Manage Authentication Methods with Management API
Before you start
Configure a machine-to-machine (M2M) application, and grant it access to the Auth0 Management API with the following scopes:
create:authentication_methodsread:authentication_methodsupdate:authentication_methodsdelete:authentication_methods
The Auth0 Management API provides several endpoints you can use to manage your users' MFA authentication methods.
This method relies on authenticating using a confidential application. To learn more about confidential vs. public applications, read Confidential and Public Applications.
Get all authentication methods
Use the Gets a list of authentication methods endpoint to get a list of all of the authentication methods a user has either fully or partially enrolled.
This endpoint requires the scope: read:authentication_methods.
Examples
The following request returns a list of all authentication methods for a specified user.
curl --request GET \
--url https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods \
--header 'authorization: Bearer {yourMgmtApiAccessToken}'Was this helpful?
/
var client = new RestClient("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods");
var request = new RestRequest(Method.GET);
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.get("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")
.header("authorization", "Bearer {yourMgmtApiAccessToken}")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'GET',
url: 'https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods',
headers: {authorization: 'Bearer {yourMgmtApiAccessToken}'}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"authorization": @"Bearer {yourMgmtApiAccessToken}" };
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"GET"];
[request setAllHTTPHeaderFields:headers];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {yourMgmtApiAccessToken}"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
headers = { 'authorization': "Bearer {yourMgmtApiAccessToken}" }
conn.request("GET", "%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Get.new(url)
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = ["authorization": "Bearer {yourMgmtApiAccessToken}"]
let request = NSMutableURLRequest(url: NSURL(string: "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "GET"
request.allHTTPHeaderFields = headers
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Responses
For each valid request, the Management API will return a response in the JSON format.
[
{
"id": "totp|dev_XXXXXXXXXXXXXXXX",
"type": "totp",
"confirmed": true,
"created_at": "2021-09-23T22:57:30.206Z",
"last_auth_at": "2021-09-23T22:57:51.652Z"
}
]Was this helpful?
/
Get a single authentication method
Use the Gets an authentication method by ID endpoint to get a single authentication method for a user specified by the authentication method's ID.
This endpoint requires the scope: read:authentication_methods.
Examples
The following request returns a single authentication method for a user based on the specified authentication method's ID.
curl --request GET \
--url https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D \
--header 'authorization: Bearer {yourMgmtApiAccessToken}'Was this helpful?
/
var client = new RestClient("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D");
var request = new RestRequest(Method.GET);
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.get("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D")
.header("authorization", "Bearer {yourMgmtApiAccessToken}")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'GET',
url: 'https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D',
headers: {authorization: 'Bearer {yourMgmtApiAccessToken}'}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"authorization": @"Bearer {yourMgmtApiAccessToken}" };
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"GET"];
[request setAllHTTPHeaderFields:headers];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {yourMgmtApiAccessToken}"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
headers = { 'authorization': "Bearer {yourMgmtApiAccessToken}" }
conn.request("GET", "%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Get.new(url)
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = ["authorization": "Bearer {yourMgmtApiAccessToken}"]
let request = NSMutableURLRequest(url: NSURL(string: "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "GET"
request.allHTTPHeaderFields = headers
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Responses
For each valid request, the Management API will return a response in the JSON format.
{
"id": "totp|dev_XXXXXXXXXXXXXXXX",
"type": "totp",
"confirmed": true,
"created_at": "2021-09-23T22:57:30.206Z",
"last_auth_at": "2021-09-23T22:57:51.652Z"
}Was this helpful?
/
Create an authentication method
Use the Creates an authentication method for a given user endpoint to create an authentication method for a user, including SMS, email, one-time password (OTP), or WebAuthn with security keys. To learn more about available MFA authentication factors, read Multi-Factor Authentication Factors.
This endpoint requires the scope: create:authentication_methods.
Authentication methods created through this endpoint will be confirmed automatically and available immediately. Verify with the user that the authentication method is configured correctly and is still valid.
