Can we use "/api/v2/users/{userId}/authenticators" (GET/POST) calls since it is not publicly doumented

Hi there!
There is use case in our requirement where we need to get the list of authenticators from Auth0 with MFA token and add sms mfa to user profile. I got to know we have management api calls to achieve these. But those are not public documented.

I was trying to get the list of authenticators using management api. I found out get api endpoint from another community post.(When will /api/v2/users/{userId}/authenticators be documented?)).

/api/v2/users/{userId}/authenticators returns exactly same information with guardian_authenticators field available in Auth0 user profile.

As the same way I’m able to add sms mfa factor using POST call to the same endpoint.

Method type: POST
Url: https://{{AUTH0_DOMAIN}}/api/v2/users/{{user_id}}/authenticators
body data:
“phone_number”: “+19999999999”

Response code: 201 created
And in Auth0 tenant > users> search for specific updated user id, I’m able to see the factor enroll as SMS_OTP MFA without user interaction.

This is required since we dont want user to go through SMS enrollment once again as his mobile number is already fetched from another secured data store.

Please let me know if we can use the above 2 endpoints (GET/POST) in our projects since it is not public documented and is there any possibility that these endpoints will deprecated or no support from Auth0.

Thank you.

Hi Team,
Could you please help me here?