1. Docs
  2. API Reference
  3. List enrolled MFA factors for the caller

List enrolled MFA factors for the caller

GET/v1/identity/auth/mfa/factors

Authentication

  • Bearer Token Authorization

    JWT access token

Code samples

cURLJavaScriptPythonGo
curl -X GET "https://api.canopy.dev/v1/identity/auth/mfa/factors" \
  -H "Authorization: Bearer $CANOPY_TOKEN"

Responses

200 Returns one row per enrolled TOTP or WebAuthn factor. Secrets and credential public keys are never echoed back. 
{
  "items": [
    {
      "id": "00000000-0000-0000-0000-000000000000",
      "type": "totp",
      "label": "iPhone 15",
      "enrolled_at": "2026-04-20T12:00:00.000Z",
      "last_used_at": "2026-04-20T12:00:00.000Z"
    }
  ]
}

application/json

  • itemsMfaFactorResponseDto[]*
401 Invalid or expired token
403 This token is not authorized for this endpoint (wrong principal type — e.g., admin token on identity-only endpoint, or vice versa)

Returned object

The MfaFactorResponseDto object View all properties on this resource
On this page

Related endpoints

POSTBegin TOTP factor enrollment
POSTComplete TOTP factor enrollment
POSTBegin WebAuthn factor enrollment
POSTComplete WebAuthn factor enrollment
POSTProve a fresh factor to authorise a sensitive MFA mutation
POSTBegin a WebAuthn-backed step-up ceremony
POSTComplete a WebAuthn step-up ceremony
DELETERemove an enrolled MFA factor
POSTRegenerate the identity's single-use recovery codes
GETList the identity's active 'remember this device' records
DELETERevoke every trusted device for the caller
DELETERevoke a single trusted device
Canopy