SMS
Send users an OTP over SMS which the user is then prompted to enter before they can finish authenticating.
Examples
The following request creates a SMS authentication method for a user.
curl --request POST \
--url https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods \
--header 'authorization: Bearer {yourMgmtApiAccessToken}' \
--data '{ "type": "phone", "name": "SMS", "phone_number": "+00000000000" }'Was this helpful?
/
var client = new RestClient("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods");
var request = new RestRequest(Method.POST);
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
request.AddParameter("undefined", "{ \"type\": \"phone\", \"name\": \"SMS\", \"phone_number\": \"+00000000000\" }", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods"
payload := strings.NewReader("{ \"type\": \"phone\", \"name\": \"SMS\", \"phone_number\": \"+00000000000\" }")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.post("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")
.header("authorization", "Bearer {yourMgmtApiAccessToken}")
.body("{ \"type\": \"phone\", \"name\": \"SMS\", \"phone_number\": \"+00000000000\" }")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods',
headers: {authorization: 'Bearer {yourMgmtApiAccessToken}'},
data: {type: 'phone', name: 'SMS', phone_number: '+00000000000'}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"authorization": @"Bearer {yourMgmtApiAccessToken}" };
NSDictionary *parameters = @{ @"type": @"phone",
@"name": @"SMS",
@"phone_number": @"+00000000000" };
NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{ \"type\": \"phone\", \"name\": \"SMS\", \"phone_number\": \"+00000000000\" }",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {yourMgmtApiAccessToken}"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
payload = "{ \"type\": \"phone\", \"name\": \"SMS\", \"phone_number\": \"+00000000000\" }"
headers = { 'authorization': "Bearer {yourMgmtApiAccessToken}" }
conn.request("POST", "%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
request.body = "{ \"type\": \"phone\", \"name\": \"SMS\", \"phone_number\": \"+00000000000\" }"
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = ["authorization": "Bearer {yourMgmtApiAccessToken}"]
let parameters = [
"type": "phone",
"name": "SMS",
"phone_number": "+00000000000"
] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Responses
For each valid request, the Management API will return a response in the JSON format.
{
"type": "phone",
"name": "SMS",
"created_at": "2023-01-01T00:00:00.000Z",
"phone_number": "user@example.com",
"id": "phone|dev_XXXXXXXXXXXXXXXX"
}Was this helpful?
/
Send users an OTP over email which the user is then prompted to enter before they can finish authenticating. The email factor is only supported when a user has no other factors available.
Examples
The following request creates an email authentication method for a user.
curl --request POST \
--url https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods \
--header 'authorization: Bearer {yourMgmtApiAccessToken}' \
--data '{ "type": "email", "name": "Email Factor", "email": "user@example.com" }'Was this helpful?
/
var client = new RestClient("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods");
var request = new RestRequest(Method.POST);
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
request.AddParameter("undefined", "{ \"type\": \"email\", \"name\": \"Email Factor\", \"email\": \"user@example.com\" }", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods"
payload := strings.NewReader("{ \"type\": \"email\", \"name\": \"Email Factor\", \"email\": \"user@example.com\" }")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.post("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")
.header("authorization", "Bearer {yourMgmtApiAccessToken}")
.body("{ \"type\": \"email\", \"name\": \"Email Factor\", \"email\": \"user@example.com\" }")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods',
headers: {authorization: 'Bearer {yourMgmtApiAccessToken}'},
data: {type: 'email', name: 'Email Factor', email: 'user@example.com'}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"authorization": @"Bearer {yourMgmtApiAccessToken}" };
NSDictionary *parameters = @{ @"type": @"email",
@"name": @"Email Factor",
@"email": @"user@example.com" };
NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{ \"type\": \"email\", \"name\": \"Email Factor\", \"email\": \"user@example.com\" }",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {yourMgmtApiAccessToken}"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
payload = "{ \"type\": \"email\", \"name\": \"Email Factor\", \"email\": \"user@example.com\" }"
headers = { 'authorization': "Bearer {yourMgmtApiAccessToken}" }
conn.request("POST", "%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
request.body = "{ \"type\": \"email\", \"name\": \"Email Factor\", \"email\": \"user@example.com\" }"
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = ["authorization": "Bearer {yourMgmtApiAccessToken}"]
let parameters = [
"type": "email",
"name": "Email Factor",
"email": "user@example.com"
] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Responses
For each valid request, the Management API will return a response in the JSON format.
