Request a new MFA code for the current challenge

curl --request POST \
  --url https://pria.praxislxp.com/api/auth/mfa-resend \
  --header 'Content-Type: application/json' \
  --data '
{
  "challengeId": "65f2c9a1d8e4b3c5a1234567"
}
'

{
  "success": true,
  "challengeId": "65f2cabe1234e5f6a8765432",
  "maskedEmail": "hu***@praxis-ai.com"
}

Authentication

Request a new MFA code for the current challenge

Invalidates the current challenge and issues a fresh one with the same loginContext (so the verify step still lands you in the same branding / institution context). The new challenge has its own 5-min TTL and its own 5-attempt cap.

Cooldown: the previous challenge must be at least 30 seconds old before a Resend is allowed — prevents email-bombing.

Resend-driven invalidations (where the user never submitted a wrong code) do NOT count toward the per-account 5-burned-codes-in-1h lockout cap.

POST

api

auth

mfa-resend

Request a new MFA code for the current challenge

curl --request POST \
  --url https://pria.praxislxp.com/api/auth/mfa-resend \
  --header 'Content-Type: application/json' \
  --data '
{
  "challengeId": "65f2c9a1d8e4b3c5a1234567"
}
'

{
  "success": true,
  "challengeId": "65f2cabe1234e5f6a8765432",
  "maskedEmail": "hu***@praxis-ai.com"
}

Body

application/json

challengeId

string

required

Opaque server-issued challenge identifier.

Example:

"65f2c9a1d8e4b3c5a1234567"

Response

New code emailed; client must use the newly-returned challengeId for subsequent verify / resend / cancel calls.

success

boolean

Example:

true

challengeId

string

Identifier of the freshly-issued challenge. The prior challenge is invalidated; future verify / resend / cancel calls must use this new id.

Example:

"65f2cabe1234e5f6a8765432"

maskedEmail

string

Example:

"hu***@praxis-ai.com"

Submit a 6-digit MFA code to complete login Abandon the current MFA challenge (user clicked Cancel)