vrchatapi · jellejurre · May 16, 2025 · May 16, 2025 · May 16, 2025 · May 16, 2025
diff --git a/openapi/components/codeSamples/authentication.yaml b/openapi/components/codeSamples/authentication.yaml
@@ -20,7 +20,35 @@
   get:
     - lang: cURL
       source: >-
-        curl -X GET "https://api.vrchat.cloud/api/1/auth/exists?email={string}" 
+        curl -X GET "https://api.vrchat.cloud/api/1/auth/exists?email={string}"
+/auth/register:
+  post:
+    - lang: cURL
+      source: >-
+        curl -X POST "https://api.vrchat.cloud/api/1/auth/register" \
+             -H "Content-Type: application/json" \
+             --data '{"username": "{userAndDisplayName}", "password": "{password}", "email": "{emailAddress}", "year": "{birthYear}", "month": "{birthMonth}", "day": "{birthDay}", "captchaCode": "{captchaCode}", "subscribe": true, "acceptedTOSVersion": 10}'
+/auth/user/resendEmail:
+  post:
+    - lang: cURL
+      source: >-
+        curl -X POST "https://api.vrchat.cloud/api/1/auth/user/resendEmail"
+/auth/confirmEmail:
+  get:
+    - lang: cURL
+      source: >-
+        curl -X GET "https://api.vrchat.cloud/api/1/auth/confirmEmail?id={userId}&verify_email={token}"
+/auth/verifyLoginPlace:
+  get:
+    - lang: cURL
+      source: >-
+        curl -X GET "https://api.vrchat.cloud/api/1/auth/verifyLoginPlace?userId={userId}&token={token}"
+/auth/twofactorauth:
+  delete:
+    - lang: cURL
+      source: >-
+        curl -X DELETE "https://api.vrchat.cloud/api/1/auth/twofactorauth" \
+             -b "auth={authCookie}"
 /auth/twofactorauth/totp/verify:
   post:
     - lang: cURL
@@ -29,6 +57,25 @@
              -H "Content-Type: application/json" \
              -b "auth={authCookie}" \
              --data '{"code": "string"}'
+/auth/twofactorauth/totp/pending:
+  post:
+    - lang: cURL
+      source: >-
+        curl -X POST "https://api.vrchat.cloud/api/1/auth/twofactorauth/totp/pending" \
+             -b "auth={authCookie}"
+  delete:
+    - lang: cURL
+      source: >-
+        curl -X DELETE "https://api.vrchat.cloud/api/1/auth/twofactorauth/totp/pending" \
+             -b "auth={authCookie}"
+/auth/twofactorauth/totp/pending/verify:
+  post:
+    - lang: cURL
+      source: >-
+        curl -X POST "https://api.vrchat.cloud/api/1/auth/twofactorauth/totp/pending/verify" \
+             -H "Content-Type: application/json" \
+             -b "auth={authCookie}" \
+             --data '{"code": "string"}'
 /auth/user/twofactorauth/otp:
   get:
     - lang: cURL

diff --git a/openapi/components/parameters.yaml b/openapi/components/parameters.yaml
@@ -453,4 +453,27 @@ printId:
   schema:
     type: string
     example: 'prnt_0a0aa0a0-85ea-42eb-b2f7-4840d7f341fa'
-  description: Print ID.
+  description: Print ID.
+confirmEmailUserId:
+  name: id
+  in: query
+  required: true
+  schema:
+    type: string
+    example: 'usr_00000000-0000-0000-0000-000000000000'
+  description: 'Target user for which to verify email.'
+confirmEmailToken:
+  name: verify_email
+  in: query
+  required: true
+  schema:
+    type: string
+    example: 'eml_00000000-0000-0000-0000-000000000000'
+  description: 'Token to verify email.'
