> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Start QR Code Challenge

> Start an anonymous QR code challenge to be completed by a user's mobile device. This is called an anonymous challenge because it is not associated with a user.



## OpenAPI

````yaml client-api POST /challenge/qr-code
openapi: 3.0.0
info:
  description: Authsignal's Client API.
  version: 1.0.0
  title: Client API
  termsOfService: https://www.authsignal.com/legal/terms-of-service
  contact:
    email: hello@authsignal.com
servers:
  - url: https://api.authsignal.com/v1/client
  - url: https://au.api.authsignal.com/v1/client
  - url: https://eu.api.authsignal.com/v1/client
  - url: https://ca.api.authsignal.com/v1/client
security:
  - bearerAuth: []
tags:
  - name: User authenticators
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: SMS
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: WhatsApp
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: Email Magic Link
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: Email OTP
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: Authenticator App
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: Passkeys
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
externalDocs:
  description: Find out more about Authsignal
  url: https://docs.authsignal.com
paths:
  /challenge/qr-code:
    post:
      tags:
        - QR Code
      summary: Start QR Code Challenge
      description: >-
        Start an anonymous QR code challenge to be completed by a user's mobile
        device. This is called an anonymous challenge because it is not
        associated with a user.
      operationId: startQrCodeChallenge
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                action:
                  type: string
                  description: >-
                    The action code used to identify the challenge in the
                    Authsignal Portal. Only relevant when initiating anonymous
                    QR code challenges, otherwise uses the values from the
                    tracked action.
                custom:
                  type: object
                  description: >-
                    A JSON object which can include any key/value pairs. Should
                    be provided when using rules based on custom data points
                    from your own app. Only relevant when initiating anonymous
                    QR code challenges, otherwise uses the values from the
                    tracked action.
              required:
                - action
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  challengeId:
                    type: string
                    description: >-
                      The ID of the challenge which has been initiated. Use this
                      ID to lookup whether the challenge has been approved or
                      rejected by the user on their mobile device (e.g. via
                      polling).
                  deviceCode:
                    type: string
                    description: >-
                      The device code used to check the challenge status. Only
                      returned when polling mode is used.
                  expiresAt:
                    type: string
                    format: date-time
                    description: The timestamp at which the challenge will expire.
                required:
                  - challengeId
                  - expiresAt
        '400':
          $ref: '#/components/responses/InvalidRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
        '409':
          $ref: '#/components/responses/Conflict'
components:
  responses:
    InvalidRequest:
      description: Invalid Request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorWithCode'
    NotFound:
      description: Not Found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Conflict:
      description: Conflict
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  schemas:
    Error:
      type: object
      properties:
        error:
          type: string
        errorDescription:
          type: string
      required:
        - error
    ErrorWithCode:
      type: object
      properties:
        error:
          type: string
        errorDescription:
          type: string
        errorCode:
          type: string
      required:
        - error
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        Use a short-lived token obtained from the Server API's Track Action
        endpoint. The token is valid for 10 minutes and should be passed in the
        Authorization header as 'Bearer {token}'.

````