Authentication for user set up for MFA successful through API call without receiving one time verification code on email

I’ve configured an Okta app integration for MFA and am able to implement MFA using Okta widget, to receive one time verification code on email,

However, when authenticating using Okta REST API instead of using Okta widget, the user is authenticated without prompting for one time verification code.

Can anyone help with what am I missing here?

Below is the snippet for response for API call - https://{{url}}/api/v1/authn through Postman, showing response returned with status as “SUCCESS” -



Is everything else the same? Are you making your call from the same machine? There can be multiple factors here which trigger authentication policies at Okta.

I suggest you to check Okta syslog through UI to inspect those 2 events and see what’s difference and if authentication policy is the same