diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs
index a3d565c..3d130f3 100644
--- a/src/api/core/mod.rs
+++ b/src/api/core/mod.rs
@@ -66,8 +66,10 @@ pub fn routes() -> Vec<Route> {
         get_recover,
         recover,
         disable_twofactor,
+        disable_twofactor_put,
         generate_authenticator,
         activate_authenticator,
+        activate_authenticator_put,
         generate_u2f,
         activate_u2f,
 
diff --git a/src/api/core/two_factor.rs b/src/api/core/two_factor.rs
index 420362a..67088aa 100644
--- a/src/api/core/two_factor.rs
+++ b/src/api/core/two_factor.rs
@@ -112,6 +112,15 @@ fn disable_twofactor(
     })))
 }
 
+#[put("/two-factor/disable", data = "<data>")]
+fn disable_twofactor_put(
+    data: JsonUpcase<DisableTwoFactorData>,
+    headers: Headers,
+    conn: DbConn,
+) -> JsonResult {
+    disable_twofactor(data, headers, conn)
+}
+
 #[post("/two-factor/get-authenticator", data = "<data>")]
 fn generate_authenticator(
     data: JsonUpcase<PasswordData>,
@@ -194,6 +203,15 @@ fn activate_authenticator(
     })))
 }
 
+#[put("/two-factor/authenticator", data = "<data>")]
+fn activate_authenticator_put(
+    data: JsonUpcase<EnableAuthenticatorData>,
+    headers: Headers,
+    conn: DbConn,
+) -> JsonResult {
+    activate_authenticator(data, headers, conn)
+}
+
 fn _generate_recover_code(user: &mut User, conn: &DbConn) {
     if user.totp_recover.is_none() {
         let totp_recover = BASE32.encode(&crypto::get_random(vec![0u8; 20]));