It's common practice to give users a set of one-time codes for them to use should they lose access to their authenticator. These codes can only be requested by a server, as they require the instance's secret key.
Anubis automatically generates one-time codes, keeping four active at all times, and provides the user with an interface to use them as a part of the anubis.wait process.
You should advise your users to store these codes securely; they essentially circumvent the MFA process.
You can access a list of codes using a web request. As with challenge creation, this is expressed below as a cURL command, as it requires authentication:
curl https://anubis.zehuti.com/mfa/otp/relationship-key
--header "Authorization: Bearer secret-key"
--request GET This call returns a JSON object containing the four codes:
{"codes":["code","code","code","code"]} How you display these codes to your user is, of course, entirely up to you.