Docs

Trigger MFA using the API

You can trigger MFA challenges for enrolled authenticators by calling the /mfa/challenge endpoint.

OTP Challenges

To trigger an OTP challenge, make the appropriate POST call to mfa/challenge.




If successful, you'll receive the following response:

Proceed with the authentication process as usual.

OOB Challenges

To trigger an OOB challenge, make the appropriate POST call to mfa/challenge.




If successful, you'll receive the following response, as well as an SMS message containing the required six-digit code:

Proceed with the authentication process as usual.

Posting the MFA Responses

You can post MFA OTP or MFA OOB responses using the /oauth/token endpoint.