Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

OneWelcome Identity Platform
- Explore Thales Docs

IDAAS core
User journey orchestration
Consent and preference management
Consent Management v2
- Admin UI guide
- Consent Management v2 APIs
Identity broker
Delegated User Management v2
Externalized authorization
Delegated user management
- Getting started
- Roles
- Rules
- User management
- Self service page
- Data
- APIs
- Apps
- Jobs
- Reports
Risk management
- Essential rules
- Default policies (Essential)
Mobile identity
- Mobile identity - Access component
- Mobile identity - Tulip
Mobile SDK
API references
Release notes and FAQ
Policy-Based Authorization Manager
Integrations
Identity Orchestrator (IO)

All

All

API references

Recovery codes service API references

Please Note:

API references
IDAAS-core APIs - Access component
- Access config API
- Access token customization web hook API
- User details customization hook API
- SAML Authentication Response Web Hook
- Token exchange web hook API
IDAAS core API references - Tulip component
- Credential API
- Dynamic Client Registration (DCR) API
- Event API
- Notification API
- OAuth 2.0 & OpenID Connect API
- Oauth consent API
- OAuth and OIDC Client Registration API
- Reverse Look-Up API
- Session Management API
- SCIM API v1.1 protected with basic authentication
- SCIM API v1.1 protected with fine-grained Oauth2 scopes
- SCIM API v1.1 protected with OAuth2 scopes
- SCIM API v1/v2 protected with basic authentication
- SCIM API v1/v2 protected with fine-grained OAuth2 scopes
- SCIM API v1/v2 protected with OAuth2 scopes (v1/v2)
Consent and preference management API references
- Consent Management API
- Consent configuration API reference
Consent Management v2 API references
- Consent Management v2 Configuration API
- Consent Management v2 Ledger API
- Consent Management v2 Runtime API
Delegated user management API references
- Correlation Layer API
- Onewelcome Delegation
- RITM V1 API
- RITM V2 API
Externalized authorization API references
- Authorization configuration API reference
- Authorization API reference
- Event Stream Config API
- Logs Config API
- Mail configuration API reference
- Mail API reference
- Relationship configuration API reference
- Relationship Management API
Mobile Identity API reference
- OMI API
- OMI Authentication API
FIDO authentication API reference
- Authenticator admin API
- Authenticator assertion API
- Authenticator attestation API
- Authenticator policy admin API
- User admin API
Password Store API references
- Authentication API
- Password Import API
- Password Management API
- Policy Management API
Identity Store API references
- Attribute Value Metadata (AVM) API
- Data Model API
- Identity Management API
TOTP service API references
- TOTP device management API
- TOTP enrollment API
- TOTP import API
- TOTP validation API
B2C helpdesk service API references
- Helpdesk service configuration API
Recovery codes service API references
- Recovery codes API
- Recovery codes configuration API
Credential aggregator service API references
- Credential operations API
- User credentials API
- Credential aggregator management API
Identity Broker API

Was this document helpful? Yes No

Feedback Sent!

If you like, you can provide additional feedback.

OneWelcome Identity Platform
API references
Recovery codes service API references

Recovery codes service API references

The OneWelcome Identity Platform provides the recovery codes service for secure backup authentication. The recovery codes service enables users to recover access to their accounts through single-use recovery codes when primary authentication methods are unavailable. It includes features for code generation, validation with brute force protection, regeneration, import capabilities, and tenant-specific configuration management.

Recovery codes service APIs

The recovery codes service includes the following APIs:

Recovery codes API: Provides endpoints for the following tasks:
- Generate recovery codes: Create a new set of recovery codes for an identity (fails if codes already exist).
- Regenerate recovery codes: Delete existing codes and generate a new set (always succeeds).
- Validate recovery code: Validate and consume a single recovery code with brute force protection and automatic unlocking.
- Import recovery codes: Import plaintext recovery codes for migration from other systems.
- Get recovery code count: Retrieve the number of remaining unused recovery codes for an identity.
- Delete all recovery codes: Remove all recovery codes and brute force protection records for an identity.
Configuration API: Provides endpoints for the following tasks:
- Get recovery code configuration: Retrieve tenant-level configuration including code count, length, max validation attempts, and auto-unlock timeout.
- Update recovery code configuration: Partially update one or more configuration fields for the tenant (PATCH semantics).

Authentication

All Recovery Codes Service API endpoints require OAuth2 Bearer tokens with the appropriate permissions.

On this page

OneWelcome Identity Platform

© Copyright 2019-2026, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Support Contacts
Legal
- End User License Agreement
- Terms of Service

© Copyright 2019-2026, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com