TeamCity REST API Reference 2022.10 Help

Manage Two-Factor Authentication

To manage two-factor authentication on your TeamCity server, use the following endpoints:

  • /2FA/setup — returns a new secret key, the set of recovery keys, and the UUID for the unconfirmed lookup of secret keys.

  • /2FA/{userLocator}/disable — disable 2FA for a given user; can be used by the user themselves of by the administrator.

  • /2FA/confirm — takes the UUID and password as parameters, looks up the unconfirmed secret key by the provided UUID. After that, the TOTP 6-digit password for this key is generated. If the password parameter is correct, the secret key is confirmed and 2FA is enabled.

  • /2FA/newRecoveryKeys — generates, sets, and returns new recovery keys for a user with active 2FA. Format of recovery keys: [0-9a-f]{6}-[0-9a-f]{6}.

  • /2FA/refreshGracePeriod — refreshes the period when a user can sign in without enabled 2FA. The period is managed by the teamcity.auth.2fa.grace.period property; the default value is 1 week.

Note that these endpoints accept only authentication via access tokens.

Last modified: 30 November 2022