# Disable SMS MFA

Complete the process of disabling SMS-based multi-factor authentication (MFA) for a specific device.

This step finalizes MFA deactivation for the given deviceId after a prior pre-disable action.

The request must include:
- otcToken: The one-time challenge token obtained during the pre-disable step.
- code: The SMS verification code received by the user.

Use this endpoint as the second step in the SMS MFA removal flow to verify the user's identity and confirm the disable action.

Endpoint: POST /resources/users/v1/mfa/sms/{deviceId}/disable/verify
Security: bearer

## Path parameters:

  - `deviceId` (string, required)

## Header parameters:

  - `frontegg-user-id` (string, required)
    The user ID identifier

## Request fields (application/json):

  - `otcToken` (string, required)

  - `code` (string, required)


## Response 200 fields