Enroll SMS guardian device through API

We are implementing MFA via SMS but would like to have everything happen on our application instead of using the Auth0 guardian widget.

I noticed there are sufficient public APIs for sending the MFA challenge and verifying the code, but I cannot find any API for enrolling a device on the initial setup. I looked at the network calls from the widget and saw that there is a call to this endpoint (https://{{tenant}}.guardian.auth0.com/api/device-accounts/split-up-authenticator/sms-enroll).

However, this requires an Authorization header with a token which has scopes that I can’t seem to generate. I am wondering if there is any way to enroll a device via APIs or through auth0-guardian.js.

Another option I have thought of is placing the widget page in a small iframe and then matching the domain. this would possibly allow us to send javascript to it and fill out and complete the form. It seems very hacky, and an API would be preferable.

Thanks for any help

You can Create a Guardian enrollment ticket using the POST /api/v2/guardian/enrollments/ticket endpoint of the management API. The payload would be:

{
  "user_id": "{USER_ID}",
  "email": "{OPTIONAL_ALTERNATE_EMAIL}",
  "send_mail": true
}
  • user_id: user_id for the enrollment
    ticket
  • email: alternate email to which the
    enrollment email will be sent.
    Optional - by default, the email will
    be sent to the user’s default address
  • send_mail: Send an email to the user
    to start the enrollment

You can also read more about this custom enrollments here: Create Custom Enrollment Tickets

Hey @ricardo.batista,
Thanks for the response and for all the information. However, it’s still not clear how I would actually submit the phone number via an API, or if that’s even possible. I understand that this endpoint provides a ticket and a URL pointing back to the widget, but is it possible to enroll a device without going through the widget?

The ticket doesn’t work on the endpoint used internally by the widget, i am missing a {{requestToken}} which is sent in an authorization header. I’m not sure how to create this or if it’s only used internally by Auth0.

Thanks

1 Like

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?