totp-require
. The details object will list the method that has been required (email on this example) so it's possible to inform the user to check his email for the code.totp-invalid
will be returned;users.2fa.sendEmailCode
via POST passing the user's email or username as body. It's required to pass the email or username because this endpoint can be called when the user is not logged in.emailOrUsername
was not provided;emailOrUsername
;users.2fa.enable-email
via POST. Note that the two factor via email will only work if the user has at least one verified email.users.2fa.disable-email
via POST. Note this endpoint requires the two factor to be executed.