{
"type": "email",
"name": "Email Factor",
"created_at": "2023-01-01T00:00:00.000Z",
"email": "user@example.com",
"id": "email|dev_XXXXXXXXXXXXXXXX"
}Was this helpful?
/
One-time passwords (OTP)
Enable users to use an authenticator application, such as Google Authenticator, on their personal device to generate an OTP that changes periodically, which the user is prompted to enter before they finish authenticating.
Examples
The following request creates an OTP authentication method for a user.
curl --request POST \
--url https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods \
--header 'authorization: Bearer {yourMgmtApiAccessToken}' \
--data '{ "type": "totp", "name": "OTP Application", "totp_secret": "{yourSecret}" }'Was this helpful?
/
var client = new RestClient("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods");
var request = new RestRequest(Method.POST);
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
request.AddParameter("undefined", "{ \"type\": \"totp\", \"name\": \"OTP Application\", \"totp_secret\": \"{yourSecret}\" }", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods"
payload := strings.NewReader("{ \"type\": \"totp\", \"name\": \"OTP Application\", \"totp_secret\": \"{yourSecret}\" }")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.post("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")
.header("authorization", "Bearer {yourMgmtApiAccessToken}")
.body("{ \"type\": \"totp\", \"name\": \"OTP Application\", \"totp_secret\": \"{yourSecret}\" }")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods',
headers: {authorization: 'Bearer {yourMgmtApiAccessToken}'},
data: {type: 'totp', name: 'OTP Application', totp_secret: '{yourSecret}'}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"authorization": @"Bearer {yourMgmtApiAccessToken}" };
NSDictionary *parameters = @{ @"type": @"totp",
@"name": @"OTP Application",
@"totp_secret": @"{yourSecret}" };
NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{ \"type\": \"totp\", \"name\": \"OTP Application\", \"totp_secret\": \"{yourSecret}\" }",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {yourMgmtApiAccessToken}"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
payload = "{ \"type\": \"totp\", \"name\": \"OTP Application\", \"totp_secret\": \"{yourSecret}\" }"
headers = { 'authorization': "Bearer {yourMgmtApiAccessToken}" }
conn.request("POST", "%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
request.body = "{ \"type\": \"totp\", \"name\": \"OTP Application\", \"totp_secret\": \"{yourSecret}\" }"
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = ["authorization": "Bearer {yourMgmtApiAccessToken}"]
let parameters = [
"type": "totp",
"name": "OTP Application",
"totp_secret": "{yourSecret}"
] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Responses
For each valid request, the Management API will return a response in the JSON format.
{
"type": "totp",
"name": "OTP Application",
"created_at": "2023-01-01T00:00:00.000Z",
"email": "user@example.com",
"id": "totp|dev_XXXXXXXXXXXXXXXX"
}Was this helpful?
/
WebAuthn with security keys
Enable users to use FIDO-compliant security keys (for example, Yubikey or Google Titan) to perform multi-factor authentication.
Examples
The following request creates a WebAuthn with security keys authentication method for a user.
curl --request POST \
--url https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods \
--header 'authorization: Bearer {yourMgmtApiAccessToken}' \
--data '{ "type": "webauthn_roaming", "name": "WebAuthn with security keys", "public_key": "{yourPublicKey}", "key_id": "{yourKeyId}", "relying_party_identifier": "{yourDomain}" }'Was this helpful?
