post https://www.sandbox.striga.com/api/v1/user/start/setup-two-factor
This API returns a secret and a base32 encoded secret for which you may display a QR code with your brand/logo such that the user can save it in their favorite TOTP application (Google Authenticator, Authy etc.)
Please DO NOT persist these secrets on your backend.