Enrolls an Authentication Factor to be used as an additional factor of authentication. The returned ID should be used to create an authentication Challenge.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); const factor = await workos.mfa.enrollFactor({ type: 'totp', issuer: 'Foo Corp', user: 'alan.turing@example.com', });
{ "object": "authentication_factor", "id": "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ", "type": "totp", "user_id": "user_01E4ZCR3C56J083X43JQXF3JK5", "totp": { "issuer": "WorkOS", "user": "user@example.com", "secret": "JBSWY3DPEHPK3PXP", "qr_code": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUg...", "uri": "otpauth://totp/WorkOS:user@example.com?secret=JBSWY3DPEHPK3PXP&issuer=WorkOS" }, "created_at": "2026-01-15T12:00:00.000Z", "updated_at": "2026-01-15T12:00:00.000Z" }
| curl --request POST \ | |
| --url "https://api.workos.com/auth/factors/enroll" \ | |
| --header "Authorization: Bearer sk_example_123456789" \ | |
| --header "Content-Type: application/json" \ | |
| -d @- <<'BODY' | |
| { | |
| "type": "totp", | |
| "totp_issuer": "Foo Corp", | |
| "totp_user": "alan.turing@example.com" | |
| } | |
| BODY |
| import { WorkOS } from '@workos-inc/node'; | |
| const workos = new WorkOS('sk_example_123456789'); | |
| const factor = await workos.mfa.enrollFactor({ | |
| type: 'totp', | |
| issuer: 'Foo Corp', | |
| user: 'alan.turing@example.com', | |
| }); |
| require "workos" | |
| WorkOS.configure do |config| | |
| config.key = "sk_example_123456789" | |
| end | |
| factor = WorkOS::MFA.enroll_factor( | |
| type: "totp", | |
| totp_issuer: "Foo Corp", | |
| totp_user: "alan.turing@example.com" | |
| ) |
| from workos import WorkOSClient | |
| workos_client = WorkOSClient( | |
| api_key="sk_example_123456789", client_id="client_123456789" | |
| ) | |
| factor_type = "totp" | |
| organization = "Foo Corp" | |
| email = "alan.turing@example.com" | |
| authentication_factor = workos_client.mfa.enroll_factor( | |
| type=factor_type, totp_issuer=organization, totp_user=email | |
| ) |
| package main | |
| import ( | |
| "context" | |
| "github.com/workos/workos-go/v3/pkg/mfa" | |
| ) | |
| func main() { | |
| mfa.SetAPIKey("sk_example_123456789") | |
| enroll, err := mfa.EnrollFactor( | |
| context.Background(), | |
| mfa.EnrollFactorOpts{ | |
| Type: "totp", | |
| TOTPIssuer: "Foo Corp", | |
| TOTPUser: "alan.turing@example.com", | |
| }, | |
| ) | |
| } |
| <?php | |
| WorkOS\WorkOS::setApiKey("sk_example_123456789"); | |
| $mfa = new WorkOS\MFA(); | |
| $type = "totp"; | |
| $totpIssuer = "Foo Corp"; | |
| $totpUser = "alan.turing@example.com"; | |
| $factor = $mfa->enrollFactor( | |
| type: $type, | |
| totpIssuer: $totpIssuer, | |
| totpUser: $totpUser | |
| ); |
| import com.workos.WorkOS; | |
| import com.workos.mfa.MfaApi.EnrollFactorOptions; | |
| import com.workos.mfa.models.Factor; | |
| WorkOS workos = new WorkOS("sk_example_123456789"); | |
| EnrollFactorOptions options = EnrollFactorOptions.builder() | |
| .type("totp") | |
| .issuer("Foo Corp") | |
| .user("alan.turing@example.com") | |
| .build(); | |
| Factor factor = workos.mfa.enrollFactor(options); |
| WorkOS.SetApiKey("sk_example_123456789"); | |
| var mfaService = new MfaService(); | |
| // Enroll an Authentication Factor with TOTP | |
| var issuer = "Foo Corp"; | |
| var user = "alan.turing@example.com"; | |
| var totpOptions = new EnrollTotpFactorOptions(issuer, user); | |
| var totpFactor = await mfaService.EnrollFactor(totpOptions); | |
| // Enroll an Authentication Factor with SMS | |
| var phone = "+15555555555"; | |
| var smsOptions = new EnrollSmsFactorOptions(phone); | |
| var smsFactor = await mfaService.EnrollFactor(smsOptions); |
| { | |
| "object": "authentication_factor", | |
| "id": "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ", | |
| "type": "totp", | |
| "user_id": "user_01E4ZCR3C56J083X43JQXF3JK5", | |
| "totp": { | |
| "issuer": "WorkOS", | |
| "user": "user@example.com", | |
| "secret": "JBSWY3DPEHPK3PXP", | |
| "qr_code": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUg...", | |
| "uri": "otpauth://totp/WorkOS:user@example.com?secret=JBSWY3DPEHPK3PXP&issuer=WorkOS" | |
| }, | |
| "created_at": "2026-01-15T12:00:00.000Z", | |
| "updated_at": "2026-01-15T12:00:00.000Z" | |
| } |
POST/authReturns Gets an Authentication Factor.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); const factor = await workos.mfa.getFactor( 'auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ', );
