You can enroll authenticator of the authenticated account using this endpoint. This action needs verification. The request should be repeated with X-Challenge header filled with the verification code sent right after the first request.