TOTP API
Enrollment
Section titled “Enrollment”POST /totp/enrollReturns { otpauth_uri } for QR code generation. Requires valid cc_access cookie.
POST /totp/enroll/verifyBody: { "code": "123456" }Confirms enrollment with first TOTP code. Returns { recovery_codes: [...] }.
Challenge
Section titled “Challenge”POST /totp/verifyBody: { "code": "123456" }Verifies a TOTP code and sets a cc_sid session cookie (24h TTL). Used when accessing TOTP-required sections or during auth pheromone lockdown.
Status
Section titled “Status”GET /totp/statusReturns enrollment status for the current token holder.
Recovery
Section titled “Recovery”POST /totp/recoveryBody: { "code": "abcd-efgh-ijkl" }Uses a one-time recovery code to bypass TOTP. Rate-limited to 3 attempts per 15 minutes.