Skip to main content
POST
/
v1
/
b2b
/
recovery_codes
/
recover
C#
// POST /v1/b2b/recovery_codes/recover
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  organization_id: "${organizationId}",
  member_id: "${memberId}",
  recovery_code: "${exampleTotpRecoveryCode}",
};

client.RecoveryCodes.Recover(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });
{
  "request_id": "<string>",
  "member_id": "<string>",
  "member": {
    "organization_id": "<string>",
    "member_id": "<string>",
    "email_address": "<string>",
    "status": "<string>",
    "name": "<string>",
    "sso_registrations": [
      {
        "connection_id": "<string>",
        "external_id": "<string>",
        "registration_id": "<string>",
        "sso_attributes": {}
      }
    ],
    "is_breakglass": true,
    "member_password_id": "<string>",
    "oauth_registrations": [
      {
        "provider_type": "<string>",
        "provider_subject": "<string>",
        "member_oauth_registration_id": "<string>",
        "profile_picture_url": "<string>",
        "locale": "<string>"
      }
    ],
    "email_address_verified": true,
    "mfa_phone_number_verified": true,
    "is_admin": true,
    "totp_registration_id": "<string>",
    "retired_email_addresses": [
      {
        "email_id": "<string>",
        "email_address": "<string>"
      }
    ],
    "is_locked": true,
    "mfa_enrolled": true,
    "mfa_phone_number": "<string>",
    "default_mfa_method": "<string>",
    "roles": [
      {
        "role_id": "<string>",
        "sources": [
          {
            "type": "<string>",
            "details": {}
          }
        ]
      }
    ],
    "trusted_metadata": {},
    "untrusted_metadata": {},
    "created_at": "<string>",
    "updated_at": "<string>",
    "scim_registration": {
      "connection_id": "<string>",
      "registration_id": "<string>",
      "external_id": "<string>",
      "scim_attributes": {
        "user_name": "<string>",
        "id": "<string>",
        "external_id": "<string>",
        "active": true,
        "groups": [
          {
            "value": "<string>",
            "display": "<string>"
          }
        ],
        "display_name": "<string>",
        "nick_name": "<string>",
        "profile_url": "<string>",
        "user_type": "<string>",
        "title": "<string>",
        "preferred_language": "<string>",
        "locale": "<string>",
        "timezone": "<string>",
        "emails": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "phone_numbers": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "addresses": [
          {
            "formatted": "<string>",
            "street_address": "<string>",
            "locality": "<string>",
            "region": "<string>",
            "postal_code": "<string>",
            "country": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "ims": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "photos": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "entitlements": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "roles": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "x509certificates": [
          {
            "value": "<string>",
            "type": "<string>",
            "primary": true
          }
        ],
        "name": {
          "formatted": "<string>",
          "family_name": "<string>",
          "given_name": "<string>",
          "middle_name": "<string>",
          "honorific_prefix": "<string>",
          "honorific_suffix": "<string>"
        },
        "enterprise_extension": {
          "employee_number": "<string>",
          "cost_center": "<string>",
          "division": "<string>",
          "department": "<string>",
          "organization": "<string>",
          "manager": {
            "value": "<string>",
            "ref": "<string>",
            "display_name": "<string>"
          }
        }
      }
    },
    "external_id": "<string>",
    "lock_created_at": "<string>",
    "lock_expires_at": "<string>"
  },
  "organization": {
    "organization_id": "<string>",
    "organization_name": "<string>",
    "organization_logo_url": "<string>",
    "organization_slug": "<string>",
    "sso_jit_provisioning": "<string>",
    "sso_jit_provisioning_allowed_connections": [
      "<string>"
    ],
    "sso_active_connections": [
      {
        "connection_id": "<string>",
        "display_name": "<string>",
        "identity_provider": "<string>"
      }
    ],
    "email_allowed_domains": [
      "<string>"
    ],
    "email_jit_provisioning": "<string>",
    "email_invites": "<string>",
    "auth_methods": "<string>",
    "allowed_auth_methods": [
      "<string>"
    ],
    "mfa_policy": "<string>",
    "rbac_email_implicit_role_assignments": [
      {
        "domain": "<string>",
        "role_id": "<string>"
      }
    ],
    "mfa_methods": "<string>",
    "allowed_mfa_methods": [
      "<string>"
    ],
    "oauth_tenant_jit_provisioning": "<string>",
    "claimed_email_domains": [
      "<string>"
    ],
    "first_party_connected_apps_allowed_type": "<string>",
    "allowed_first_party_connected_apps": [
      "<string>"
    ],
    "third_party_connected_apps_allowed_type": "<string>",
    "allowed_third_party_connected_apps": [
      "<string>"
    ],
    "custom_roles": [
      {
        "role_id": "<string>",
        "description": "<string>",
        "permissions": [
          {
            "resource_id": "<string>",
            "actions": [
              "<string>"
            ]
          }
        ]
      }
    ],
    "trusted_metadata": {},
    "created_at": "<string>",
    "updated_at": "<string>",
    "organization_external_id": "<string>",
    "sso_default_connection_id": "<string>",
    "scim_active_connection": {
      "connection_id": "<string>",
      "display_name": "<string>",
      "bearer_token_last_four": "<string>",
      "bearer_token_expires_at": "<string>"
    },
    "allowed_oauth_tenants": {}
  },
  "session_token": "<string>",
  "session_jwt": "<string>",
  "recovery_codes_remaining": 123,
  "status_code": 123,
  "member_session": {
    "member_session_id": "<string>",
    "member_id": "<string>",
    "started_at": "<string>",
    "last_accessed_at": "<string>",
    "expires_at": "<string>",
    "authentication_factors": [
      {
        "type": "magic_link",
        "delivery_method": "email",
        "last_authenticated_at": "<string>",
        "created_at": "<string>",
        "updated_at": "<string>",
        "email_factor": {
          "email_id": "<string>",
          "email_address": "<string>"
        },
        "phone_number_factor": {
          "phone_id": "<string>",
          "phone_number": "<string>"
        },
        "google_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "microsoft_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "apple_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "webauthn_factor": {
          "webauthn_registration_id": "<string>",
          "domain": "<string>",
          "user_agent": "<string>"
        },
        "authenticator_app_factor": {
          "totp_id": "<string>"
        },
        "github_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "recovery_code_factor": {
          "totp_recovery_code_id": "<string>"
        },
        "facebook_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "crypto_wallet_factor": {
          "crypto_wallet_id": "<string>",
          "crypto_wallet_address": "<string>",
          "crypto_wallet_type": "<string>"
        },
        "amazon_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "bitbucket_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "coinbase_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "discord_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "figma_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "git_lab_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "instagram_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "linked_in_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "shopify_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "slack_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "snapchat_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "spotify_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "steam_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "tik_tok_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "twitch_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "twitter_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "embeddable_magic_link_factor": {
          "embedded_id": "<string>"
        },
        "biometric_factor": {
          "biometric_registration_id": "<string>"
        },
        "saml_sso_factor": {
          "id": "<string>",
          "provider_id": "<string>",
          "external_id": "<string>"
        },
        "oidc_sso_factor": {
          "id": "<string>",
          "provider_id": "<string>",
          "external_id": "<string>"
        },
        "salesforce_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "yahoo_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "hubspot_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "slack_oauth_exchange_factor": {
          "email_id": "<string>"
        },
        "hubspot_oauth_exchange_factor": {
          "email_id": "<string>"
        },
        "github_oauth_exchange_factor": {
          "email_id": "<string>"
        },
        "google_oauth_exchange_factor": {
          "email_id": "<string>"
        },
        "impersonated_factor": {
          "impersonator_id": "<string>",
          "impersonator_email_address": "<string>"
        },
        "oauth_access_token_exchange_factor": {
          "client_id": "<string>"
        },
        "trusted_auth_token_factor": {
          "token_id": "<string>"
        }
      }
    ],
    "organization_id": "<string>",
    "roles": [
      "<string>"
    ],
    "organization_slug": "<string>",
    "custom_claims": {}
  },
  "member_device": {
    "visitor_id": "<string>",
    "visitor_id_details": {
      "is_new": true,
      "first_seen_at": "<string>",
      "last_seen_at": "<string>"
    },
    "ip_address": "<string>",
    "ip_address_details": {
      "is_new": true,
      "first_seen_at": "<string>",
      "last_seen_at": "<string>"
    },
    "ip_geo_city": "<string>",
    "ip_geo_region": "<string>",
    "ip_geo_country": "<string>",
    "ip_geo_country_details": {
      "is_new": true,
      "first_seen_at": "<string>",
      "last_seen_at": "<string>"
    }
  }
}
This consumes the recovery code and returns a session token that can be used to authenticate the .