/
var client = new RestClient("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods");
var request = new RestRequest(Method.POST);
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
request.AddParameter("undefined", "{ \"type\": \"webauthn_roaming\", \"name\": \"WebAuthn with security keys\", \"public_key\": \"{yourPublicKey}\", \"key_id\": \"{yourKeyId}\", \"relying_party_identifier\": \"{yourDomain}\" }", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods"
payload := strings.NewReader("{ \"type\": \"webauthn_roaming\", \"name\": \"WebAuthn with security keys\", \"public_key\": \"{yourPublicKey}\", \"key_id\": \"{yourKeyId}\", \"relying_party_identifier\": \"{yourDomain}\" }")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.post("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")
.header("authorization", "Bearer {yourMgmtApiAccessToken}")
.body("{ \"type\": \"webauthn_roaming\", \"name\": \"WebAuthn with security keys\", \"public_key\": \"{yourPublicKey}\", \"key_id\": \"{yourKeyId}\", \"relying_party_identifier\": \"{yourDomain}\" }")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods',
headers: {authorization: 'Bearer {yourMgmtApiAccessToken}'},
data: {
type: 'webauthn_roaming',
name: 'WebAuthn with security keys',
public_key: '{yourPublicKey}',
key_id: '{yourKeyId}',
relying_party_identifier: '{yourDomain}'
}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"authorization": @"Bearer {yourMgmtApiAccessToken}" };
NSDictionary *parameters = @{ @"type": @"webauthn_roaming",
@"name": @"WebAuthn with security keys",
@"public_key": @"{yourPublicKey}",
@"key_id": @"{yourKeyId}",
@"relying_party_identifier": @"{yourDomain}" };
NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{ \"type\": \"webauthn_roaming\", \"name\": \"WebAuthn with security keys\", \"public_key\": \"{yourPublicKey}\", \"key_id\": \"{yourKeyId}\", \"relying_party_identifier\": \"{yourDomain}\" }",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {yourMgmtApiAccessToken}"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
payload = "{ \"type\": \"webauthn_roaming\", \"name\": \"WebAuthn with security keys\", \"public_key\": \"{yourPublicKey}\", \"key_id\": \"{yourKeyId}\", \"relying_party_identifier\": \"{yourDomain}\" }"
headers = { 'authorization': "Bearer {yourMgmtApiAccessToken}" }
conn.request("POST", "%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
request.body = "{ \"type\": \"webauthn_roaming\", \"name\": \"WebAuthn with security keys\", \"public_key\": \"{yourPublicKey}\", \"key_id\": \"{yourKeyId}\", \"relying_party_identifier\": \"{yourDomain}\" }"
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = ["authorization": "Bearer {yourMgmtApiAccessToken}"]
let parameters = [
"type": "webauthn_roaming",
"name": "WebAuthn with security keys",
"public_key": "{yourPublicKey}",
"key_id": "{yourKeyId}",
"relying_party_identifier": "{yourDomain}"
] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Responses
For each valid request, the Management API will return a response in the JSON format.
{
"type": "webauthn-roaming",
"name": "WebAuthn with security keys",
"relyingPartyIdentifier": "example-tenant.auth0.com",
"keyId": "X9FrwMfmzj...",
"publicKey": "bXktcHVibGljLWtle...",
"created_at": "2023-03-09T17:33:47.545Z",
"id": "webauthn-roaming|dev_XXXXXXXXXXXXXXXX"
}Was this helpful?
/
Replace all authentication methods
Use the Updates all authentication methods by replacing them with the given ones endpoint to replace all existing authentication methods with those provided.
This endpoint requires the scope: update:authentication_methods.
Examples
The following request replaces all existing authentication methods for a user.
curl --request PUT \
--url https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods \
--header 'authorization: Bearer {yourMgmtApiAccessToken}' \
--data '[{ "type": "phone", "preferred_authentication_method": "sms", "phone_number": "+00000000000", "name": "SMS" }]'Was this helpful?
