To allow users to use the "hosted cards" feature within your product, they need to have a factor of authentication setup with Striga. The first page of the "hosted card" page is a 2FA screen as follows.
The user sets up 2FA within your application that you control, using the endpoints on the following pages.
Managing 2FA Credentials
Please ensure that your application is not storing any 2FA secrets and or recovery codes. This is entirely the users' responsibility and can lead to potentially vulnerable situations.