Set "Email Verification Experience" callback URI via API/Terraform (OIE)?

I’m trying to provision OIDC SPA apps as IaC on Terraform for a passwordless
email magic-link enrollment flow. Each environment creates a fresh app, so I need to set
the app’s “Email Verification Experience” (EVE) callback URI either trough the okta terraform provider resources or direct API calls (not ideal , but would suffice).

What I’ve found so far:

  • The Terraform provider (okta/okta) has no field for it on okta_app_oauth, and an older
    forum answer says the magic-link callback isn’t settable via Terraform (Email magic link Terraform question).
  • It does not appear on the public Apps API either. GET /api/v1/apps/{appId} returns no
    EVE-related field, and diffing the same app with EVE set vs unset shows no difference in
    the returned settings.
  • The Admin Console sets it via an internal endpoint:
    POST /api/v1/internal/apps/{appId}/settings/oidc
    with the field email_magic_link_redirect_uri in the payload.
  • Calling that internal endpoint with an SSWS API token returns 401/403 (it appears to
    require an Admin Console session, not an API token). Expected, but had to try.

Questions:

  1. Is there any supported public API (Apps API or other) to set the EVE callback
    (email_magic_link_redirect_uri) on an OIDC app?
  2. If not, is there a supported alternative or an EA feature that exposes it?
  3. Is the Admin Console currently the only supported way to configure it?

Trying to confirm whether this is genuinely not doable today before raising a feature
request.

Thanks in advance