> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hexclave.com/llms.txt
> Use this file to discover all available pages before exploring further.

# MFA sign in

> Complete multi-factor authorization to sign in, with a TOTP and an MFA attempt code



## OpenAPI

````yaml /openapi/client.json post /auth/mfa/sign-in
openapi: 3.1.0
info:
  title: Hexclave REST API
  version: 1.0.0
  description: >-
    The Hexclave REST API. All request headers are documented as canonical
    `X-Hexclave-*`; the equivalent `X-Stack-*` aliases are accepted on every
    endpoint for backwards compatibility. Response headers
    `X-Hexclave-actual-status`, `X-Hexclave-known-error`, and
    `X-Hexclave-request-id` are emitted alongside their legacy `X-Stack-*`
    equivalents.
servers:
  - url: https://api.hexclave.com/api/v1
    description: Hexclave REST API
security: []
paths:
  /auth/mfa/sign-in:
    post:
      tags:
        - OTP
      summary: MFA sign in
      description: >-
        Complete multi-factor authorization to sign in, with a TOTP and an MFA
        attempt code
      parameters: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                type:
                  type: string
                  enum:
                    - totp
                totp:
                  type: string
                code:
                  type: string
                  example: u3h6gn4w24pqc8ya679inrhjwh1rybth6a7thurqhnpf2
                  description: A 45 character code
              required:
                - type
                - totp
                - code
              example:
                code: u3h6gn4w24pqc8ya679inrhjwh1rybth6a7thurqhnpf2
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                type: object
                properties:
                  refresh_token:
                    type: string
                    example: i8ns3aq2...14y
                    description: >-
                      Long-lived refresh token that can be used to obtain a new
                      access token
                  access_token:
                    type: string
                    example: eyJhmMiJB2TO...diI4QT
                    description: >-
                      Short-lived access token that can be used to authenticate
                      the user
                  is_new_user:
                    type: boolean
                    example: true
                    description: Whether the user is a new user
                  user_id:
                    type: string
                    example: 3241a285-8329-4d69-8f3d-316e08cf140c
                    description: The unique identifier of the user
                required:
                  - refresh_token
                  - access_token
                  - is_new_user
                  - user_id

````