The multi-factor authentication flow uses a one-time passcode (OTP) sent to the user’s device to continue the flow. The user receives the OTP on a specified device and submits it as a step in the authentication process.

The following sample shows the POST /{{envID}}/deviceAuthentications/{{deviceAuthID}} operation to validate the OTP. This operation uses the application/vnd.pingidentity.otp.check+json custom media type as the content type in the request header, and the request body specifies the OTP value sent to the user’s device.