# Enroll MFA using WebAuthN

Complete enrollment in multi-factor authentication (MFA) using WebAuthn.

This endpoint verifies and registers a WebAuthn device, such as a biometric sensor (Platform) or hardware security key (CrossPlatform), finalizing the setup after the initial challenge.

The request must include:
- deviceType: Type of device being enrolled. Accepts Platform (e.g., fingerprint scanner) or CrossPlatform (e.g., USB security key).
- webauthnToken: Token received during the WebAuthn pre-enrollment step.
- options: WebAuthn attestation data collected from the client.
  - id: Device identifier.
  - response: WebAuthn attestation response.
    - clientDataJSON: Base64-encoded client data from the browser.
    - attestationObject: Base64-encoded attestation object from the authenticator.
  - deviceType (optional): May repeat the selected device type.
- mfaToken: Token used to authorize MFA enrollment.
- rememberDevice (optional): Set to true to remember the device and reduce MFA prompts on future logins.

Use this endpoint to complete WebAuthn-based MFA enrollment and register the user's trusted device.

Endpoint: POST /resources/auth/v1/user/mfa/webauthn/enroll/verify
Security: bearer

## Request fields (application/json):

  - `deviceType` (string, required)
    Enum: "Platform", "CrossPlatform"

  - `webauthnToken` (string, required)

  - `options` (object, required)

  - `options.id` (string, required)

  - `options.response` (object, required)

  - `options.response.clientDataJSON` (string, required)

  - `options.response.attestationObject` (string, required)

  - `mfaToken` (string, required)

  - `rememberDevice` (boolean)

## Response 201 fields (application/json):

  - `tokenType` (string)

  - `otcToken` (string)

  - `mfaRequired` (boolean, required)

  - `mfaToken` (string)

  - `resetPasswordToken` (string)

  - `passwordExpiresIn` (number)

  - `notificationPeriod` (number)

  - `mfaEnrolled` (boolean)

  - `mfaDevices` (object)

  - `mfaDevices.webauthn` (array, required)

  - `mfaDevices.webauthn.id` (string, required)

  - `mfaDevices.webauthn.deviceType` (string, required)
    Enum: "Platform", "CrossPlatform"

  - `mfaDevices.webauthn.name` (string, required)

  - `mfaDevices.phones` (array, required)

  - `mfaDevices.phones.phoneNumber` (string, required)

  - `mfaDevices.authenticators` (array, required)

  - `mfaDevices.emails` (array, required)

  - `mfaDevices.emails.email` (string, required)

  - `mfaStrategies` (object)

  - `qrCode` (string)

  - `recoveryCode` (string)

  - `accessToken` (string, required)

  - `refreshToken` (string, required)

  - `expiresIn` (number, required)

  - `expires` (string, required)

  - `userId` (string)

  - `userEmail` (string)

  - `emailVerified` (boolean)

  - `isBreachedPassword` (boolean)