# Update user’s two-factor authentication settings

Updates user’s two-factor authentication settings. The user must confirm the changes by entering a one-time code.

The workflow of using this call:
1. The user enables or disables two-factor authentication.
2. The application sends the request to the Xsolla Login server.
3. The Xsolla Login server sends the one-time confirmation code to the user and returns the URL of the two-factor authentication page.
4. The application redirects the user to the URL.
5. The user enters the one-time code.
6. New two-factor authentication settings are applied.

You must enable two-factor authentication for the Login project. Contact your Customer Success Manager to enable it.

Endpoint: POST /users/me/mfa
Version: v1
Security: Bearer

## Query parameters:

  - `login_url` (string)
    URL to redirect the user to after account confirmation, successful authentication, two-factor authentication configuration, or password reset confirmation. Must be identical to the Callback URL specified in the URL block of Publisher Account. For the scenario of a login error, the value should be identical to the the Error callback URL specified in the URL block of Publisher Account. To find the settings, go to Login > your Login project and select the Callback URLs section in the upper block. Required if there are several Callback URLs.

## Request fields (application/json):

  - `enabled` (boolean)
    Status of two-factor authentication settings. Set true value for enabling, and false value otherwise.
    Example: true

  - `locale` (string)
    Region in the _ format, where:
* language code: language code in the [ISO 639-1](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes) format;
* country code: country or region code in the [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) format.

  - `mfa_type` (string, required)
    Type of the second factor. You must enable the specified type for the Login project. Contact your Customer Success Manager to set it up.
    Enum: "email"

## Response 401 fields (application/json):

  - `error` (object, required)

  - `error.code` (string, required)
    Error code.
    Example: "003-061"

  - `error.description` (string, required)
    Error description.
    Example: "Object not found."

  - `error.details` (object)
    Additional information.

## Response 422 fields (application/json):

  - `error` (object, required)

  - `error.code` (string, required)
    Error code.
    Example: "003-061"

  - `error.description` (string, required)
    Error description.
    Example: "Object not found."

  - `error.details` (object)
    Additional information.

## Response 429 fields (application/json):

  - `error` (object, required)

  - `error.code` (string, required)
    Error code.
    Example: "003-061"

  - `error.description` (string, required)
    Error description.
    Example: "Object not found."

  - `error.details` (object)
    Additional information.