POST /v1/verify-totp-authenticator HTTP/2 Host: api.defined.net Content-Length: 80 Sec-Ch-Ua: "Chromium";v="109", "Not_A Brand";v="99" Accept: application/json Content-Type: application/json Sec-Ch-Ua-Mobile: ?0 Authorization: Bearer sess-CcSodB65KzkdJuPzdp-A-vdDx2P-Vxsynpk_LTGPUmw User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36 Sec-Ch-Ua-Platform: "Linux" Origin: https://admin.defined.net Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 {"totpToken":"totp-mH9eLzA9Q5WB-sg3Fq8CfkP13eTh3DxF25kVK2VEDOk","code":"266242"} HTTP/2 400 Bad Request Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://admin.defined.net Access-Control-Expose-Headers: X-Request-Id Cache-Control: no-store Content-Security-Policy: default-src 'none' Content-Type: application/json; charset=utf-8 Strict-Transport-Security: max-age=31536000; includeSubdomains Vary: Origin X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Request-Id: DGCHQK6LSGGMPPJUPYGHXRQJRY Content-Length: 124 Date: Fri, 03 Feb 2023 15:23:55 GMT {"errors":[{"code":"ERR_INVALID_TOTP_TOKEN","message":"TOTP token does not exist (maybe it expired?)","path":"totpToken"}]} POST /v1/verify-totp-authenticator HTTP/2 Host: api.defined.net Content-Length: 80 Sec-Ch-Ua: "Chromium";v="109", "Not_A Brand";v="99" Accept: application/json Content-Type: application/json Sec-Ch-Ua-Mobile: ?0 Authorization: Bearer sess-CcSodB65KzkdJuPzdp-A-vdDx2P-Vxsynpk_LTGPUmw User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36 Sec-Ch-Ua-Platform: "Linux" Origin: https://admin.defined.net Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 {"totpToken":"totp-gaUDaxPrrIBc8GEQ6z0vPisT8k0MEP1fgI8FA2ztLMw","code":"175543"} HTTP/2 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://admin.defined.net Access-Control-Expose-Headers: X-Request-Id Cache-Control: no-store Content-Security-Policy: default-src 'none' Content-Type: application/json; charset=utf-8 Strict-Transport-Security: max-age=31536000; includeSubdomains Vary: Origin X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Request-Id: NSVVFYH3S2J6FRBT2BHUVPSH5I Content-Length: 88 Date: Fri, 03 Feb 2023 15:24:42 GMT {"data":{"authToken":"auth-O7mugxdYta-RKtLMqDW4j8XCJ85EfZKKezeZZXBYtFQ"},"metadata":{}}