> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dynamic.xyz/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Recovery Codes

Recovery codes are a set of codes that can be used to authenticate a user in case they lose access to their registered MFA devices.

## Prerequisites

* You need to have the Dynamic Client initialized.
* You need to have the passkey MFA enabled in your environment's settings in the [Dynamic dashboard](https://app.dynamic.xyz/dashboard/security).

## Getting a set of recovery codes

Calling `getMfaRecoveryCodes` will return a set of 10 recovery codes. Each code is single-use.

If user doesn't have any recovery codes generated yet, it will create them. If codes have already been generated for the user before, it will return them.

You can display them to the user and ask them to save them in a secure location.

```javascript theme={"system"}
import { getMfaRecoveryCodes } from '@dynamic-labs-sdk/client';

const register = async () => {
  const { recoveryCodes } = await getMfaRecoveryCodes();
  console.log(recoveryCodes);
};

```

## Creating a new set of recovery codes

Calling `createNewMfaRecoveryCodes` will create a new set of 10 recovery codes. Each code is single-use.

If the user still had unused recovery codes, they will be invalidated and a new set of 10 recovery codes will be created.

You can use this to allow the user to generate a new set of recovery codes in case they lose, want to rotate them, or have already used all of previous ones.

```javascript theme={"system"}
import { createNewMfaRecoveryCodes } from '@dynamic-labs-sdk/client';

const register = async () => {
  const { recoveryCodes } = await createNewMfaRecoveryCodes();
  console.log(recoveryCodes);
};

```

## Doing MFA authentication with a recovery code

Calling `authenticateMfaRecoveryCode` will verify the recovery code and complete the MFA challenge.
The authentication will be successful if the user enters a valid recovery code, that hasn't been used yet.

```javascript theme={"system"}
import { authenticateMfaRecoveryCode } from '@dynamic-labs-sdk/client';

const onLogin = async () => {
  // Replace 'ABCDEFGHIJ' with the actual recovery code the user enters
  await authenticateMfaRecoveryCode({ code: 'ABCDEFGHIJ' });
};

```

## React

`useGetMfaRecoveryCodes` reads the codes, `useCreateNewMfaRecoveryCodes` rotates them (its `data` holds the new set), and `useAuthenticateMfaRecoveryCode` signs in with one:

```tsx theme={"system"}
import {
  useAuthenticateMfaRecoveryCode,
  useCreateNewMfaRecoveryCodes,
  useGetMfaRecoveryCodes,
} from '@dynamic-labs-sdk/react-hooks';
import { useState } from 'react';

function RecoveryCodes() {
  const { data: existing, refetch } = useGetMfaRecoveryCodes();
  const { mutate: rotateCodes, data: rotated } = useCreateNewMfaRecoveryCodes();

  const codes = rotated?.recoveryCodes ?? existing?.recoveryCodes ?? [];

  return (
    <div>
      <button onClick={() => refetch()}>View Recovery Codes</button>
      <button onClick={() => rotateCodes()}>Generate New Codes</button>
      {codes.length > 0 && (
        <ul>
          {codes.map((code) => <li key={code}>{code}</li>)}
        </ul>
      )}
    </div>
  );
}

function RecoveryCodeLogin() {
  const [code, setCode] = useState('');
  const { mutate: authenticateMfaRecoveryCode } = useAuthenticateMfaRecoveryCode();

  const handleSubmit = (e) => {
    e.preventDefault();
    authenticateMfaRecoveryCode({ code });
  };

  return (
    <form onSubmit={handleSubmit}>
      <input
        value={code}
        onChange={(e) => setCode(e.target.value)}
        placeholder="Enter recovery code"
      />
      <button type="submit">Verify</button>
    </form>
  );
}
```

## Related functions

* [isPendingRecoveryCodesAcknowledgment](/javascript/authentication-methods/is-pending-recovery-codes-acknowledgment) - Check if recovery codes need acknowledgment
* [isUserOnboardingComplete](/javascript/authentication-methods/is-user-onboarding-complete) - Check if user completed all onboarding requirements
* [Signing in with a Passkey](/javascript/authentication-methods/passkey)
* [Authenticator Apps](/javascript/authentication-methods/mfa/totp)
* [Overview](/javascript/authentication-methods/mfa/overview)
* [Session-Based MFA](/javascript/authentication-methods/mfa/session-mfa)
* [Action-Based MFA](/javascript/authentication-methods/mfa/action-based)
