1. Docs
  2. API Reference
  3. MfaStepUpResponseDto

The MfaStepUpResponseDto object

Example 

{
  "step_up_token": "string",
  "expires_at": "2026-04-20T12:00:00.000Z"
}

Properties

  • step_up_tokenstring*

    Opaque sealed token (AES-256-GCM, base64url). Pass back on the next mutation via the `X-Mfa-Step-Up-Token` header. Valid for 5 minutes.

  • expires_atstring (date-time)*

    After this timestamp the token is rejected and the caller must POST /mfa/step-up again.

Canopy