In the documentation, https://docs.kinde.com/kinde-apis/management/#tag/users/get/api/v1/users/{user_id}/mfa, it indicates the scope is get:user_mfa. However, when using the admin site, it appears to be read:user_mfa. I have attached screen shots to illustrate. The black background image is the documentation. The white background image is the admin website.

I am trying to figure out how to use the next_token. Right now, it is always provided regardless if the max page size has been reached. It would be ideal to only return if there is more data, but that doesn't seem to be the case.

So, I looking to leverage next_token if the max page size is reached. However, it isn't clear how the next_token is provided with subsequent API calls. Is it part of the body using content_type application/x-www-form-urlencoded?

Is there a way, within the /admin area, to delegate user management within a given environment, but not allow them to administer the rest of the "tenant"? For enterprise-based scaling, this is critical.