Skip to main content
POST
/
challenge
Initiate challenge
curl --request POST \
  --url https://api.authsignal.com/v1/challenge \
  --header 'Content-Type: application/json' \
  --data '{
  "verificationMethod": "SMS",
  "action": "signInWithSms",
  "phoneNumber": "+64270000000",
  "locale": "en"
}'
{
  "challengeId": "<string>",
  "expiresAt": 123
}

Body

application/json
verificationMethod
enum<string>
required

The verification method to use for the challenge.

Available options:
SMS,
EMAIL_OTP
action
string
required

The action code used to identify the challenge in the Authsignal Portal.

phoneNumber
string

The phone number in E.164 format. Required if the verification method is 'SMS'.

email
string

The email address. Required if the verification method is 'EMAIL_OTP'.

userId
string

The primary ID of the user in your system. Required when initiating a challenge to enroll or update an authenticator for an existing user.

scope
enum<string>

Providing scopes will authorize enrolling or updating an authenticator for an existing user. Must only be provided when initiating a challenge from an already authenticated state.

Available options:
add:authenticators,
update:authenticators,
add:authenticators update:authenticators
smsChannel
enum<string>

The channel to use for sending the SMS challenge. 'DEFAULT' will use regular SMS, while 'WHATSAPP' will use WhatsApp. Only applicable if the verification method is 'SMS'.

Available options:
DEFAULT,
WHATSAPP
locale
string

The user's locale in BCP 47 format. Used to localize email and SMS messages.

Example:

"en"

Response

OK

challengeId
string
required

The ID of the challenge.

expiresAt
number
required

The challenge expiry as a Unix timestamp in seconds.