+verifyLoginPlaceToken:
+  name: token
+  in: query
+  required: true
+  schema:
+    type: string
+  description: 'Token to verify login attempt.'
diff --git a/openapi/components/paths.yaml b/openapi/components/paths.yaml
@@ -8,8 +8,14 @@
   $ref: "./paths/authentication.yaml#/paths/~1auth~1exists"
 "/auth/user":
   $ref: "./paths/authentication.yaml#/paths/~1auth~1user"
+"/auth/twofactorauth":
+  $ref: "./paths/authentication.yaml#/paths/~1auth~1twofactorauth"
 "/auth/twofactorauth/totp/verify":
   $ref: "./paths/authentication.yaml#/paths/~1auth~1twofactorauth~1totp~1verify"
+"/auth/twofactorauth/totp/pending":
+  $ref: "./paths/authentication.yaml#/paths/~1auth~1twofactorauth~1totp~1pending"
+"/auth/twofactorauth/totp/pending/verify":
+  $ref: "./paths/authentication.yaml#/paths/~1auth~1twofactorauth~1totp~1pending~1verify"
 "/auth/user/twofactorauth/otp":
   $ref: "./paths/authentication.yaml#/paths/~1auth~1user~1twofactorauth~1otp"
 "/auth/twofactorauth/otp/verify":
@@ -22,6 +28,14 @@
   $ref: "./paths/authentication.yaml#/paths/~1logout"
 "/users/{userId}/delete":
   $ref: "./paths/authentication.yaml#/paths/~1users~1{userId}~1delete"
+"/auth/register":
+  $ref: "./paths/authentication.yaml#/paths/~1auth~1register"
+"/auth/user/resendEmail":
+  $ref: "./paths/authentication.yaml#/paths/~1auth~1user~1resendEmail"
+"/auth/confirmEmail":
+  $ref: "./paths/authentication.yaml#/paths/~1auth~1confirmEmail"
+"/auth/verifyLoginPlace":
+  $ref: "./paths/authentication.yaml#/paths/~1auth~1verifyLoginPlace"
 
 # avatars
 

diff --git a/openapi/components/paths/authentication.yaml b/openapi/components/paths/authentication.yaml
@@ -112,6 +112,63 @@ paths:
       security:
         - authCookie: []
       parameters: []
+  /auth/twofactorauth/totp/pending:
+    post:
+      summary: Enable time-based 2FA codes
+      operationId: enable2FA
+      x-codeSamples:
+        $ref: "../codeSamples/authentication.yaml#/~1auth~1twofactorauth~1totp~1pending/post"
+      responses:
+        '200':
+          $ref: ../responses/authentication/Pending2FAResponse.yaml
+        '401':
+          $ref: ../responses/MissingCredentialsError.yaml
+      description: Begins the sequence for enabling time-based 2FA.
+      tags:
+        - authentication
+      security:
+        - authCookie: []
+      parameters: []
+    delete:
+      summary: Cancel pending enabling of time-based 2FA codes
+      operationId: cancelPending2FA
+      x-codeSamples:
+        $ref: "../codeSamples/authentication.yaml#/~1auth~1twofactorauth~1totp~1pending/delete"
+      responses:
+        '200':
+          $ref: ../responses/authentication/Disable2FAResponse.yaml
+        '401':
+          $ref: ../responses/MissingCredentialsError.yaml
+      description: Cancels the sequence for enabling time-based 2FA.
+      tags:
+        - authentication
+      security:
+        - authCookie: []
+      parameters: []
+  /auth/twofactorauth/totp/pending/verify:
+    post:
+      summary: Verify Pending 2FA code
+      operationId: verifyPending2FA
+      x-codeSamples:
+        $ref: "../codeSamples/authentication.yaml#/~1auth~1twofactorauth~1totp~1pending~1verify/post"
+      responses:
+        '200':
+          $ref: ../responses/authentication/Verify2FAResponse.yaml
+        '401':
+          $ref: ../responses/MissingCredentialsError.yaml
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: ../requests/TwoFactorAuthCode.yaml
+            examples: {}
+      description: Finishes sequence for enabling time-based 2FA.
