Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Create a new qrCodePinAuthenticationMethod object for the user. A user can have only one active QR code authentication method. A new QR code authentication can be added if an existing one expires or is deleted and is therefore unusable for sign-in. This auth method can have standard and temporary QR codes. An active QR code authentication method can have only one active standard and one temporary QR code. To create a new QR code authentication method, standard QR code, or temporary QR code, you must first delete existing respective objects.
Permissions
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permissions acting on self
| Permission type | Least privileged permission | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | Not supported. | Not supported. |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | Not supported. | Not supported. |
Permissions acting on other users
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All | Not available. |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | UserAuthenticationMethod.ReadWrite.All | Not available. |
Important
In delegated scenarios with work or school accounts where the signed-in user is acting on another user, they must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
- Authentication Administrator
- Privileged Authentication Administrator
HTTP request
Create your own QR Code + PIN authentication method.
PUT /me/authentication/qrCodePinMethod
Note
Calling the /me endpoint requires a signed-in user and therefore a delegated permission. Application permissions aren't supported when using the /me endpoint.
Create another user's QR Code + PIN authentication method.
PUT /users/{id}/authentication/qrCodePinMethod
Request headers
| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Content-Type | application/json. Required. |
Request body
In the request body, supply a JSON representation of the qrCodePinAuthenticationMethod object.
You can specify the following properties when creating a qrCodePinAuthenticationMethod.
| Property | Type | Description |
|---|---|---|
| standardQRCode | qrCode | Standard QR code is primary QR code of the user with lifetime upto 395 days (13 months). There can be only one active standard QR code for the user. A new standard QR code can be created if an existing one is expired or deleted. The startDateTime, when this QR code is activated, and expireDateTime, when this QR code is expired, are required. |
| pin | qrPin | The PIN linked to the QR Code for the user. The admin creates the temporary pin, which the user must change during sign-in. The admin can specify a custom or autogenerated PIN. Custom PIN support is only available during QR code creation only. |
Response
If successful, this method returns a 201 Created response code and a qrCodePinAuthenticationMethod object in the response body.
Examples
Request
The following example shows a request.
PUT https://graph.microsoft.com/beta/users/7c4999f7-9c25-4f8e-8b84-766eb28a1b49/authentication/qrCodePinMethod
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.qrCodePinAuthenticationMethod",
"standardQRCode": {
"expireDateTime": "2025-12-19T12:00:00Z",
"startDateTime": "2025-01-01T12:00:00Z"
},
"pin": {
"code": "09599786"
}
}
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.qrCodePinAuthenticationMethod",
"id": "d29518d4-b99a-4c88-b40c-92fd12959724",
"isUsable": false,
"methodUsabilityReason": null,
"standardQRCode": {
"@odata.type": "#microsoft.graph.qrCode",
"id": "1a253da5-3f9a-457d-bd9c-de1aab9a2e59",
"expireDateTime": "2025-12-19T12:00:00Z",
"startDateTime": "2025-01-01T12:00:00Z",
"createdDateTime": "2025-03-05T00:03:11.1460378Z",
"lastUsedDateTime": "0001-01-01T00:00:00Z",
"image": {
"@odata.type": "#microsoft.graph.qrCodeImageDetails",
"binaryValue": "SGVsbG9Xb3JsZCE=",
"version": 1,
"errorCorrectionLevel": "l",
"rawContent": "SGVsbG9Xb3JsZCEyTXlSYXdDb250ZW50"
}
},
"temporaryQRCode": null,
"pin": {
"@odata.type": "#microsoft.graph.qrPin",
"id": "a98a1084-f503-4dfd-a293-c0e93cba124a",
"code": "09599786",
"forceChangePinNextSignIn": true,
"createdDateTime": "2025-03-05T00:03:11.3120627Z",
"updatedDateTime": "2025-03-05T00:03:11.3120627Z"
}
}