POSTuser creation is the registered fingerprint associated with the user.
phone_numbers. You can let the user select the phone number from that list and then make the API call again by specifying the
phone_numberyou want the 2FA to be sent. This will trigger the 2FA protocol and a PIN will be sent to the selected phone number. The user will be able to verify the device via this API call itself. You can supply
validation_pinunder the user object and the verification will be triggered.
client_secret. That way the value is still somewhat secret and you won't need to store a different fingerprint for each user.