With outsourced password management, please refer to the Password Management Guide as part of your onboarding package that outlines specific password management requirements. Since your application is responsible for managing the lifecycle of login/logout/reset passwords and we are reliant upon your controls, at a minimum to meet SCA obligations, we are required to be notified on failed login attempts and successful password reset attempts to manage the second leg of the SCA session (i.e. SMS/TOTP/Passkey) on our side.
This is an important and mandatory requirement for outsourced password management, please ensure that your application backend is hitting this API endpoint on the aforementioned events.

