/
Contact usSee pricingStart building
    Overview
    iOS SDK reference
    Android SDK reference

    React Native SDK reference

    Installation
    Changelog
    Organizations
      Get Organization
      Get Organization by Slug
      Update Organization
      Delete Organization
    Members
      Get Member
      Create Member
      Update Member
      Search Members
      Delete Member
      Reactivate Member
      Delete Member Password
      Delete Member MFA Phone Number
      Delete Member MFA TOTP
      Unlink Retired Member Email
      Start Member Email Update
      Update Self
      Delete Self Password
      Delete Self MFA Phone Number
      Delete Self MFA TOTP
      Unlink Retired Self Email
      Start Self Email Update
      Update Member (Deprecated)
      Delete Member MFA Phone Number (Deprecated)
    RBAC
      Is Authorized
      Permissions
    Email Magic Links
      Login or Signup
      Invite
      Authenticate
      Send Discovery Email
      Authenticate Discovery Magic Link
    Session Management
      Get Session
      Authenticate Session
      Revoke Session
      Exchange Session
      Get Tokens
      Revoke Sessions for Member
    SSO
      Start SSO Flow
      Authenticate
      Get SSO Connections
      Delete SSO Connection
      Create SAML Connection
      Update SAML Connection
      Update SAML Connection by Metadata URL
      Delete Verification Certificate
      Create OIDC Connection
      Update OIDC Connection
      Create External Connection
      Update External Connection
    Discovery
      List Discovered Organizations
      Create Organization via Discovery
      Exchange Intermediate Session
    Passwords
      Authenticate
      Reset by Email Start
      Reset by Email
      Reset by Existing Password
      Reset by Session
      Strength Check
    SCIM
      Create SCIM Connection
      Update SCIM Connection
      Delete SCIM Connection
      Get SCIM Connection
      Rotate SCIM Token Start
      Rotate SCIM Token Complete
      Rotate SCIM Token Cancel
    Multi-factor Authentication

    • One-Time Passcodes

        • SMS Send
        SMS Authenticate

    • Time-Based One-Time Passcodes

        • TOTP Create
        TOTP Authenticate

    • Recovery Codes

        • Recovery Codes Recover
        Rotate Recovery Codes
        Get Recovery Codes
    Pre-built UI
      UI Configuration
    Device Fingerprinting
      Get telemetry ID
    More Resources
      SWR & caching
      Deep linking
      Android KeyStore considerations
Get support on SlackVisit our developer forum

Contact us

B2B SaaS Authentication

/

Mobile SDKs

/

React Native SDK reference

/

Multi-factor Authentication

/

Time-Based One-Time Passcodes

/

TOTP Create

TOTP Create

The TOTP Create method wraps the create endpoint. Call this method to create a TOTP registration on an existing Member.

Method parameters

organization_id* string

Globally unique UUID that identifies a specific Organization. The organization_id is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.

member_id* string

Globally unique UUID that identifies a specific Member. The member_id is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.

expiration_minutes int

The expiration for the TOTP registration. If the newly created TOTP registration is not authenticated within this time frame the member will have to restart the registration flow. Defaults to 60 (1 hour) with a minimum of 5 and a maximum of 1440.

Response fields

request_id string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code int

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

secret string

The TOTP secret key shared between the authenticator app and the server used to generate TOTP codes.

totp_registration_id string

The unique ID for a TOTP instance.

qr_code string

The QR code image encoded in base64.

recovery_codes array[strings]

An array of recovery codes that can be used to recover a Member's account.

member_id string

Globally unique UUID that identifies a specific Member.

member object

The Member object

organization_id string

Globally unique UUID that identifies a specific Organization. The organization_id is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.

member_id string

Globally unique UUID that identifies a specific Member. The member_id is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.

external_id string

The ID of the member given by the identity provider.

email_address string

The email address of the Member.

email_address_verified boolean

Whether or not the Member's email address is verified.

status string

The status of the Member. The possible values are: pending, invited, active, or deleted.

