> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Push API - Overview

The [Client API](/api-reference/client-api) can be used to initiate and verify a push challenge.
This typically involves sending a push notification to a user's mobile app - though the model assumes push notification delivery is not guaranteed or required.
The user is presented with a dialog to approve or reject the request and, if approval is given, they are authenticated on the app which initiated the challenge (e.g. a website).

## Authentication

The Client API push endpoints are authenticated via [Bearer token auth](/api-reference/client-api/overview#authentication).
A token can be obtained by [tracking an action](/api-reference/client-api/overview#1-track-an-action).

## Endpoints

* [Start Push Challenge](/api-reference/client-api/start-push-challenge)
* [Verify Push Challenge](/api-reference/client-api/verify-push-challenge)

## Sequence diagram

The sequence starts with a Server API request to [track an action](/api-reference/server-api/track-action) (1) and ends with a Server API request to [validate the challenge](/api-reference/server-api/validate-challenge) (12).

The Client API push endpoints can be called to [initiate the challenge](/api-reference/client-api/start-push-challenge) (3) by sending a push notification and then to [poll for the result](/api-reference/client-api/verify-push-challenge) (6).

```mermaid theme={null}
sequenceDiagram
    autonumber
    participant M as User mobile device
    participant W as Your webhook
    participant AC as Authsignal Client API
    participant F as Your web frontend
    participant B as Your web backend
    participant A as Authsignal Server API
    B->>A: Track Action
    A->>F: token
    F->>AC: Start Push Challenge
    AC->>W: challengeId
    W->>M: Send push notification
    F-->>AC: Verify Push Challenge<br/>(Start polling)
    rect rgb(191, 223, 255)
    note right of M: Using Authsignal SDK
    M->>AC: Get Challenge
    AC->>M: challengeId
    Note over M: Present approve/reject prompt
    M->>AC: Update Challenge
    end
    AC-->>F: (Verify Push Challenge response)<br/>isConsumed<br/>isVerified<br/>accessToken
    F->>B: accessToken
    B->>A: Validate Challenge
    A->>B: Challenge result
    Note over B: Proceed with login or <br/>authenticated transaction
```

This sequence assumes you are using the [iOS SDK](/sdks/client/mobile/setup) and [Android SDK](/sdks/client/mobile/setup) (or our cross-platform SDKs for [React Native](/sdks/client/mobile/setup) or [Flutter](/sdks/client/mobile/setup)).
These SDKs also call the Client API under the hood but they use an authentication model based on digital signature verification with a private/public key pair.
