> ## Documentation Index > Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt > Use this file to discover all available pages before exploring further. # Verify Authenticator App Challenge > Verify a challenge when enrolling a authenticator app authenticator or when re-authenticating with an existing authenticator app authenticator ## OpenAPI ````yaml client-api POST /verify/totp openapi: 3.0.0 info: description: Authsignal's Client API. version: 1.0.0 title: Client API termsOfService: https://www.authsignal.com/legal/terms-of-service contact: email: hello@authsignal.com servers: - url: https://api.authsignal.com/v1/client - url: https://au.api.authsignal.com/v1/client - url: https://eu.api.authsignal.com/v1/client - url: https://ca.api.authsignal.com/v1/client security: - bearerAuth: [] tags: - name: User authenticators description: '' externalDocs: description: Find out more url: https://docs.authsignal.com - name: SMS description: '' externalDocs: description: Find out more url: https://docs.authsignal.com - name: WhatsApp description: '' externalDocs: description: Find out more url: https://docs.authsignal.com - name: Email Magic Link description: '' externalDocs: description: Find out more url: https://docs.authsignal.com - name: Email OTP description: '' externalDocs: description: Find out more url: https://docs.authsignal.com - name: Authenticator App description: '' externalDocs: description: Find out more url: https://docs.authsignal.com - name: Passkeys description: '' externalDocs: description: Find out more url: https://docs.authsignal.com externalDocs: description: Find out more about Authsignal url: https://docs.authsignal.com paths: /verify/totp: post: tags: - Authenticator App summary: Verify Authenticator App Challenge description: >- Verify a challenge when enrolling a authenticator app authenticator or when re-authenticating with an existing authenticator app authenticator operationId: verifyAuthenticatorAppChallenge requestBody: required: true content: application/json: schema: type: object properties: verificationCode: type: string description: The TOTP code inputted by the user. required: - verificationCode responses: '200': description: OK content: application/json: schema: type: object properties: isVerified: type: boolean description: True if the inputted TOTP is correct. accessToken: type: string description: >- A new short-term token with scopes to manage authenticators (e.g. add secondary authenticators, remove authenticators, view or regenerate recovery codes). Only present if the challenge succeeded. failureReason: type: string enum: - CODE_INVALID_OR_EXPIRED - MAX_ATTEMPTS_EXCEEDED required: - isVerified '400': $ref: '#/components/responses/InvalidRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' components: responses: InvalidRequest: description: Invalid Request content: application/json: schema: $ref: '#/components/schemas/Error' Unauthorized: description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/ErrorWithCode' NotFound: description: Not Found content: application/json: schema: $ref: '#/components/schemas/Error' schemas: Error: type: object properties: error: type: string errorDescription: type: string required: - error ErrorWithCode: type: object properties: error: type: string errorDescription: type: string errorCode: type: string required: - error securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: >- Use a short-lived token obtained from the Server API's Track Action endpoint. The token is valid for 10 minutes and should be passed in the Authorization header as 'Bearer {token}'. ````