Phone

The MyAccount Phone API provides operations to enroll, update, and delete phone numbers. The API also provides utilities to create, view, and answer verification challenges.

API versioning

A valid API version in the Accept header is required to access the API. Current version: 1.0.0

Accept: application/json; okta-version=1.0.0

List all phones
OAuth 2.0: okta.myAccount.phone.read

Lists the current user's phone information for all phones. Includes a collection of links for each phone describing the acceptable operations.

Responses
200

Example response

401

Unauthorized

get/idp/myaccount/phones
Request samples 
Response samples 
application/json;okta-version=1.0.0
[]
Create a phone
OAuth 2.0: okta.myAccount.phone.manage
Creates an UNVERIFIED status phone for either the SMS or CALL method to the user's MyAccount setting


Request 
Request Body schema: application/json
required
object
Defines the phone number on the profile


 
phoneNumber
string
The newly added phone number


 
sendCode
boolean
 Default:  true
Whether to send a challenge to the newly added phone


 
method
string
The method of the challenge sent to the newly added phone. Applicable when sendCode is true.


 Enum: "SMS" "CALL"  
Responses 
201
Example response


400
Bad Request


401
Unauthorized


403
Forbidden


409
Conflict


500
Internal Server Error


post/idp/myaccount/phones
Request samples 
application/json
{
  • "profile": {
    • "phoneNumber": "+1(444)444-4444"
    },
  • "sendCode": true,
  • "method": "SMS"
}
Response samples 
application/json;okta-version=1.0.0
{}
Retrieve a phone
OAuth 2.0: okta.myAccount.phone.read
Retrieves the current user's phone information by ID. Along with a collection of links describing the operations that can be performed to the phone.


Request 
path Parameters
id
required
string
The ID of the phone. Obtain the ID of the phone through GET /idp/myaccount/phones or POST /idp/myaccount/phones when adding a new phone.


 
 Example:  sms10ltpSdwXJCem80g4
Responses 
200
Example response


401
Unauthorized


404
Not Found


get/idp/myaccount/phones/{id}
Request samples 
Response samples 
application/json;okta-version=1.0.0
{}
Delete a phone
OAuth 2.0: okta.myAccount.phone.manage
Deletes the current user's phone information by ID


Request 
path Parameters
id
required
string
The ID of the phone. Obtain the ID of the phone through GET /idp/myaccount/phones or POST /idp/myaccount/phones when adding a new phone.


 
 Example:  sms10ltpSdwXJCem80g4
Responses 
204
No Content


401
Unauthorized


403
Forbidden


404
Not Found


delete/idp/myaccount/phones/{id}
Request samples 
Response samples 
application/json;okta-version=1.0.0
{
  • "errorCode": "E0000015",
  • "errorSummary": "You do not have permission to access the feature you are requesting",
  • "errorLink": "E0000015",
  • "errorId": "oaeStOuPPxDRUm3PJhf-tL7bQ",
  • "errorCauses": [ ]
}
Send a phone challenge
OAuth 2.0: okta.myAccount.phone.manage
Sends a phone challenge using one of two methods: SMS or CALL. This request can also handle a resend challenge (retry).


Upon a successful challenge, the user receives a verification code by SMS or CALL. Send a POST request to the /idp/myaccount/phones/{id}/verify endpoint to use the verification code to verify the phone number. The verification code expires in five minutes.




Notes:


    

  • Sending requests to the /idp/myaccount/phones/{id}/challenge endpoint more often than once every 30 seconds, or at a rate that exceeds the rate limit rule configured by the admin, returns a 429 (Too Many Requests) error.
    • 





Request 
path Parameters
id
required
string
ID of the phone. Obtain the ID of the phone through GET /idp/myaccount/phones or POST /idp/myaccount/phones when adding a new phone.


 
 Example:  sms18vtfKgzqDhNqP0g4
Request Body schema: application/json
method
required
string
The method with which the challenge should be sent


 Enum: "SMS" "CALL"  
retry
boolean
 Default:  false
Indicates whether this is a normal challenge or retry


 
Responses 
200
Example response after challenging a phone


400
Bad Request


401
Unauthorized


403
Forbidden


404
Not Found


500
Internal Server Error


post/idp/myaccount/phones/{id}/challenge
Request samples 
application/json
{
  • "method": "SMS"
}
Response samples 
application/json;okta-version=1.0.0
{}
Verify a phone challenge
OAuth 2.0: okta.myAccount.phone.manage
Verifies the phone number with the verification code that the user receives through SMS or CALL. The phone number is active upon a successful verification.




Notes:


    

  • Sending requests to the /idp/myaccount/phones/{id}/verify endpoint at a rate that exceeds the rate limit rule configured by the admin returns a 429 (Too Many Requests) error.
    • 





Request 
path Parameters
id
required
string
The phone ID. Obtain the ID of the phone through GET /idp/myaccount/phones or POST /idp/myaccount/phones when adding a new phone.


 
 Example:  sms18vtfKgzqDhNqP0g4
Request Body schema: application/json
verificationCode
required
string <password> 
A six-digit verification code that the user receives through SMS or CALL


 
Responses 
204
No Content


400
Bad Request


401
Unauthorized


403
Forbidden


404
Not Found


409
Conflict


post/idp/myaccount/phones/{id}/verify
Request samples 
application/json
{
  • "verificationCode": "048284"
}
Response samples 
application/json;okta-version=1.0.0
{
  • "errorCode": "E0000001",
  • "errorSummary": "Api validation failed: Method",
  • "errorLink": "E0000001",
  • "errorId": "oaejUwz8U5FQ_SyggQwz1kC3w",
  • "errorCauses": [
    • {
      }
    ]
}