We are planning to use custom signups and new universal login using Android and iOS app. And we want to enforce SMS based MFA at the time of user signup even though we allow users to change to OTP later on.
We could not find any way to achieve it. We are thinking to create a MFA enrollment ticket and then use following APIs to enforce SMS based MFA at signup.
.guardian.us.auth0.com/api/start-flow
.guardian.us.auth0.com/api/device-accounts/split-up-authenticator/sms-enroll
.guardian.us.auth0.com/api/start-flow
.guardian.us.auth0.com/api/verify-otp
Is it safe to use these APIs? Because these are not explicitly documented, so i think auth0
can change these APIs anytime without taking care of backward compatibility. or are they safe to be used?