This is possible using the user API
https://fusionauth.io/docs/v1/tech/apis/users
First GET the current user, identify the two-factor method you want to disable. Below you can see where the twoFactor method has one called "authenticator"
Example:
{
"user": {
...
"twoFactor": {
"methods": [
{
"authenticator": {
"algorithm": "HmacSHA1",
"codeLength": 6,
"timeStep": 30
},
"id": "35VW",
"method": "authenticator"
},
...
Remove the object for "authenticator" and then then make a PUT call against the same User object to update.
https://fusionauth.io/docs/v1/tech/apis/users#update-a-user
Please note:
This will allow you to administratively remove a 2FA method from a specific user, and it will leave the recovery codes intact if there is at least one remaining 2FA method configured for the user. If you only have one configured method, and you remove it, the recovery codes will be cleared, and then re-generated next time you enable 2FA on the user.