Proof of possession

You can choose to require proof that the user possesses the credential by passing up to two security codes in the
addCredentialRequest
request. Obtain these security codes from the user directly.
For SMS, Voice, and System-generated credentials, the response to the
Register
request includes a security code that you can use for proof of possession. You can also send security codes directly to a user through an SMS text message or a voice call. For additional information, refer to
VIP
User Services Developer’s Guide
for details on how to set a temporary security code.