+      tags:
+        - authentication
+      security:
+        - authCookie: []
+      parameters: []
   /auth/user/twofactorauth/otp:
     get:
       summary: Get 2FA Recovery codes
@@ -175,6 +232,22 @@ paths:
       security:
         - authCookie: [ ]
       parameters: [ ]
+  '/auth/twofactorauth':
+    delete:
+      summary: Disable 2FA
+      operationId: disable2FA
+      x-codeSamples:
+        $ref: "../codeSamples/authentication.yaml#/~1auth~1twofactorauth/delete"
+      responses:
+        '200':
+          $ref: ../responses/authentication/Disable2FAResponse.yaml
+        '401':
+          $ref: ../responses/MissingCredentialsError.yaml
+      tags:
+        - authentication
+      description: Disables 2FA for the currently logged in account
+      security:
+        - authCookie: []
   '/users/{userId}/delete':
     parameters:
       - $ref: ../parameters.yaml#/userId
@@ -198,6 +271,76 @@ paths:
         **METHOD NOTE:** Despite this being a Delete action, the method type required is PUT.
       security:
         - authCookie: []
+  /auth/register:
+    post:
+      summary: Register User Account
+      description: |-
+        ~~Register a new user account.~~
+
+        **DEPRECATED:** Automated creation of accounts has no legitimate public third-party use case, and would be in violation of ToS §13.2:
+        *By using the Platform, you agree not to: i. [...] use the Platform in a manner inconsistent with individual human usage*
+        This endpoint is documented in the interest of completeness
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: ../requests/RegisterUserAccountRequest.yaml
+      responses:
+        '200':
+          $ref: ../responses/authentication/CurrentUserLoginResponse.yaml
+        '401':
+          $ref: ../responses/MissingCredentialsError.yaml
+      operationId: registerUserAccount
+      parameters: []
+      tags:
+        - authentication
+      deprecated: true
+  /auth/user/resendEmail:
+    post:
+      summary: Resend Email Confirmation
+      description: Requests a resend of pending email address confirmation email
+      responses:
+        '200':
+          $ref: ../responses/authentication/ResendVerificationEmailSuccess.yaml
+        '401':
+          $ref: ../responses/MissingCredentialsError.yaml
+      operationId: resendEmailConfirmation
+      parameters: []
+      tags:
+        - authentication
+      security:
+        - authCookie: []
+  '/auth/confirmEmail':
+    get:
+      summary: Confirm Email
+      operationId: confirmEmail
+      parameters:
+        - $ref: ../parameters.yaml#/confirmEmailUserId
+        - $ref: ../parameters.yaml#/confirmEmailToken
+      x-codeSamples:
+        $ref: "../codeSamples/authentication.yaml#/~1auth~1confirmEmail/get"
+      responses:
+        '302':
+          $ref: ../responses/authentication/ConfirmEmailResponse.yaml
+      tags:
+        - authentication
+      description: Confirms the email address for a user
+  '/auth/verifyLoginPlace':
+    get:
+      summary: Verify Login Place
+      operationId: verifyLoginPlace
+      parameters:
+        - $ref: ../parameters.yaml#/userIdQuery
+        - $ref: ../parameters.yaml#/verifyLoginPlaceToken
+      x-codeSamples:
+        $ref: "../codeSamples/authentication.yaml#/~1auth~1verifyLoginPlace/get"
+      responses:
+        '302':
+          $ref: ../responses/authentication/VerifyLoginPlaceResponse.yaml
+      tags:
+        - authentication
+      description: Verifies a login attempt for a user
 tags:
   $ref: ../tags.yaml
 components:

