# Enroll MFA using Authenticator App

Complete enrollment in multi-factor authentication (MFA) using an authenticator app.

This endpoint verifies the MFA setup by validating the time-based one-time password (TOTP) generated by the authenticator app.

The request must include:
- token: The 6-digit TOTP code generated by the authenticator app.
- mfaToken: Token from the initial MFA enrollment initiation.
- rememberDevice (optional): If set to true, the device will be remembered and may skip MFA on future logins from the same browser or device.

Use this endpoint to finalize MFA enrollment and activate the authenticator app for the user's account.

Endpoint: POST /resources/auth/v1/user/mfa/authenticator/enroll/verify
Security: bearer

## Request fields (application/json):

  - `token` (string, required)

  - `mfaToken` (string, required)

  - `rememberDevice` (boolean)

## Response 201 fields (application/json):

  - `tokenType` (string)

  - `otcToken` (string)

  - `mfaRequired` (boolean, required)

  - `mfaToken` (string)

  - `resetPasswordToken` (string)

  - `passwordExpiresIn` (number)

  - `notificationPeriod` (number)

  - `mfaEnrolled` (boolean)

  - `mfaDevices` (object)

  - `mfaDevices.webauthn` (array, required)

  - `mfaDevices.webauthn.id` (string, required)

  - `mfaDevices.webauthn.deviceType` (string, required)
    Enum: "Platform", "CrossPlatform"

  - `mfaDevices.webauthn.name` (string, required)

  - `mfaDevices.phones` (array, required)

  - `mfaDevices.phones.phoneNumber` (string, required)

  - `mfaDevices.authenticators` (array, required)

  - `mfaDevices.emails` (array, required)

  - `mfaDevices.emails.email` (string, required)

  - `mfaStrategies` (object)

  - `qrCode` (string)

  - `recoveryCode` (string)

  - `accessToken` (string, required)

  - `refreshToken` (string, required)

  - `expiresIn` (number, required)

  - `expires` (string, required)

  - `userId` (string)

  - `userEmail` (string)

  - `emailVerified` (boolean)

  - `isBreachedPassword` (boolean)