The POST /{{envID}}/authenticationCodes operation creates an authentication code for use in an MFA device authentication flow. The request body requires an application.id property value to associate an application with the MFA flow. The request also supports optional clientContext, lifeTime, and userApproval properties to provide relevant information to the mobile application. For example, the following message can be provided through the clientContext property:

"clientContext": {
        "header" : "Authentication process",
        "body": "Do you want to approve this transaction?"    
    }

The response returns the code and several other properties, including a status property to specify the status of the code. When the resouce is first created, the code’s status is UNCLAIMED.