name string

The name of the Member.

sso_registrations array[objects]

An array of registered SAML Connection or OIDC Connection objects the Member has authenticated with.

connection_id string

Globally unique UUID that identifies a specific SSO connection_id for a Member.

registration_id string

The unique ID of an SSO Registration.

external_id string

The ID of the member given by the identity provider.

sso_attributes object

An object for storing SSO attributes brought over from the identity provider.

scim_registration object

A scim member registration, referencing a SCIM Connection object in use for the Member creation.

connection_id string

The ID of the SCIM connection.

registration_id string

The unique ID of a SCIM Registration.

external_id string

The ID of the member given by the identity provider.

scim_attributes object

An object for storing SCIM attributes brought over from the identity provider.

is_breakglass boolean

Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the Organization object and its auth_methods and allowed_auth_methods fields for more details.

member_password_id string

Globally unique UUID that identifies a Member's password.

oauth_registrations array[object]

A list of OAuth registrations for this member.

provider_type string

Denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Microsoft, GitHub etc.

provider_subject string

The unique identifier for the User within a given OAuth provider. Also commonly called the sub or "Subject field" in OAuth protocols.

profile_picture_url string

If available, the profile_picture_url is a URL of the User's profile picture set in OAuth identity the provider that the User has authenticated with, e.g. Google profile picture.

locale string

If available, the locale is the Member's locale set in the OAuth identity provider that the user has authenticated with.

member_oauth_registration_id string

The unique ID of an OAuth registration.

mfa_enrolled boolean

Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to REQUIRED_FOR_ALL.

mfa_phone_number string

The Member's phone number. A Member may only have one phone number. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX).

mfa_phone_number_verified boolean

Whether or not the Member's phone number is verified.

retired_email_addresses array[object]

A list of retired email addresses for this member. A previously active email address can be marked as retired in one of two ways:

  • It's replaced with a new primary email address during an explicit Member update.
  • A new email address is surfaced by an OAuth, SAML or OIDC provider. In this case the new email address becomes the Member's primary email address and the old primary email address is retired.

A retired email address cannot be used by other Members in the same Organization. However, unlinking retired email addresses allows them to be subsequently re-used by other Organization Members. Retired email addresses can be unlinked using the Unlink Retired Email endpoint.

email_id string

The globally unique UUID of a Member's email.

email_address string

The email address of the Member.

trusted_metadata object

An arbitrary JSON object for storing application-specific data or identity-provider-specific data.

untrusted_metadata object

An arbitrary JSON object of application-specific data. These fields can be edited directly by the frontend SDK, and should not be used to store critical information. See the Metadata resource for complete field behavior details.

roles array[objects]

Explicit or implicit Roles assigned to this Member, along with details about the role assignment source. See the RBAC guide for more information about role assignment.

role_id string

The unique identifier of the RBAC Role, provided by the developer and intended to be human-readable.

Reserved role_ids that are predefined by Stytch include:

  • stytch_member
  • stytch_admin

Check out the guide on Stytch default Roles for a more detailed explanation.

sources array[objects]

A list of sources for this role assignment. A role assignment can come from multiple sources - for example, the Role could be both explicitly assigned and implicitly granted from the Member's email domain.

type string

The type of role assignment. The possible values are: direct_assignment – an explicitly assigned Role.

Directly assigned roles can be updated by passing in the roles argument to the Update Member endpoint. email_assignment – an implicit Role granted by the Member's email domain, regardless of their login method.

Email implicit role assignments can be updated by passing in the rbac_email_implicit_role_assignments argument to the Update Organization endpoint. sso_connection – an implicit Role granted by the Member's SSO connection. This is currently only available for SAML connections and not for OIDC. If the Member has a SAML Member registration with the given connection, this role assignment will appear in the list. However, for authorization check purposes (in sessions authenticate or in any endpoint that enforces RBAC with session headers), the Member will only be granted the Role if their session contains an authentication factor with the specified SAML connection.

