# Verify MFA using email code Verify a multi-factor authentication (MFA) challenge using a code sent to the user's email address. This endpoint finalizes the email-based MFA verification and completes the authentication process. The request must include: - otcToken: One-time challenge token received during the email MFA initiation. - code: The MFA code sent to the user's email. - mfaToken: Token returned from the original MFA setup or step-up authentication request. - rememberDevice (optional): If set to true, the device will be remembered to reduce MFA prompts on future logins from the same client. Use this endpoint to confirm the MFA challenge and optionally remember the current device for future sessions. Endpoint: POST /resources/auth/v1/user/mfa/emailcode/verify Security: bearer ## Request fields (application/json): - `otcToken` (string, required) - `code` (string, required) - `mfaToken` (string, required) - `rememberDevice` (boolean) ## Response 201 fields (application/json): - `tokenType` (string) - `otcToken` (string) - `mfaRequired` (boolean, required) - `mfaToken` (string) - `resetPasswordToken` (string) - `passwordExpiresIn` (number) - `notificationPeriod` (number) - `mfaEnrolled` (boolean) - `mfaDevices` (object) - `mfaDevices.webauthn` (array, required) - `mfaDevices.webauthn.id` (string, required) - `mfaDevices.webauthn.deviceType` (string, required) Enum: "Platform", "CrossPlatform" - `mfaDevices.webauthn.name` (string, required) - `mfaDevices.phones` (array, required) - `mfaDevices.phones.phoneNumber` (string, required) - `mfaDevices.authenticators` (array, required) - `mfaDevices.emails` (array, required) - `mfaDevices.emails.email` (string, required) - `mfaStrategies` (object) - `qrCode` (string) - `recoveryCode` (string) - `accessToken` (string, required) - `refreshToken` (string, required) - `expiresIn` (number, required) - `expires` (string, required) - `userId` (string) - `userEmail` (string) - `emailVerified` (boolean) - `isBreachedPassword` (boolean)