diff --git a/openapi/components/requests/RegisterUserAccountRequest.yaml b/openapi/components/requests/RegisterUserAccountRequest.yaml
@@ -0,0 +1,43 @@
+title: RegisterUserAccountRequest
+type: object
+properties:
+  username:
+    description: Display Name / Username (Username is a sanitized version)
+    type: string
+    minLength: 4
+    maxLength: 15
+  password:
+    description: Password
+    type: string
+    minLength: 8
+  email:
+    description: Email address
+    type: string
+  year:
+    description: Birth year
+    type: string
+  month:
+    description: Birth month of year
+    type: string
+  day:
+    description: Birth day of month
+    type: string
+  captchaCode:
+    description: Captcha code
+    type: string
+  subscribe:
+    description: Whether to recieve promotional emails
+    type: boolean
+  acceptedTOSVersion:
+    description: The most recent version of the TOS
+    type: integer
+required:
+  - username
+  - password
+  - email
+  - year
+  - month
+  - day
+  - captchaCode
+  - subscribe
+  - acceptedTOSVersion
diff --git a/openapi/components/responses/authentication/ConfirmEmailResponse.yaml b/openapi/components/responses/authentication/ConfirmEmailResponse.yaml
@@ -0,0 +1 @@
+description: OK
diff --git a/openapi/components/responses/authentication/Disable2FAResponse.yaml b/openapi/components/responses/authentication/Disable2FAResponse.yaml
@@ -0,0 +1,5 @@
+description: OK
+content:
+  application/json:
+    schema:
+      $ref: ../../schemas/Disable2FAResult.yaml
diff --git a/openapi/components/responses/authentication/Pending2FAResponse.yaml b/openapi/components/responses/authentication/Pending2FAResponse.yaml
@@ -0,0 +1,5 @@
+description: OK
+content:
+  application/json:
+    schema:
+      $ref: ../../schemas/Pending2FAResult.yaml
diff --git a/openapi/components/responses/authentication/ResendVerificationEmailSuccess.yaml b/openapi/components/responses/authentication/ResendVerificationEmailSuccess.yaml
@@ -0,0 +1,11 @@
+description: OK
+content:
+  application/json:
+    schema:
+      $ref: ../../schemas/Success.yaml
+    examples:
+      Resend Verification Email Success:
+        value:
+          success:
+            message: Verification Email Sent!
+            status_code: 200
diff --git a/openapi/components/responses/authentication/VerifyLoginPlaceResponse.yaml b/openapi/components/responses/authentication/VerifyLoginPlaceResponse.yaml
@@ -0,0 +1 @@
+description: OK
diff --git a/openapi/components/schemas/CurrentUser.yaml b/openapi/components/schemas/CurrentUser.yaml
@@ -30,6 +30,9 @@ properties:
     $ref: ./AgeVerified.yaml
   allowAvatarCopying:
     type: boolean
+  authToken:
+    description: The auth token for NEWLY REGISTERED ACCOUNTS ONLY (/auth/register)
+    type: string
   badges:
     description: ' '
     type: array

diff --git a/openapi/components/schemas/Disable2FAResult.yaml b/openapi/components/schemas/Disable2FAResult.yaml
@@ -0,0 +1,7 @@
+title: Disable2FAResult
+type: object
+properties:
+  removed:
+    type: boolean
+required:
+  - removed
diff --git a/openapi/components/schemas/Pending2FAResult.yaml b/openapi/components/schemas/Pending2FAResult.yaml
@@ -0,0 +1,10 @@
+title: Pending2FAResult
+type: object
+properties:
+  qrCodeDataUrl:
+    type: string
+  secret:
+    type: string
+required:
+  - qrCodeDataUrl
+  - secret
diff --git a/openapi/components/schemas/Verify2FAResult.yaml b/openapi/components/schemas/Verify2FAResult.yaml
@@ -3,5 +3,8 @@ type: object
 properties:
   verified:
     type: boolean
+  enabled:
+    type: boolean
+    default: true
 required:
   - verified