new WorkOS("sk_example_123456789"); | |
| EnrollFactorOptions options = EnrollFactorOptions.builder().type("totp").build(); | |
| workos.multiFactorAuth.enrollFactor(options); |
| using WorkOS; | |
| var client = new WorkOSClient(new WorkOSOptions { | |
| ApiKey = "sk_example_123456789", | |
| ClientId = "client_123456789", | |
| }); | |
| await client.MultiFactorAuth.EnrollFactorAsync(new MultiFactorAuthEnrollFactorOptions { | |
| Type = "totp", | |
| }); |
| use workos::Client; | |
| use workos::multi_factor_auth::EnrollFactorParams; | |
| #[tokio::main] | |
| async fn main() -> Result<(), workos::Error> { | |
| let client = Client::builder() | |
| .api_key("sk_example_123456789") | |
| .client_id("client_123456789") | |
| .build(); | |
| let _result = client | |
| .multi_factor_auth() | |
| .enroll_factor( | |
| EnrollFactorParams { | |
| type_: "totp".into(), | |
| ..Default::default() | |
| } | |
| ) | |
| .await?; | |
| Ok(()) | |
| } |
| { | |
| "object": "authentication_factor", | |
| "id": "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ", | |
| "type": "totp", | |
| "user_id": "user_01E4ZCR3C56J083X43JQXF3JK5", | |
| "totp": { | |
| "issuer": "WorkOS", | |
| "user": "user@example.com", | |
| "secret": "JBSWY3DPEHPK3PXP", | |
| "qr_code": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUg...", | |
| "uri": "otpauth://totp/WorkOS:user@example.com?secret=JBSWY3DPEHPK3PXP&issuer=WorkOS" | |
| }, | |
| "created_at": "2026-01-15T12:00:00.000Z", | |
| "updated_at": "2026-01-15T12:00:00.000Z" | |
| } |
POST/authReturns Gets an Authentication Factor.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); const factor = await workos.mfa.getFactor( 'auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ', );
{ "object": "authentication_factor", "id": "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ", "type": "totp", "user_id": "user_01E4ZCR3C56J083X43JQXF3JK5", "totp": { "issuer": "WorkOS", "user": "user@example.com" }, "created_at": "2026-01-15T12:00:00.000Z", "updated_at": "2026-01-15T12:00:00.000Z" }
| curl "https://api.workos.com/auth/factors/auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ" \ | |
| --header "Authorization: Bearer sk_example_123456789" |
| import { WorkOS } from '@workos-inc/node'; | |
| const workos = new WorkOS('sk_example_123456789'); | |
| const factor = await workos.mfa.getFactor( | |
| 'auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ', | |
| ); |
| require "workos" | |
| WorkOS.configure do |config| | |
| config.api_key = "sk_example_123456789" | |
| end | |
| WorkOS.client.multi_factor_auth.get_factor(id: "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ") |
| from workos import WorkOSClient | |
| client = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") | |
| client.multi_factor_auth.get_factor(id_="auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ") |
| package main | |
| import ( | |
| "context" | |
| "github.com/workos/workos-go/v9" | |
| ) | |
| func main() { | |
| client := workos.NewClient("sk_example_123456789") | |
| _, err := client.MultiFactorAuth().GetFactor(context.Background(), "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ") | |
| if err != nil { | |
| panic(err) | |
| } | |
| } |
| <?php | |
| use WorkOS\WorkOS; | |
| $workos = new WorkOS( | |
| apiKey: "sk_example_123456789", | |
| clientId: "client_123456789", | |
| ); | |
| $workos | |
| ->multiFactorAuth() | |
| ->getFactor(id: "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ"); |
| import com.workos.WorkOS; | |
| WorkOS workos = new WorkOS("sk_example_123456789"); | |
| workos.multiFactorAuth.getFactor("auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ"); |
| using WorkOS; | |
| var client = new WorkOSClient(new WorkOSOptions { | |
| ApiKey = "sk_example_123456789", | |
| ClientId = "client_123456789", | |
| }); | |
| await client.MultiFactorAuth.GetFactorAsync("auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ"); |
| use workos::Client; | |
| #[tokio::main] | |
| async fn main() -> Result<(), workos::Error> { | |
| let client = Client::builder() | |
| .api_key("sk_example_123456789") | |
| .client_id("client_123456789") | |
| .build(); | |
| let _result = client | |
| .multi_factor_auth() | |
| .get_factor("auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ") | |
| .await?; | |
| Ok(()) | |
| } |
| { | |
| "object": "authentication_factor", | |
| "id": "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ", | |
| "type": "totp", | |
| "user_id": "user_01E4ZCR3C56J083X43JQXF3JK5", | |
| "totp": { | |
| "issuer": "WorkOS", | |
| "user": "user@example.com" | |
| }, | |
| "created_at": "2026-01-15T12:00:00.000Z", | |
| "updated_at": "2026-01-15T12:00:00.000Z" | |
| } |
GET/authParameters Returns Permanently deletes an Authentication Factor. It cannot be undone.
curl --request DELETE \ --url https://api.workos.com/auth/factors/auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ \ --header "Authorization: Bearer sk_example_123456789"
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); await workos.mfa.deleteFactor('auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ');
require "workos" WorkOS.configure do |config| config.api_key = "sk_example_123456789" end WorkOS.client.multi_factor_auth.delete_factor(id: "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ")
from workos import WorkOSClient client = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") client.multi_factor_auth.delete_factor(id_="auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ")
package main import ( "context" "github.com/workos/workos-go/v9" ) func main() { client := workos.NewClient("sk_example_123456789") _, err := client.MultiFactorAuth().DeleteFactor(context.Background(), "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ") if err != nil { panic(err) } }
<?php use WorkOS\WorkOS; $workos = new WorkOS( apiKey: "sk_example_123456789", clientId: "client_123456789", ); $workos ->multiFactorAuth() ->deleteFactor(id: "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ");
import com.workos.WorkOS; WorkOS workos = new WorkOS("sk_example_123456789"); workos.multiFactorAuth.deleteFactor("auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ");
using WorkOS; var client = new WorkOSClient(new WorkOSOptions { ApiKey = "sk_example_123456789", ClientId = "client_123456789", }); await client.MultiFactorAuth.DeleteFactorAsync("auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ");
use workos::Client; #[tokio::main] async fn main() -> Result<(), workos::Error> { let client = Client::builder() .api_key("sk_example_123456789") .client_id("client_123456789") .build(); let _result = client .multi_factor_auth() .delete_factor("auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ") .await?; Ok(()) }
DELETE/authParameters Returns