PingDirectory API Reference

Revoke TOTP Shared Secret

The revoke TOTP shared secret extended operation can be used to revoke one or more shared secrets for a user so that time-based one-time passwords (TOTP) generated with those secrets can no longer be used to authenticate.

The request body is a JSON object with the following fields:

  • staticPassword

    An optional string field whose value is the static password for the user. If this is provided, then the POST request will not require an Authorization header, as the request will be authorized as the end user. If this is absent, then the request must have an Authorization header, and its associated identity will be used to authorize the request.

  • totpSharedSecret

    An optional string field whose value should be the base32-encoded representation of the TOTP shared secret to revoke. If this is absent, then all of the user’s TOTP shared secrets will be revoked.

The response body is a JSON object with the following fields:

  • resultCode

    A mandatory JSON object that contains the following fields:

    • value — The integer value for the LDAP result code. This is required.

    • name — A name for the LDAP result code. This is optional but recommended.

  • diagnosticMessage

    An optional string field that holds a human-readable message with additional information about the operation.