Skip to main content
POST
/
api
/
me
/
withdrawal-security
/
totp
/
disable
Disable 2FA
curl --request POST \
  --url https://core.api.dev.predictstreet.sde.adifoundation.ai/api/me/withdrawal-security/totp/disable \
  --header 'Content-Type: application/json' \
  --header 'X-Api-Key: <api-key>' \
  --data '
{
  "code": "123456"
}
'
{
  "configured": true
}

Authorizations

X-Api-Key
string
header
required

Partner / integrator key — format ps_live_<keyId>_<secret>. Issued by PredictStreet ops via the admin panel; never self-service. Never ship to a browser. multi_wallet partners must additionally send X-User-Wallet: 0x<40-hex> on every authenticated request to declare the acting wallet. See the API keys guide for scope taxonomy, partner kinds, rate limits, and rotation procedure.

Headers

X-User-Wallet
string

Required for multi_wallet partners on every authenticated request; ignored for single_wallet. Declares the acting end-user wallet for this request — drives KYC checks, balances/positions/orders attribution, rate-limit buckets, and audit. Lower-cased server-side. Missing on a multi_wallet key → 401 api_key_user_wallet_required; malformed → 401 api_key_user_wallet_invalid. The on-chain CTFExchange/Vault contracts still verify EIP-712 signer ↔ vault binding, so loosening API-layer attribution is safe by construction.

Pattern: ^0x[a-fA-F0-9]{40}$
Example:

"0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb3"

Body

application/json
code
string
required

Step-up proof: a current 6-digit TOTP OR a 16-hex backup code.

Example:

"123456"

Response

Disabled (configured: false).

configured
boolean
required

True once 2FA setup has been confirmed. While true, withdrawals require a TOTP/backup code (when withdrawal-security enforcement is on).