Overview
When using the Multi-Factor Authentication (MFA) API, it is possible to delete authenticators but not the recovery code. This article explains how to remove the recovery code as well via an API call.
Applies To
- Multi-Factor Authentication (MFA) API
- Managing authenticators
Solution
Using the MFA API, removing the recovery code is not possible, as this is treated as a full MFA reset.
Removing the Recovery Codes requires using the Delete all authentication methods and Delete All Authenticators Management API endpoints. This would need to be a backend-triggered process and cannot be done in a frontend directly as it will require obtaining a Management API access token.