POST /v1/auth/totp HTTP/2
Host: api.defined.net
Content-Length: 17
Sec-Ch-Ua: "Chromium";v="109", "Not_A Brand";v="99"
Accept: application/json
Content-Type: application/json
Sec-Ch-Ua-Mobile: ?0
Authorization: Bearer sess-DWS8oVIMsJCvMLt-7hz0aJp6cOkQm66rLgoiDdzHbMY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36
Sec-Ch-Ua-Platform: "Linux"
Origin: https://admin.defined.net
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

{"code":"984116"}

HTTP/2 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://admin.defined.net
Access-Control-Expose-Headers: X-Request-Id
Cache-Control: no-store
Content-Security-Policy: default-src 'none'
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubdomains
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Request-Id: C5PCDZHGIW4D3M5PRHMHUJH4OQ
Content-Length: 88
Date: Mon, 06 Feb 2023 02:23:20 GMT

{"data":{"authToken":"auth-Fj02D6a8dfs_l-J3NVOITW9C0M_674NmEjWZc8Xo6Ao"},"metadata":{}}

POST /v1/auth/totp HTTP/2
Host: api.defined.net
Content-Length: 17
Sec-Ch-Ua: "Chromium";v="109", "Not_A Brand";v="99"
Accept: application/json
Content-Type: application/json
Sec-Ch-Ua-Mobile: ?0
Authorization: Bearer sess-DWS8oVIMsJCvMLt-7hz0aJp6cOkQm66rLgoiDdzHbMY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36
Sec-Ch-Ua-Platform: "Linux"
Origin: https://admin.defined.net
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

{"code":"237077"}

HTTP/2 400 Bad Request
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://admin.defined.net
Access-Control-Expose-Headers: X-Request-Id
Cache-Control: no-store
Content-Security-Policy: default-src 'none'
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubdomains
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Request-Id: Z7HHBRHXJRTFJXY5PTZ6HRDY6Q
Content-Length: 110
Date: Mon, 06 Feb 2023 02:22:54 GMT

{"errors":[{"code":"ERR_INVALID_TOTP_CODE","message":"invalid TOTP code (maybe it expired?)","path":"code"}]}