{ "object": "authentication_factor", "id": "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ", "type": "totp", "user_id": "user_01E4ZCR3C56J083X43JQXF3JK5", "totp": { "issuer": "WorkOS", "user": "user@example.com" }, "created_at": "2026-01-15T12:00:00.000Z", "updated_at": "2026-01-15T12:00:00.000Z" }
| curl "https://api.workos.com/auth/factors/auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ" \ | |
| --header "Authorization: Bearer sk_example_123456789" |
| import { WorkOS } from '@workos-inc/node'; | |
| const workos = new WorkOS('sk_example_123456789'); | |
| const factor = await workos.mfa.getFactor( | |
| 'auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ', | |
| ); |
| require "workos" | |
| WorkOS.configure do |config| | |
| config.key = "sk_example_123456789" | |
| end | |
| factor = WorkOS::MFA.get_factor( | |
| id: "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ" | |
| ) |
| from workos import WorkOSClient | |
| workos_client = WorkOSClient( | |
| api_key="sk_example_123456789", client_id="client_123456789" | |
| ) | |
| authentication_factor = workos_client.mfa.get_factor( | |
| authentication_factor_id="auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ" | |
| ) |
| package main | |
| import ( | |
| "context" | |
| "github.com/workos/workos-go/v3/pkg/mfa" | |
| ) | |
| func main() { | |
| mfa.Configure( | |
| "sk_example_123456789", | |
| "client_123456789", | |
| ) | |
| factor, err := mfa.GetFactor( | |
| context.Background(), | |
| mfa.GetFactorOpts{ | |
| FactorId: "conn_01E2NPPCT7XQ2MVVYDHWGK1WN4", | |
| }, | |
| ) | |
| } |
| <?php | |
| WorkOS\WorkOS::setApiKey("sk_example_123456789"); | |
| WorkOS\WorkOS::setClientId("client_123456789"); | |
| $mfa = new WorkOS\MFA(); | |
| $factor = $mfa->getFactor("auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ"); |
| import com.workos.WorkOS; | |
| import com.workos.mfa.models.Factor; | |
| WorkOS workos = new WorkOS("sk_example_123456789"); | |
| String authenticationFactorId = "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ"; | |
| Factor factor = workos.mfa.getFactor(authenticationFactorId); |
| WorkOS.SetApiKey("sk_example_123456789"); | |
| var mfaService = new MfaService(); | |
| var factor = await mfaService.GetFactor("auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ"); |
| { | |
| "object": "authentication_factor", | |
| "id": "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ", | |
| "type": "totp", | |
| "user_id": "user_01E4ZCR3C56J083X43JQXF3JK5", | |
| "totp": { | |
| "issuer": "WorkOS", | |
| "user": "user@example.com" | |
| }, | |
| "created_at": "2026-01-15T12:00:00.000Z", | |
| "updated_at": "2026-01-15T12:00:00.000Z" | |
| } |
GET/authParameters Returns Permanently deletes an Authentication Factor. It cannot be undone.
curl --request DELETE \ --url https://api.workos.com/auth/factors/auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ \ --header "Authorization: Bearer sk_example_123456789"
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789'); await workos.mfa.deleteFactor('auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ');
require "workos" WorkOS.configure do |config| config.key = "sk_example_123456789" end WorkOS::MFA.delete_factor( id: "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ" )
from workos import WorkOSClient workos_client = WorkOSClient( api_key="sk_example_123456789", client_id="client_123456789" ) workos_client.mfa.delete_factor( authentication_factor_id="auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ" )
package main import ( "context" "github.com/workos/workos-go/v3/pkg/mfa" ) func main() { mfa.Configure( "sk_example_123456789", "client_123456789", ) err := mfa.DeleteFactor( context.Background(), mfa.DeleteFactorOpts{ FactorId: "conn_01E2NPPCT7XQ2MVVYDHWGK1WN4", }, ) }
<?php WorkOS\WorkOS::setApiKey("sk_example_123456789"); WorkOS\WorkOS::setClientId("client_123456789"); $sso = new WorkOS\MFA(); $sso->deleteFactor("auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ");
import com.workos.WorkOS; WorkOS workos = new WorkOS("sk_example_123456789"); String authenticationFactorId = "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ"; workos.mfa.deleteFactor(authenticationFactorId);
WorkOS.SetApiKey("sk_example_123456789"); var mfaService = new MfaService(); await mfaService.DeleteFactor("auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ");
DELETE/authParameters Returns