Home page
API

Enrollment

At the end of this guide, you will have a complete 2FA enrollment flow where users can enable, disable, and manage two-factor authentication on their account.

The enrollment component provides the full two-factor lifecycle. The consumer requests a new enrollment, displays the returned QR code (or secret) so the user can register it in their authenticator app, then submits the user's first 6-digit code to activate 2FA. Upon successful verification, 10 single-use recovery codes are returned in the same response. The consumer is responsible for displaying the recovery codes to the user once. Users can also disable 2FA and regenerate recovery codes.

The component includes:

  • Start enrollment endpoint that returns a QR code data URL and the plain secret
  • Peek enrollment endpoint for resuming an in-progress enrollment
  • Verify endpoint that activates 2FA and returns recovery codes
  • Disable endpoint
  • Recovery code regeneration endpoint
Note

This guide requires you to complete the Two-Factor Setup, Profile management, and Change password guides first.

Unlock access
Only Plus subscribers can access the documentation
Log in now
Kit Flow AI
Packages Kit Components
Terms & License Agreement