...
- User key management (TO BE DISCUSSED)
- get OTT passing required operation: change/remove email/phoneNumber – "api/v1/token/userKeys" + requestBody: {"operation": ..., "userKeyType": ...} + responseBody: {"destination": ..., "expiration": UUID}
- get OTT for new user key – "api/v1/token/newKey" + requestBody: {"destination": ..., "ott": ...} + responseBody: {"destination": ..., "expiration": UUID}
- add OTT for new user key – "api/v1/token/newKey/adding" + requestBody: {"destination": ...}
- Anti-phising phishing code | switchable, depends on anti-phishing
- "api/v1/token/antiPhishing/changing"
- "api/v1/token/antiPhishing/changing"
- Disable MFA | switchable, depends on MFA
- get email/phone number OTT – "api/v1/token/mfa/disabling" + requestBody: {"destination": ...} + reject if destination MFA is disabled
...