MATIH Platform is in active MVP development. Documentation reflects current implementation status.
6. Identity & Access Management
Multi-Factor Authentication
Email MFA

Email MFA

Production - POST /api/v1/mfa/email/enroll, POST /api/v1/mfa/email/verify, POST /api/v1/mfa/email/resend

Email MFA sends a verification code to the user's registered email address. Unlike SMS, this method does not require additional contact information since it uses the email already on file.

6.3.4Email MFA Enrollment

Initiate Enrollment

curl -X POST http://localhost:8081/api/v1/mfa/email/enroll \
  -H "Authorization: Bearer <access-token>"

Response (200 OK)

{
  "maskedEmail": "j***e@example.com",
  "codeSent": true,
  "expiresInSeconds": 300,
  "retryAfterSeconds": 60
}

Complete Enrollment

curl -X POST http://localhost:8081/api/v1/mfa/email/verify \
  -H "Authorization: Bearer <access-token>" \
  -H "Content-Type: application/json" \
  -d '{ "code": "749215" }'

Returns backup codes on success.

Resend Code

curl -X POST http://localhost:8081/api/v1/mfa/email/resend \
  -H "Authorization: Bearer <access-token>"

Disable Email MFA

curl -X DELETE http://localhost:8081/api/v1/mfa/email \
  -H "Authorization: Bearer <access-token>"

Error Codes

CodeHTTP StatusDescription
EMAIL_MFA_ALREADY_CONFIGURED400Email MFA is already enrolled
EMAIL_RATE_LIMITED429Code resend rate limit exceeded
MFA_INVALID_CODE400Verification code is incorrect
SMS VerificationBackup Codes