Docs

Trigger MFA using the API

You can trigger MFA challenges for enrolled authenticators by calling the /mfa/challenge endpoint.

OTP Challenges

To trigger an OTP challenge, make the appropriate POST call to mfa/challenge.




If successful, you'll receive the following response:

The user will collect a one-time password, which you will then collect from them. Proceed with the authentication process using /oauth/token as usual, adding the otp value that you collect as a parameter (format below) in the request.

OOB Challenges

To trigger an OOB challenge, make the appropriate POST call to mfa/challenge.

If successful, you'll receive the following response, as well as an SMS message containing the required six-digit code:

Proceed with the authentication process using /oauth/token as usual, sending the oob_code as a parameter (format below) in the request.