> ## Documentation Index
> Fetch the complete documentation index at: https://docs.flowxi.app/llms.txt
> Use this file to discover all available pages before exploring further.

# 2FA status (and enrollment info if disabled)

> If enabled: never returns secret nor otpauth_uri. If disabled: returns pending secret + otpauth_uri for enrollment (cache, not DB).




## OpenAPI

````yaml api-reference/openapi.yaml get /api/v1/auth/2fa/status
openapi: 3.0.3
info:
  title: Flowxi API Documentation
  version: 1.0.0
servers:
  - url: https://api.flowxi.app
security:
  - bearerAuth: []
tags:
  - name: Health
    description: Service healthcheck.
  - name: Registration
    description: Registration flows (magic link + email OTP).
  - name: Auth
    description: Login and session management.
  - name: Two-factor authentication
    description: TOTP 2FA endpoints (login verification + manage 2FA).
  - name: Devices
    description: Session/device listing and revocation.
  - name: Me
    description: Profile of the authenticated user (Sanctum session).
paths:
  /api/v1/auth/2fa/status:
    get:
      tags:
        - Two-factor authentication
      summary: 2FA status (and enrollment info if disabled)
      description: >
        If enabled: never returns secret nor otpauth_uri. If disabled: returns
        pending secret + otpauth_uri for enrollment (cache, not DB).
      operationId: getApiV1Auth2faStatus
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TwoFaStatusResponse'
              examples:
                enabled:
                  value:
                    code: TWOFA_STATUS
                    message: 2FA is enabled.
                    enabled: true
                    email: user@example.com
                    secret: null
                    otpauth_uri: null
                    issuer: Flowxi
                disabled:
                  value:
                    code: TWOFA_STATUS
                    message: 2FA is disabled.
                    enabled: false
                    email: user@example.com
                    secret: BASE32SECRET...
                    otpauth_uri: >-
                      otpauth://totp/Flowxi:user@example.com?secret=BASE32SECRET&issuer=Flowxi
                    issuer: Flowxi
                    expires_in: 600
        '401':
          $ref: '#/components/responses/Unauthenticated'
      security:
        - bearerAuth: []
components:
  schemas:
    TwoFaStatusResponse:
      allOf:
        - $ref: '#/components/schemas/ApiOkBase'
        - type: object
          required:
            - enabled
            - email
            - secret
            - otpauth_uri
            - issuer
          properties:
            enabled:
              type: boolean
              example: false
            email:
              type: string
              format: email
              example: user@example.com
            secret:
              type: string
              nullable: true
              example: BASE32SECRET...
            otpauth_uri:
              type: string
              nullable: true
              example: >-
                otpauth://totp/Flowxi:user@example.com?secret=BASE32SECRET&issuer=Flowxi
            issuer:
              type: string
              example: Flowxi
            expires_in:
              type: integer
              nullable: true
              example: 600
    ApiOkBase:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          example: OK
        message:
          type: string
          example: OK
    ApiError:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          description: Machine-readable error code.
          example: UNAUTHENTICATED
        message:
          type: string
          description: Localized, user-facing message.
          example: Unauthenticated.
  responses:
    Unauthenticated:
      description: Unauthenticated.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
          example:
            code: UNAUTHENTICATED
            message: Unauthenticated.
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: Sanctum

````