v6 documentation is incomplete, want to contribute?

VRChat.community

API documentation, SDKs, and more
API Reference
Discord

Verify 2FA code

Finishes the login sequence with a normal 2FA-generated code for accounts with 2FA-protection enabled.

Requests made through this page are proxied through an intermediary server due to Cross-Origin Resource Sharing restrictions.

POST
/auth/twofactorauth/totp/verify

Authorization

auth<token>

Auth Token via Cookie

In: cookie

Request Body

codestring

Response Body

curl -X POST "https://api.vrchat.cloud/api/1/auth/twofactorauth/totp/verify" \
  -H "Content-Type: application/json" \
  -d '{
    "code": "string"
  }'
const body = JSON.stringify({
  "code": "string"
})

fetch("https://api.vrchat.cloud/api/1/auth/twofactorauth/totp/verify", {
  body
})
package main

import (
  "fmt"
  "net/http"
  "io/ioutil"
  "strings"
)

func main() {
  url := "https://api.vrchat.cloud/api/1/auth/twofactorauth/totp/verify"
  body := strings.NewReader(`{
    "code": "string"
  }`)
  req, _ := http.NewRequest("POST", url, body)
  req.Header.Add("Content-Type", "application/json")
  res, _ := http.DefaultClient.Do(req)
  defer res.Body.Close()
  body, _ := ioutil.ReadAll(res.Body)

  fmt.Println(res)
  fmt.Println(string(body))
}
import requests

url = "https://api.vrchat.cloud/api/1/auth/twofactorauth/totp/verify"
body = {
  "code": "string"
}
response = requests.request("POST", url, json = body, headers = {
  "Content-Type": "application/json"
})

print(response.text)
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.http.HttpResponse.BodyHandlers;
import java.time.Duration;
import java.net.http.HttpRequest.BodyPublishers;

var body = BodyPublishers.ofString("""{
  "code": "string"
}""");
HttpClient client = HttpClient.newBuilder()
  .connectTimeout(Duration.ofSeconds(10))
  .build();

HttpRequest.Builder requestBuilder = HttpRequest.newBuilder()
  .uri(URI.create("https://api.vrchat.cloud/api/1/auth/twofactorauth/totp/verify"))
  .header("Content-Type", "application/json")
  .POST(body)
  .build();

try {
  HttpResponse<String> response = client.send(requestBuilder.build(), BodyHandlers.ofString());
  System.out.println("Status code: " + response.statusCode());
  System.out.println("Response body: " + response.body());
} catch (Exception e) {
  e.printStackTrace();
}
using System;
using System.Net.Http;
using System.Text;

var body = new StringContent("""
{
  "code": "string"
}
""", Encoding.UTF8, "application/json");

var client = new HttpClient();
var response = await client.PostAsync("https://api.vrchat.cloud/api/1/auth/twofactorauth/totp/verify", body);
var responseBody = await response.Content.ReadAsStringAsync();
{
  "verified": true,
  "enabled": true
}

{
  "error": {
    "message": "\"Missing Credentials\"",
    "status_code": 401
  }
}