# Verify MFA using authenticator app

Verify multi-factor authentication (MFA) during the authentication process.

This endpoint is typically used after a primary login attempt when MFA is enabled for the user or account (tenant).

The request must include:
- value: The MFA service name (e.g., authenticator, email, sms) configured under Authentication Settings.
- mfaToken: The token or code provided by the user's MFA method (e.g., code from an authenticator app).

Use this endpoint to complete the MFA verification step as part of the overall login flow.

Endpoint: POST /resources/auth/v1/user/mfa/authenticator/{deviceId}/verify
Security: bearer

## Path parameters:

  - `deviceId` (string, required)

## Request fields (application/json):

  - `value` (string, required)

  - `mfaToken` (string, required)

  - `rememberDevice` (boolean)

## Response 201 fields (application/json):

  - `tokenType` (string)

  - `otcToken` (string)

  - `mfaRequired` (boolean, required)

  - `mfaToken` (string)

  - `resetPasswordToken` (string)

  - `passwordExpiresIn` (number)

  - `notificationPeriod` (number)

  - `mfaEnrolled` (boolean)

  - `mfaDevices` (object)

  - `mfaDevices.webauthn` (array, required)

  - `mfaDevices.webauthn.id` (string, required)

  - `mfaDevices.webauthn.deviceType` (string, required)
    Enum: "Platform", "CrossPlatform"

  - `mfaDevices.webauthn.name` (string, required)

  - `mfaDevices.phones` (array, required)

  - `mfaDevices.phones.phoneNumber` (string, required)

  - `mfaDevices.authenticators` (array, required)

  - `mfaDevices.emails` (array, required)

  - `mfaDevices.emails.email` (string, required)

  - `mfaStrategies` (object)

  - `qrCode` (string)

  - `recoveryCode` (string)

  - `accessToken` (string, required)

  - `refreshToken` (string, required)

  - `expiresIn` (number, required)

  - `expires` (string, required)

  - `userId` (string)

  - `userEmail` (string)

  - `emailVerified` (boolean)

  - `isBreachedPassword` (boolean)