/
var client = new RestClient("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods");
var request = new RestRequest(Method.PUT);
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
request.AddParameter("undefined", "[{ \"type\": \"phone\", \"preferred_authentication_method\": \"sms\", \"phone_number\": \"+00000000000\", \"name\": \"SMS\" }]", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods"
payload := strings.NewReader("[{ \"type\": \"phone\", \"preferred_authentication_method\": \"sms\", \"phone_number\": \"+00000000000\", \"name\": \"SMS\" }]")
req, _ := http.NewRequest("PUT", url, payload)
req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.put("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")
.header("authorization", "Bearer {yourMgmtApiAccessToken}")
.body("[{ \"type\": \"phone\", \"preferred_authentication_method\": \"sms\", \"phone_number\": \"+00000000000\", \"name\": \"SMS\" }]")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'PUT',
url: 'https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods',
headers: {authorization: 'Bearer {yourMgmtApiAccessToken}'},
data: [
{
type: 'phone',
preferred_authentication_method: 'sms',
phone_number: '+00000000000',
name: 'SMS'
}
]
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"authorization": @"Bearer {yourMgmtApiAccessToken}" };
NSDictionary *parameters = @[ @{ @"type": @"phone", @"preferred_authentication_method": @"sms", @"phone_number": @"+00000000000", @"name": @"SMS" } ];
NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"PUT"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PUT",
CURLOPT_POSTFIELDS => "[{ \"type\": \"phone\", \"preferred_authentication_method\": \"sms\", \"phone_number\": \"+00000000000\", \"name\": \"SMS\" }]",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {yourMgmtApiAccessToken}"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
payload = "[{ \"type\": \"phone\", \"preferred_authentication_method\": \"sms\", \"phone_number\": \"+00000000000\", \"name\": \"SMS\" }]"
headers = { 'authorization': "Bearer {yourMgmtApiAccessToken}" }
conn.request("PUT", "%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Put.new(url)
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
request.body = "[{ \"type\": \"phone\", \"preferred_authentication_method\": \"sms\", \"phone_number\": \"+00000000000\", \"name\": \"SMS\" }]"
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = ["authorization": "Bearer {yourMgmtApiAccessToken}"]
let parameters = [
[
"type": "phone",
"preferred_authentication_method": "sms",
"phone_number": "+00000000000",
"name": "SMS"
]
] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "PUT"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Responses
For each valid request, the Management API will return a response in the JSON format.
[
{
"id": "phone|dev_XXXXXXXXXXXXXXXX",
"type": "phone",
"name": "SMS",
"phone_number": "+00000000000",
"created_at": "2023-03-09T17:53:23.647Z",
"preferred_authentication_method": "sms",
"authentication_methods": [
{
"id": "sms|dev_XXXXXXXXXXXXXXXX",
"type": "sms"
}
]
}
]Was this helpful?
/
Update a single authentication method
Use the Updates an authentication method endpoint to update a single authentication method for a user.
This endpoint requires the scope: update:authentication_methods.
Examples
The following request updates a single authentication method for a user based on the specific authentication method's ID.
curl --request PATCH \
--url https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D \
--header 'authorization: Bearer {yourMgmtApiAccessToken}' \
--data '{ "name": "Mobile SMS" }'Was this helpful?
/
var client = new RestClient("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D");
var request = new RestRequest(Method.PATCH);
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
request.AddParameter("undefined", "{ \"name\": \"Mobile SMS\" }", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D"
payload := strings.NewReader("{ \"name\": \"Mobile SMS\" }")
req, _ := http.NewRequest("PATCH", url, payload)
req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.patch("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D")
.header("authorization", "Bearer {yourMgmtApiAccessToken}")
.body("{ \"name\": \"Mobile SMS\" }")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'PATCH',
url: 'https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D',
headers: {authorization: 'Bearer {yourMgmtApiAccessToken}'},
data: {name: 'Mobile SMS'}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"authorization": @"Bearer {yourMgmtApiAccessToken}" };
NSDictionary *parameters = @{ @"name": @"Mobile SMS" };
NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"PATCH"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PATCH",
CURLOPT_POSTFIELDS => "{ \"name\": \"Mobile SMS\" }",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {yourMgmtApiAccessToken}"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
payload = "{ \"name\": \"Mobile SMS\" }"
headers = { 'authorization': "Bearer {yourMgmtApiAccessToken}" }
conn.request("PATCH", "%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Patch.new(url)
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
request.body = "{ \"name\": \"Mobile SMS\" }"
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = ["authorization": "Bearer {yourMgmtApiAccessToken}"]
let parameters = ["name": "Mobile SMS"] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "PATCH"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Responses
For each valid request, the Management API will return a response in the JSON format.
