The Client API can be used to initiate and verify a push challenge. This typically involves sending a push notification to a user’s mobile app - though the model assumes push notification delivery is not guaranteed or required. The user is presented with a dialog to approve or reject the request and, if approval is given, they are authenticated on the app which initiated the challenge (e.g. a website).

Authentication

The Client API push endpoints are authenticated via Bearer token auth. A token can be obtained by tracking an action.

Endpoints

Sequence diagram

The sequence starts with a Server API request to track an action (1) and ends with a Server API request to validate the challenge (12).

The Client API push endpoints can be called to initiate the challenge (3) by sending a push notification and then to poll for the result (6).

This sequence assumes you are using the iOS SDK and Android SDK (or our cross-platform SDKs for React Native or Flutter). These SDKs also call the Client API under the hood but they use an authentication model based on digital signature verification with a private/public key pair.