> ## Documentation Index > Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt > Use this file to discover all available pages before exploring further. # Start WhatsApp Challenge > Start a challenge by sending a WhatsApp message containing an OTP code. ## OpenAPI ````yaml client-api POST /challenge/whatsapp openapi: 3.0.0 info: description: Authsignal's Client API. version: 1.0.0 title: Client API termsOfService: https://www.authsignal.com/legal/terms-of-service contact: email: hello@authsignal.com servers: - url: https://api.authsignal.com/v1/client - url: https://au.api.authsignal.com/v1/client - url: https://eu.api.authsignal.com/v1/client - url: https://ca.api.authsignal.com/v1/client security: - bearerAuth: [] tags: - name: User authenticators description: '' externalDocs: description: Find out more url: https://docs.authsignal.com - name: SMS description: '' externalDocs: description: Find out more url: https://docs.authsignal.com - name: WhatsApp description: '' externalDocs: description: Find out more url: https://docs.authsignal.com - name: Email Magic Link description: '' externalDocs: description: Find out more url: https://docs.authsignal.com - name: Email OTP description: '' externalDocs: description: Find out more url: https://docs.authsignal.com - name: Authenticator App description: '' externalDocs: description: Find out more url: https://docs.authsignal.com - name: Passkeys description: '' externalDocs: description: Find out more url: https://docs.authsignal.com externalDocs: description: Find out more about Authsignal url: https://docs.authsignal.com paths: /challenge/whatsapp: post: tags: - WhatsApp summary: Start WhatsApp Challenge description: Start a challenge by sending a WhatsApp message containing an OTP code. operationId: startWhatsappChallenge responses: '200': description: OK content: application/json: schema: type: object properties: challengeId: type: string '400': $ref: '#/components/responses/InvalidRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' '429': description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/RateLimitError' components: responses: InvalidRequest: description: Invalid Request content: application/json: schema: $ref: '#/components/schemas/Error' Unauthorized: description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/ErrorWithCode' NotFound: description: Not Found content: application/json: schema: $ref: '#/components/schemas/Error' schemas: RateLimitError: type: object properties: error: type: string example: too_many_requests errorDescription: type: string example: The rate limit has been exceeded. required: - error Error: type: object properties: error: type: string errorDescription: type: string required: - error ErrorWithCode: type: object properties: error: type: string errorDescription: type: string errorCode: type: string required: - error securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: >- Use a short-lived token obtained from the Server API's Track Action endpoint. The token is valid for 10 minutes and should be passed in the Authorization header as 'Bearer {token}'. ````