{
"type": "phone",
"name": "Mobile SMS",
"created_at": "2023-01-12T00:03:52.855Z",
"last_auth_at": "2023-01-12T00:04:05.157Z",
"phone_number": "+00000000000",
"preferred_authentication_method": "sms",
"id": "phone|dev_XXXXXXXXXXXXXXXX",
"authentication_methods": [
{
"id": "phone|dev_XXXXXXXXXXXXXXXX",
"type": "phone"
}
]
}Was this helpful?
/
Delete all authentication methods
Use the Deletes all authentication methods for the given user endpoint to delete all authentication methods for a user.
This endpoint requires the scope: delete:authentication_methods.
Examples
The following request deletes all authentication methods for a user.
curl --request DELETE \
--url https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods \
--header 'authorization: Bearer {yourMgmtApiAccessToken}'Was this helpful?
/
var client = new RestClient("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods");
var request = new RestRequest(Method.DELETE);
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods"
req, _ := http.NewRequest("DELETE", url, nil)
req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.delete("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")
.header("authorization", "Bearer {yourMgmtApiAccessToken}")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'DELETE',
url: 'https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods',
headers: {authorization: 'Bearer {yourMgmtApiAccessToken}'}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"authorization": @"Bearer {yourMgmtApiAccessToken}" };
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"DELETE"];
[request setAllHTTPHeaderFields:headers];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "DELETE",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {yourMgmtApiAccessToken}"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
headers = { 'authorization': "Bearer {yourMgmtApiAccessToken}" }
conn.request("DELETE", "%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Delete.new(url)
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = ["authorization": "Bearer {yourMgmtApiAccessToken}"]
let request = NSMutableURLRequest(url: NSURL(string: "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "DELETE"
request.allHTTPHeaderFields = headers
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Responses
For each valid request, the Management API will return a response with a 204 status code and empty body.
Delete a single authentication method
Use the Deletes an authentication method by ID endpoint to delete a single authentication method for a user.
Examples
The following request deletes a single authentication method for a user based on the specified authentication method's ID.
curl --request DELETE \
--url https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D \
--header 'authorization: Bearer {yourMgmtApiAccessToken}'Was this helpful?
/
var client = new RestClient("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D");
var request = new RestRequest(Method.DELETE);
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D"
req, _ := http.NewRequest("DELETE", url, nil)
req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.delete("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D")
.header("authorization", "Bearer {yourMgmtApiAccessToken}")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'DELETE',
url: 'https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D',
headers: {authorization: 'Bearer {yourMgmtApiAccessToken}'}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"authorization": @"Bearer {yourMgmtApiAccessToken}" };
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"DELETE"];
[request setAllHTTPHeaderFields:headers];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "DELETE",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {yourMgmtApiAccessToken}"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
headers = { 'authorization': "Bearer {yourMgmtApiAccessToken}" }
conn.request("DELETE", "%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Delete.new(url)
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = ["authorization": "Bearer {yourMgmtApiAccessToken}"]
let request = NSMutableURLRequest(url: NSURL(string: "https://%7ByourDomain%7D/api/v2/users/%7BuserId%7D/authentication-methods/%7BauthenticationMethodId%7D")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "DELETE"
request.allHTTPHeaderFields = headers
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Responses
For each valid request, the Management API will return a response with a 204 status code and empty body.