We’d like to require a user to enter an OTP before allowing them to remove their OTP MFA. I can’t seem to find an API that lets me do this. This is for a regular web application in php.
Welcome to the Auth0 Community!
We would usually recommend Add Step-up Authentication for this type of transaction. This allows you to prompt the user for MFA during a certain restricted action.
Let me know if that doesn’t work for you and we can dig in on your initial request.