Proof of possession
You can choose to require proof that the user possesses the credential by passing up to two security codes in the
addCredentialRequest
request. Obtain these security codes from the user directly. For SMS, Voice, and System-generated credentials, the response to the for details on how to set a temporary security code.
Register
request includes a security code that you can use for proof of possession. You can also send security codes directly to a user through an SMS text message or a voice call. For additional information, refer to VIP
User Services Developer’s Guide