---
title: Revoke TOTP Shared Secret
description: The revoke TOTP shared secret extended operation can be used to revoke one or more shared secrets for a user so that time-based one-time passwords (TOTP) generated with those secrets can no longer be used to authenticate.
component: pingdirectory
page_id: pingdirectory:directory:extended-operations/revoke-totp-shared-secret
canonical_url: https://developer.pingidentity.com/pingdirectory/directory/extended-operations/revoke-totp-shared-secret.html
---

# Revoke TOTP Shared Secret

The revoke TOTP shared secret extended operation can be used to revoke one or more shared secrets for a user so that time-based one-time passwords (TOTP) generated with those secrets can no longer be used to authenticate.

The request body is a JSON object with the following fields:

* `staticPassword`

  An optional string field whose value is the static password for the user. If this is provided, then the POST request will not require an `Authorization` header, as the request will be authorized as the end user. If this is absent, then the request must have an `Authorization` header, and its associated identity will be used to authorize the request.

* `totpSharedSecret`

  An optional string field whose value should be the base32-encoded representation of the TOTP shared secret to revoke. If this is absent, then all of the user's TOTP shared secrets will be revoked.

The response body is a JSON object with the following fields:

* `resultCode`

  A mandatory JSON object that contains the following fields:

  * `value` — The integer value for the LDAP result code. This is required.

  * `name` — A name for the LDAP result code. This is optional but recommended.

* `diagnosticMessage`

  An optional string field that holds a human-readable message with additional information about the operation.