trifid/api/v1/auth/totp.txt

POST /v1/auth/totp HTTP/2
Host: api.defined.net
Content-Length: 17
Sec-Ch-Ua: "Chromium";v="109", "Not_A Brand";v="99"
Accept: application/json
Content-Type: application/json
Sec-Ch-Ua-Mobile: ?0
Authorization: Bearer sess-DWS8oVIMsJCvMLt-7hz0aJp6cOkQm66rLgoiDdzHbMY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36
Sec-Ch-Ua-Platform: "Linux"
Origin: https://admin.defined.net
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

{"code":"984116"}

HTTP/2 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://admin.defined.net
Access-Control-Expose-Headers: X-Request-Id
Cache-Control: no-store
Content-Security-Policy: default-src 'none'
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubdomains
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Request-Id: C5PCDZHGIW4D3M5PRHMHUJH4OQ
Content-Length: 88
Date: Mon, 06 Feb 2023 02:23:20 GMT

{"data":{"authToken":"auth-Fj02D6a8dfs_l-J3NVOITW9C0M_674NmEjWZc8Xo6Ao"},"metadata":{}}

POST /v1/auth/totp HTTP/2
Host: api.defined.net
Content-Length: 17
Sec-Ch-Ua: "Chromium";v="109", "Not_A Brand";v="99"
Accept: application/json
Content-Type: application/json
Sec-Ch-Ua-Mobile: ?0
Authorization: Bearer sess-DWS8oVIMsJCvMLt-7hz0aJp6cOkQm66rLgoiDdzHbMY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36
Sec-Ch-Ua-Platform: "Linux"
Origin: https://admin.defined.net
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

{"code":"237077"}

HTTP/2 400 Bad Request
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://admin.defined.net
Access-Control-Expose-Headers: X-Request-Id
Cache-Control: no-store
Content-Security-Policy: default-src 'none'
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubdomains
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Request-Id: Z7HHBRHXJRTFJXY5PTZ6HRDY6Q
Content-Length: 110
Date: Mon, 06 Feb 2023 02:22:54 GMT

{"errors":[{"code":"ERR_INVALID_TOTP_CODE","message":"invalid TOTP code (maybe it expired?)","path":"code"}]}
find the actual totp check endpoint 2023-02-06 02:25:24 +00:00			`POST /v1/auth/totp HTTP/2`
			`Host: api.defined.net`
			`Content-Length: 17`
			`Sec-Ch-Ua: "Chromium";v="109", "Not_A Brand";v="99"`
			`Accept: application/json`
			`Content-Type: application/json`
			`Sec-Ch-Ua-Mobile: ?0`
			`Authorization: Bearer sess-DWS8oVIMsJCvMLt-7hz0aJp6cOkQm66rLgoiDdzHbMY`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36`
			`Sec-Ch-Ua-Platform: "Linux"`
			`Origin: https://admin.defined.net`
			`Sec-Fetch-Site: same-site`
			`Sec-Fetch-Mode: cors`
			`Sec-Fetch-Dest: empty`
			`Accept-Encoding: gzip, deflate`
			`Accept-Language: en-US,en;q=0.9`

			`{"code":"984116"}`

			`HTTP/2 200 OK`
			`Access-Control-Allow-Credentials: true`
			`Access-Control-Allow-Origin: https://admin.defined.net`
			`Access-Control-Expose-Headers: X-Request-Id`
			`Cache-Control: no-store`
			`Content-Security-Policy: default-src 'none'`
			`Content-Type: application/json; charset=utf-8`
			`Strict-Transport-Security: max-age=31536000; includeSubdomains`
			`Vary: Origin`
			`X-Content-Type-Options: nosniff`
			`X-Frame-Options: DENY`
			`X-Request-Id: C5PCDZHGIW4D3M5PRHMHUJH4OQ`
			`Content-Length: 88`
			`Date: Mon, 06 Feb 2023 02:23:20 GMT`

			`{"data":{"authToken":"auth-Fj02D6a8dfs_l-J3NVOITW9C0M_674NmEjWZc8Xo6Ao"},"metadata":{}}`

			`POST /v1/auth/totp HTTP/2`
			`Host: api.defined.net`
			`Content-Length: 17`
			`Sec-Ch-Ua: "Chromium";v="109", "Not_A Brand";v="99"`
			`Accept: application/json`
			`Content-Type: application/json`
			`Sec-Ch-Ua-Mobile: ?0`
			`Authorization: Bearer sess-DWS8oVIMsJCvMLt-7hz0aJp6cOkQm66rLgoiDdzHbMY`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36`
			`Sec-Ch-Ua-Platform: "Linux"`
			`Origin: https://admin.defined.net`
			`Sec-Fetch-Site: same-site`
			`Sec-Fetch-Mode: cors`
			`Sec-Fetch-Dest: empty`
			`Accept-Encoding: gzip, deflate`
			`Accept-Language: en-US,en;q=0.9`

			`{"code":"237077"}`

			`HTTP/2 400 Bad Request`
			`Access-Control-Allow-Credentials: true`
			`Access-Control-Allow-Origin: https://admin.defined.net`
			`Access-Control-Expose-Headers: X-Request-Id`
			`Cache-Control: no-store`
			`Content-Security-Policy: default-src 'none'`
			`Content-Type: application/json; charset=utf-8`
			`Strict-Transport-Security: max-age=31536000; includeSubdomains`
			`Vary: Origin`
			`X-Content-Type-Options: nosniff`
			`X-Frame-Options: DENY`
			`X-Request-Id: Z7HHBRHXJRTFJXY5PTZ6HRDY6Q`
			`Content-Length: 110`
			`Date: Mon, 06 Feb 2023 02:22:54 GMT`

			`{"errors":[{"code":"ERR_INVALID_TOTP_CODE","message":"invalid TOTP code (maybe it expired?)","path":"code"}]}`