Skip to main content
POST
/
verify
/
qr-code
Verify QR Code Challenge
curl --request POST \
  --url https://api.authsignal.com/v1/client/verify/qr-code \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "challengeId": "<string>",
  "deviceCode": "<string>"
}
'
{
  "isClaimed": true,
  "isConsumed": true,
  "isVerified": true,
  "accessToken": "<string>"
}

Authorizations

Authorization
string
header
required

Use a short-lived token obtained from the Server API's Track Action endpoint. The token is valid for 10 minutes and should be passed in the Authorization header as 'Bearer {token}'.

Body

application/json
challengeId
string
required

The challenge ID returned when starting the QR code challenge.

deviceCode
string
required

The device code returned when starting the QR code challenge.

Response

OK

isClaimed
boolean
required

True if a user has claimed the challenge on their mobile device. False if no user has claimed the challenge.

isConsumed
boolean
required

True if the user has either approved or rejected the auth request. False if they have not yet responded to the request.

isVerified
boolean
required

True if the user approved the auth request on their mobile device. False if they rejected the request.

accessToken
string

A new short-term token with scopes to manage authenticators (e.g. add secondary authenticators, remove authenticators, view or regenerate recovery codes). Only present if the challenge succeeded.