# Verify MFA using sms Verify a multi-factor authentication (MFA) challenge using an SMS code for a specific registered device. This endpoint finalizes the MFA step by validating the SMS code and may mark the device as trusted if specified. Path parameters: - deviceId: The unique identifier of the SMS MFA device being verified. Request body must include: - otcToken: Token received from the SMS MFA challenge initiation. - code: The verification code sent to the user's phone via SMS. - mfaToken: MFA token issued during the initial login or step-up challenge. - rememberDevice (optional): Set to true to remember the device and reduce future MFA prompts on this device. Use this endpoint to complete SMS-based MFA verification and optionally trust the device for future logins. Endpoint: POST /resources/auth/v1/user/mfa/sms/{deviceId}/verify Security: bearer ## Path parameters: - `deviceId` (string, required) ## Request fields (application/json): - `otcToken` (string, required) - `code` (string, required) - `mfaToken` (string, required) - `rememberDevice` (boolean) ## Response 201 fields (application/json): - `tokenType` (string) - `otcToken` (string) - `mfaRequired` (boolean, required) - `mfaToken` (string) - `resetPasswordToken` (string) - `passwordExpiresIn` (number) - `notificationPeriod` (number) - `mfaEnrolled` (boolean) - `mfaDevices` (object) - `mfaDevices.webauthn` (array, required) - `mfaDevices.webauthn.id` (string, required) - `mfaDevices.webauthn.deviceType` (string, required) Enum: "Platform", "CrossPlatform" - `mfaDevices.webauthn.name` (string, required) - `mfaDevices.phones` (array, required) - `mfaDevices.phones.phoneNumber` (string, required) - `mfaDevices.authenticators` (array, required) - `mfaDevices.emails` (array, required) - `mfaDevices.emails.email` (string, required) - `mfaStrategies` (object) - `qrCode` (string) - `recoveryCode` (string) - `accessToken` (string, required) - `refreshToken` (string, required) - `expiresIn` (number, required) - `expires` (string, required) - `userId` (string) - `userEmail` (string) - `emailVerified` (boolean) - `isBreachedPassword` (boolean)