Get User Authentication Factors (2FA/MFA)

Get a list of authentication factors the user has set. Including Second-Factors (2FA) and Multi-Factors (MFA).

Path Parameters

userId string required

Header Parameters

x-zitadel-orgid string

The default is always the organization of the requesting user. If you like to get a user from another organization include the header. Make sure the requesting user has permission in the requested organization.

Responses

• 200
• default

---

OK

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

result object[]
Array [
state string
Possible values: [AUTH_FACTOR_STATE_UNSPECIFIED, AUTH_FACTOR_STATE_NOT_READY, AUTH_FACTOR_STATE_READY, AUTH_FACTOR_STATE_REMOVED]
Default value: AUTH_FACTOR_STATE_UNSPECIFIED
current state of the auth factor
otp object
one type use OTP, OTPSMS, OTPEmail or U2F
u2f object
one type use OTP, OTPSMS, OTPEmail or U2F
id string
name string
otpSms object
one type use OTP, OTPSMS, OTPEmail or U2F
otpEmail object
one type use OTP, OTPSMS, OTPEmail or U2F
]

{
  "result": [
    {
      "state": "AUTH_FACTOR_STATE_UNSPECIFIED",
      "otp": {},
      "u2f": {
        "id": "69629023906488334",
        "name": "fido key"
      },
      "otpSms": {},
      "otpEmail": {}
    }
  ]
}

Schema

Example (from schema)

---

Schema

result object[]
Array [
state string
Possible values: [AUTH_FACTOR_STATE_UNSPECIFIED, AUTH_FACTOR_STATE_NOT_READY, AUTH_FACTOR_STATE_READY, AUTH_FACTOR_STATE_REMOVED]
Default value: AUTH_FACTOR_STATE_UNSPECIFIED
current state of the auth factor
otp object
one type use OTP, OTPSMS, OTPEmail or U2F
u2f object
one type use OTP, OTPSMS, OTPEmail or U2F
id string
name string
otpSms object
one type use OTP, OTPSMS, OTPEmail or U2F
otpEmail object
one type use OTP, OTPSMS, OTPEmail or U2F
]

{
  "result": [
    {
      "state": "AUTH_FACTOR_STATE_UNSPECIFIED",
      "otp": {},
      "u2f": {
        "id": "69629023906488334",
        "name": "fido key"
      },
      "otpSms": {},
      "otpEmail": {}
    }
  ]
}

Schema

Example (from schema)

---

Schema

result object[]
Array [
state string
Possible values: [AUTH_FACTOR_STATE_UNSPECIFIED, AUTH_FACTOR_STATE_NOT_READY, AUTH_FACTOR_STATE_READY, AUTH_FACTOR_STATE_REMOVED]
Default value: AUTH_FACTOR_STATE_UNSPECIFIED
current state of the auth factor
otp object
one type use OTP, OTPSMS, OTPEmail or U2F
u2f object
one type use OTP, OTPSMS, OTPEmail or U2F
id string
name string
otpSms object
one type use OTP, OTPSMS, OTPEmail or U2F
otpEmail object
one type use OTP, OTPSMS, OTPEmail or U2F
]

{
  "result": [
    {
      "state": "AUTH_FACTOR_STATE_UNSPECIFIED",
      "otp": {},
      "u2f": {
        "id": "69629023906488334",
        "name": "fido key"
      },
      "otpSms": {},
      "otpEmail": {}
    }
  ]
}

An unexpected error response.

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

POST /users/:userId/auth_factors/_search

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL

https://$CUSTOM-DOMAIN/management/v1

Bearer Token

userId — path required

x-zitadel-orgid — header

Accept

application/jsonapplication/grpcapplication/grpc-web+proto

curl / cURL

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/auth_factors/_search' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

python / requests

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/auth_factors/_search' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

go / native

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/auth_factors/_search' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

nodejs / axios

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/auth_factors/_search' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

ruby / Net::HTTP

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/auth_factors/_search' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

csharp / RestSharp

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/auth_factors/_search' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

php / cURL

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/auth_factors/_search' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

java / OkHttp

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/auth_factors/_search' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

powershell / RestMethod

curl -L -X POST 'https://$CUSTOM-DOMAIN/management/v1/users/:userId/auth_factors/_search' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'