It is also possible to link additional authenticators, other mobile phones, to a user account. This may increase convenience for user as they are not tied to a single device for authentication.

It is possible to add up to 10 authenticators per user.

When implementing this flow, you need to make sure that the userId or username cannot be impersonated during the process to prevent the risk that malicious users may be able to register another authenticator for someone else.

Adding a Second Phone as an Authenticator

curl -XPOST \
  -H "Authorization: Bearer $ACCESS_KEY"\
  -H 'Content-Type: application/json;charset=utf-8' \
  -d '{ "username": "700-123456" }' \
${APIBASE}/users/enroll | python -m json.tool