--- title: "Step 5: Pair authenticator app" component: pingone-api page_id: pingone-api:workflow-library:pingone-mfa/login-with-an-authenticator-app/configure-your-test-user/step-13-set-user-device-totp canonical_url: https://developer.pingidentity.com/pingone-api/workflow-library/pingone-mfa/login-with-an-authenticator-app/configure-your-test-user/step-13-set-user-device-totp.html section_ids: headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Step 5: Pair authenticator app ##     ```none POST {{apiPath}}/v1/environments/{{envID}}/users/{{mfaUserID}}/devices ``` The `POST {{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/devices` operation creates an MFA device and associates this device with the specified user. The user must have an associated device to complete an MFA authentication action. This use case defines an authenticator app so that the user can receive a one-time passcode (OTP) through the app. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | **Important:** To complete this step, your environment's MFA device authentication policy must have the `Authenticator App (TOTP)` authentication method enabled. The PingOne default device authentication policy sets this method to `false`. To update your device authentication policy, refer to [Device Authentication Policies](../../../../mfa/device-authentication-policy.html). | ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "type": "TOTP" } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/users/{{mfaUserID}}/devices' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "type": "TOTP" }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/users/{{mfaUserID}}/devices") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""type"": ""TOTP""" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/users/{{mfaUserID}}/devices" method := "POST" payload := strings.NewReader(`{ "type": "TOTP" }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/users/{{mfaUserID}}/devices HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "type": "TOTP" } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"type\": \"TOTP\"\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/users/{{mfaUserID}}/devices") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/users/{{mfaUserID}}/devices", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "type": "TOTP" }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/users/{{mfaUserID}}/devices', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "type": "TOTP" }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/users/{{mfaUserID}}/devices" payload = json.dumps({ "type": "TOTP" }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/users/{{mfaUserID}}/devices'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "type": "TOTP"\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/users/{{mfaUserID}}/devices") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "type": "TOTP" }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"type\": \"TOTP\"\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/users/{{mfaUserID}}/devices")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/73f13e7b-5c1d-484d-823b-f1e6f0c9a231/devices/1c41a471-3195-4edf-90fd-f9283028ab1a" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "user": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/73f13e7b-5c1d-484d-823b-f1e6f0c9a231" }, "device.activate": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/73f13e7b-5c1d-484d-823b-f1e6f0c9a231/devices/1c41a471-3195-4edf-90fd-f9283028ab1a" } }, "id": "1c41a471-3195-4edf-90fd-f9283028ab1a", "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "user": { "id": "73f13e7b-5c1d-484d-823b-f1e6f0c9a231" }, "type": "TOTP", "status": "ACTIVATION_REQUIRED", "createdAt": "2026-04-22T22:00:35.252Z", "updatedAt": "2026-04-22T22:00:35.252Z", "secret": "D7RKLTNV4OCOBO2SKNKFLRYC4LO3IF35", "keyUri": "otpauth://totp/johnbudz@pingidentity.com?secret=D7RKLTNV4OCOBO2SKNKFLRYC4LO3IF35" } ```