Authorizations

Authorization
string
header
required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Body

application/json

Request type

organization_id
string
required

Globally unique UUID that identifies a specific Organization. The organization_id is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.

member_id
string
required

Globally unique UUID that identifies a specific Member. The member_id is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.

recovery_code
string
required

The recovery code generated by a secondary MFA method. This code is used to authenticate in place of the secondary MFA method if that method as a backup.

intermediate_session_token
string

The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the OTP SMS Authenticate endpoint, TOTP Authenticate endpoint, or Recovery Codes Recover endpoint to complete an MFA flow and log in to the Organization. The token has a default expiry of 10 minutes. It can also be used with the Exchange Intermediate Session endpoint to join a specific Organization that allows the factors represented by the intermediate session token; or the Create Organization via Discovery endpoint to create a new Organization and Member. Intermediate Session Tokens have a default expiry of 10 minutes.

session_token
string

A secret token for a given Stytch Session.

session_jwt
string

The JSON Web Token (JWT) for a given Stytch Session.

session_duration_minutes
integer<int32>

Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, returning both an opaque session_token and session_jwt for this session. Remember that the session_jwt will have a fixed lifetime of five minutes regardless of the underlying session duration, and will need to be refreshed over time.

This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).

If a session_token or session_jwt is provided then a successful authentication will continue to extend the session this many minutes.

If the session_duration_minutes parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want to use the Stytch session product, you can ignore the session fields in the response.

session_custom_claims
object

Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in session_duration_minutes. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (iss, sub, aud, exp, nbf, iat, jti) will be ignored. Total custom claims size cannot exceed four kilobytes.

telemetry_id
string

If the telemetry_id is passed, as part of this request, Stytch will call the Fingerprint Lookup API and store the associated fingerprints and IPGEO information for the Member. Your workspace must be enabled for Device Fingerprinting to use this feature.

Response

Successful response

request_id
string
required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

member_id
string
required

Globally unique UUID that identifies a specific Member.

member
object
required
organization
object
required
session_token
string
required

A secret token for a given Stytch Session.

session_jwt
string
required

The JSON Web Token (JWT) for a given Stytch Session.

recovery_codes_remaining
integer<int32>
required

The number of recovery codes remaining for a Member.

status_code
integer<int32>
required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

member_session
object
member_device
object

If a valid telemetry_id was passed in the request and the Fingerprint Lookup API returned results, the member_device response field will contain information about the member's device attributes.