> ## Documentation Index > Fetch the complete documentation index at: https://docs.dintero.com/llms.txt > Use this file to discover all available pages before exploring further. ## Submitting Feedback If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback: POST https://docs.dintero.com/feedback ```json { "path": "/api-reference/password/mfa-recovery", "feedback": "Description of the issue" } ``` Only submit feedback when you have something specific and actionable to report. # MFA recovery > Initiate a Multi-Factor Authentication recovery login for a customer user that has forgotten/lost their `secret`. Specify the ident_type and the ident (email or phone_number) of the user. If the call is successful, the user will get an email with an one time recovery code that has to be submitted to the mfa_recovery endpoint. When a valid one time recovery has been posted the server response with a regular MFA challenge. Once authenticated the password or pin can be changed by updating the customer. scopes: - write:accounts:/auth/users ## OpenAPI ````yaml /mintlify-docs/openapi/spec-customers.yaml post /accounts/{aid}/customers/mfa_login_recovery openapi: 3.0.0 info: title: Customers API description: > API for managing customers # Changelog All notable changes to the API. ## 2026-02-13 > **new**: Add endpoint for searching organization subunits (branches). > Extended organization search to include `underenheter` (subunits) information in the response. > Currently supports Norway (`no`) organization lookups. > - [GET /search/external/organizations/{country}/{organization_number}/subunits](#operation/aid_get_external_organization_subunits) > - [GET /search/external/organizations/{country}/{organization_number}](#operation/aid_get_external_organizations) ## 2025-07-01 > **new**: Extend `marketing_consent` for customer user to support custom consents > - [POST /customers/users](#operation/aid_customers_post) ## 2024-09-01 > **new**: Make country parameter dynamic and add support for Denmark. > - [GET /search/external/organizations/no (renamed to GET /search/external/organizations/{country})](#operation/aid_search_external_organizations_country) ## 2024-03-01 > **doc**: Improve description for customer `enrolled_by` type, add > examples > - [POST /customers/users](#operation/aid_customers_post) ## 2023-10-01 > **new**: Support new customer type `contact`. A user contact can be > linked with users and a search matching a contact will match its > linked users > - [POST /customers/users](#operation/aid_customers_post) > - [PUT /customers/users/{customer_id}](#operation/aid_customers_cid_put) > - [GET /v1/accounts/{aid}/customers/users?type=contact](#operation/aid_customers_get) ## 2023-09-01 > **new**: Add endpoint for validating a given address and returning close matching alternatives if found. > - [POST /v1/accounts/{aid}/search/external/address/{country}/validate](#operation/aid_search_external_validate_address) ## 2020-12-01 > Add endpoint for getting multiple addresses for given organization number. > - [GET /search/external/organizations/{country}/{organization_number}](#operation/aid_get_external_organizations) ## 2021-10-01 > Support multiple users sharing the same `phone_number`. Use the new `users.phone_number_validation.allow_duplicates` option to control the unique phone_number constraint on users > - [PUT /customers/settings](http://localhost:8080/#operation/aid_customers_atributes_put) ## 2021-03-01 > Support new [customer](customer) type `other`. > - [POST /customers/users](#operation/aid_customers_post) > - [PUT /customers/users/{customer_id}](#operation/aid_customers_cid_put) ## 2021-02-01 > Extend customer `enrolled_by.type` to allow any string value, not just `url`, > `store` and `custom`. > > - [POST /v1/accounts/{aid}/customers/users](#operation/aid_customers_post) > - [PUT /v1/accounts/{aid}/customers/users/{customer_id}](#operation/aid_customers_cid_put) > Add support for removing customer terms and `include_deleted` when getting > list of all terms. > > - [DELETE /v1/accounts/{aid}/customers/terms/{tid}](#operation/aid_customers_terms_tid_delete) > - [GET /v1/accounts/{aid}/customers/terms/{tid}](#operation/aid_customers_terms_get) ## 2021-01-01 > Add support for limited access to customer > details with `user:customers:/customer/details` > - [GET /v1/accounts/{aid}/customers/users/{customer_id}](#operation/aid_customers_cid_get) > > Add support for logging on without MFA even if configured with MFA > - [GET /v1/accounts/{aid}/customers/login](#operation/aid_customers_login_post) ## 2020-12-01 > **new** Support filter users with `type` query parameter. > - [GET /v1/accounts/{aid}/customers/users?type=company](#operation/aid_customers_get) ## 2020-11-01 > **new** Support filter user tokens with `include_deleted` query parameter. > - [GET /v1/accounts/{aid}/customers/users/{cid}/tokens?include_deleted=false](#operation/aid_customers_cid_tokens_get) > **new** Support filter and search on sales locations > - [GET /v1/accounts/{aid}/locations](#operation/aid_locations_get) > **new** Extend SalesLocation with `address.latitude`, `address.longitude`, > `chain`, `mcc`, `gln` and `franchise`. The `account_id` will be included > in any SalesLocation responses. > - [GET /v1/accounts/{aid}/locations](#operation/aid_locations_get) ## 2020-05-01 > Add setting for require verification when updating user phone_number. Prevent > all update of user phone_number without completing a verification via SMS. > - [PUT /customers/settings](http://localhost:8080/#operation/aid_customers_atributes_put) ## 2020-04-01 > Adds proxy to enhetsregisteret. > - [GET /search/external/organizations/no/?name=dintero](#operation/aid_search_external_organizations_no) ## 2020-03-10 > Add support for `attributes_keys` and `attributes_values` query > parameters for filtering customer users > - [GET /customers/users?attributes_keys=key&attributes_values=value](#operation/aid_customers_get) ## 2020-02-28 > Add support for enabling automatic tokens when phone numbers or emails change > - [PUT /customers/settings]((#operation/aid_customers_atributes_put) ## 2019-09-31 > Extends settings with support for configuring > users `customer_id_format`. > - [PUT /customers/settings](#operation/aid_customers_atributes_put) > Extends the TokenEvent definition with `expires_at > read only property. > Extends settings with support for configuring > token events expiry > - [PUT /customers/settings](#operation/aid_customers_atributes_put) ## 2019-07-31 > Extend user Address, add support for `latitude`, > `longitude` and `comment` properties. > - [POST /customers/users](#operation/aid_customers_post) > - [PUT /customers/users/{customer_id}](#operation/aid_customers_cid_put) ## 2019-07-31 > Add new endpoint for deleting a tag > - [DELETE /customers/tags/{tag_id}](#operation/aid_customers_tags_tid_delete) ## 2019-06-31 > The scope required for accessing endpoint has changed, > we will continue to support the old scopes but they was removed from > the documentation ## 2019-05-31 > Make type and company property optional when updating > a customer user > - [PUT /customers/users/{customer_id}](#operation/aid_customers_cid_put) ## 2019-01-31 > Support new customer type `employee`. > - [POST /customers/users](#operation/aid_customers_post) > - [PUT /customers/users/{customer_id}](#operation/aid_customers_cid_put) ## 2018-06-04 > Adding tokens to deleted customers will > now fail with BAD_REQUEST. > - [POST /customers/users/{customer_id}/tokens](#operation/aid_customers_cid_tokens_post) > Duplication control of `customer.email` is now > case insensitive. email case will be ignore on Search and login. > Add support for query parameter > `total` on GET user/token lists. Includes a `total-count` > header in the response when enabled.. > - [GET /customers/users/{customer_id}/tokens](#operation/aid_customers_cid_tokens_get) ## 2018-04-11 > Add support for `delete_token_events` parameter when > creating > - [POST /customers/users/{customer_id}/tokens](#operation/aid_customers_cid_tokens_post) > Add support for filtering token events by `since_datetime`. > - [GET /customers/tokens/events](#operation/aid_customers_tokens_events_get) > Delete customer and all tokens owed by the customer in one > request when using `delete_tokens` query parameter. > - [DELETE /customers/users/{customer_id}](#operation/aid_customers_cid_delete) > Token event status. The status in response will now be set > to `customer.status` if a customer with status is included > in the response. > - [POST /customers/tokens/events](#operation/aid_customers_tokens_events_post) ## 2018-02-15 > Add minimum length for token token_id/type/value > - [POST /customers/tokens/events](#operation/aid_customers_tokens_events_post) > - [DELETE /customers/tokens/events](#operation/aid_customers_tokens_events_delete) > - [POST /customers/users/uid/tokens](#operation/aid_customers_cid_tokens_post) > Add endpoint for GET/DELETE token events > - [DELETE /customers/tokens/events](#operation/aid_customers_tokens_events_delete) > - [GET /customers/tokens/events](#operation/aid_customers_tokens_events_get) ## 2018-02-02 > Add `type` property to the customer. > Support multiple customer types, add support for Company type for > additional properties > Move endpoints for retrieving/updating token (events), > use one endpoint for both retrieving and updating details about a token > - [POST /customers/tokens/events](#operation/aid_customers_tokens_events_post) contact: name: API Integration Support email: integration@dintero.com version: LATEST license: name: UNLICENSED url: https://dintero.com servers: - url: https://api.dintero.com/v1 security: - JWT: [] paths: /accounts/{aid}/customers/mfa_login_recovery: post: tags: - password summary: MFA recovery description: > Initiate a Multi-Factor Authentication recovery login for a customer user that has forgotten/lost their `secret`. Specify the ident_type and the ident (email or phone_number) of the user. If the call is successful, the user will get an email with an one time recovery code that has to be submitted to the mfa_recovery endpoint. When a valid one time recovery has been posted the server response with a regular MFA challenge. Once authenticated the password or pin can be changed by updating the customer. scopes: - write:accounts:/auth/users operationId: aid_customers_mfa_login_initiate_recovery_post parameters: - $ref: '#/components/parameters/accountId' requestBody: content: application/json: schema: $ref: '#/components/schemas/MFAAuth' required: true responses: '200': description: Recovery MFA challenge content: application/json: schema: $ref: >- #/components/schemas/MultiFactorAuthenticationRecoveryChallenge '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/AccessForbidden' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/ServerError' security: - JWT: [] components: parameters: accountId: name: aid description: | An id that uniquely identifies the account. in: path required: true schema: type: string format: ^[PT]{1}\d{8}$ minLength: 9 maxLength: 9 schemas: MFAAuth: type: object required: - audience - ident_type - ident - type properties: ident_type: type: string enum: - phone_number - email ident: type: string description: | Email or phone_number, depending on the `ident_type`. audience: type: string description: | The unique identifier of the target API you want to access. The audience must be a grant associated with the client used when calling this resource. type: type: string enum: - customer - company description: | user type to login, required as users with different type can share email MultiFactorAuthenticationRecoveryChallenge: type: object required: - links - mfa_token - oob_code - challenge_type properties: links: type: array items: type: object required: - rel - href properties: rel: type: string enum: - mfa_oob href: type: string binding_method: type: string enum: - prompt oob_code: type: string example: bkaiew...akas mfa_token: type: string challenge_type: description: > MFA challenge types - `oob` (out of band) means that the user will get an out of band message containing a `recovery_code` that will have to be submitted along with the `recovery_token` when answering the MFA recovery challenge. type: string enum: - oob Error: type: object required: - error properties: error: type: object required: - message properties: code: type: string description: The code used to identify the error/warning errors: type: array description: The nested error(s) encountered during validation items: type: object message: type: string description: The human readable description of the error/warning responses: BadRequest: description: Bad / Invalid request content: application/json: schema: $ref: '#/components/schemas/Error' AccessForbidden: description: Access forbidden, invalid JWT token was used content: application/json: schema: $ref: '#/components/schemas/Error' Forbidden: description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Error' ServerError: description: Unexpected Error content: application/json: schema: $ref: '#/components/schemas/Error' securitySchemes: JWT: type: http description: > Bearer authentication (token authentication) should be used for accessing the API. Use [Get Token](https://docs.dintero.com/api.html#operation/aid_auths_oauth_token_post) to get an access token for client credentials. Pass the token in the request header: Authorization: Bearer {access_token} where the **access_token** is JSON Web Tokens (JWT). scheme: bearer bearerFormat: JWT ````