SAML connection implicit role assignments can be updated by passing in the saml_connection_implicit_role_assignments argument to the Update SAML connection endpoint. sso_connection_group – an implicit Role granted by the Member's SSO connection and group. This is currently only available for SAML connections and not for OIDC. If the Member has a SAML Member registration with the given connection, and belongs to a specific group within the IdP, this role assignment will appear in the list. However, for authorization check purposes (in sessions authenticate or in any endpoint that enforces RBAC with session headers), the Member will only be granted the role if their session contains an authentication factor with the specified SAML connection.

SAML group implicit role assignments can be updated by passing in the saml_group_implicit_role_assignments argument to the Update SAML connection endpoint.

scim_connection_group – an implicit Role granted by the Member's SCIM connection and group. If the Member has a SCIM Member registration with the given connection, and belongs to a specific group within the IdP, this role assignment will appear in the list.

SCIM group implicit role assignments can be updated by passing in the scim_group_implicit_role_assignments argument to the Update SCIM connection endpoint.

details object

An object containing additional metadata about the source assignment. The fields will vary depending on the role assignment type as follows: direct_assignment – no additional details. email_assignment – will contain the email domain that granted the assignment. sso_connection – will contain the connection_id of the SAML connection that granted the assignment. sso_connection_group – will contain the connection_id of the SAML connection and the name of the group that granted the assignment. scim_connection_group – will contain the connection_id of the SAML connection and the group_id that granted the assignment.

is_admin boolean

Whether or not the Member has the stytch_admin Role. This Role is automatically granted to Members who create an Organization through the discovery flow. See the RBAC guide for more details on this Role.

created_at string

The timestamp of the Member's creation. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

updated_at string

The timestamp of when the Member was last updated. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

import React, { useCallback } from 'react';
import { Text, TouchableOpacity, View } from 'react-native';
import { useStytchB2BClient } from '@stytch/react/b2b';

export const Create = () => {
  const stytch = useStytchB2BClient();
  const createTOTP = useCallback(() => {
    stytch.totp.create({
      member_id: 'member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f',
      organization_id: 'organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931',
    });
  }, [stytch]);
  return (
    <View>
      <TouchableOpacity onPress={createTOTP}>
        <Text>Create TOTP</Text>
      </TouchableOpacity>
    </View>
  );
};
RESPONSE 200
200
​
{
    "status_code": 200,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "secret": "BTGNX5RKJRMQWQFRQKTG34JCF6XDRHZS",
    "totp_id": "totp-test-41920359-8bbb-4fe8-8fa3-aaa83f35f02c",
    "qr_code": "data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAMgAAADIEAAAAADYoy0BAAAG8ElEQVR...8EAAD//7dQP/5Y00bRAAAAAElFTkSuQmCC",
    "recovery_codes": [
      "ckss-2skx-ebow",
      "spbc-424h-usy0",
      "hi08-n5tk-lns5",
      "1n6i-l5na-8axe",
      "aduj-eufq-w6yy",
      "i4l3-dxyt-urmx",
      "ayyi-utb0-gj0s",
      "lz0m-02bi-psbx",
      "l2qm-zrk1-8ujs",
      "c2qd-k7m4-ifmc"
    ]
    "member_id": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
    "member": {...},
}
RESPONSE 401
200
​
{
  "status_code": 401,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "unauthorized_credentials",
  "error_message": "Unauthorized credentials.",
  "error_url": "https://stytch.com/docs/api/errors/401"
}
RESPONSE 403
200
​
{
  "status_code": 403,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "session_authorization_error",
  "error_message": "The Member is not authorized to perform the requested action on that resource.",
  "error_url": "https://stytch.com/docs/api/errors/403"
}
RESPONSE 429
200
​
{
  "status_code": 429,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "too_many_requests",
  "error_message": "Too many requests have been made.",
  "error_url": "https://stytch.com/docs/api/errors/429"
}
RESPONSE 500
200
​
{
  "status_code": 500,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "internal_server_error",
  "error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
  "error_url": "https://stytch.com/docs/api/errors/500"
}