Okta multi factor verify call returns null response

I get null response {} when I try to verify the google authenticator passcode.

I don’t get a 403 Forbidden so seems like verification happens correctly at OKTA backend. But I don’t get the expected response such as this:

  "expiresAt": "2015-11-03T10:15:57.000Z",
  "status": "SUCCESS",
  "relayState": "/myapp/some/deep/link/i/want/to/return/to",
  "sessionToken": "00t6IUQiVbWpMLgtmwSjMFzqykb5QcaBNtveiWlGeM",
  "_embedded": {
    "user": {
      "id": "00ub0oNGTSWTBKOLGLNR",
      "passwordChanged": "2015-09-08T20:14:45.000Z",
      "profile": {
        "login": "dade.murphy@example.com",
        "firstName": "Dade",
        "lastName": "Murphy",
        "locale": "en_US",
        "timeZone": "America/Los_Angeles"

Instead I just get:


I am making the api call like this:

    await fetch(`https://dev-852787.oktapreview.com/api/v1/authn/factors/${data.factorId}/verify`, {
      method: 'POST',
      headers: {
        Accept: 'application/json',
        'Content-Type': 'application/json',
      body: JSON.stringify({
        stateToken: data.stateToken,
        passCode: data.passCode,

where data contains stateToken and passCode.
Any help is appreciated! Thanks.