Disable TOTP
POST /v1/security/totp/disable — Turns TOTP off without removing the device binding. Requires both a fresh TOTP code AND a fresh email verification code
POST /v1/security/totp/disable
Turns TOTP off without removing the device binding. Requires both a fresh TOTP code AND a fresh email verification code so a stolen authenticator alone cannot disable 2FA.
| Method | POST |
| Path | /v1/security/totp/disable |
| Auth | Authorization: Bearer <token> required when GATEWAY_AUTH_TOKEN is set |
| Category | auth |