POST
/
users
/
{userId}
/
actions
/
{action}

Path Parameters

userId
string
required

The ID of the user.

action
string
required

A short human-readable code which defines the action the user is performing, e.g. 'signIn'.

Body

application/json
redirectUrl
string

The URL which the user will be redirected to after completing a challenge via the pre-built UI. Only required when using Authsignal's pre-built UI.

redirectToSettings
boolean

If set to true, the user will be redirected to the authentication settings screen after completing a challenge. Use this flag to allow users to manage their own authenticators through Authsignal's pre-built UI.

email
string

The user's email address.

phoneNumber
string

The user's phone number in E.164 format.

ipAddress
string

The user's IP address. Should be provided when using rules based on location or other IP-derived features.

userAgent
string

The user agent identifying a browser or app. Should be provided when using rules based on device.

deviceId
string

An ID which identifies the user's device. Should be provided when using rules based on device.

custom
object

A JSON object which can include any key/value pairs. Should be provided when using rules based on custom data points from your own app.

crypto
object

Response

200 - application/json
state
enum<string>

The current state of the action.

Available options:
CHALLENGE_REQUIRED,
CHALLENGE_FAILED,
CHALLENGE_SUCCEEDED,
ALLOW,
BLOCK
url
string

The URL for initiating a challenge using Authsignal's pre-built UI. You can redirect to this URL if the state determines that a challenge is required, or if you want to allow the user to enroll or to manage their existing authenticator settings.

token
string

A short-lived token which can be passed to Authsignal's client SDKs (e.g. when using passkeys) or to authenticate to Authsignal's client API.

isEnrolled
boolean

True if the user is enrolled with at least one verification method and can be challenged.

idempotencyKey
string

A unique key which identifies a particular action. This key can be used to determine if the user has successfully completed a challenge.

allowedVerificationMethods
enum<string>[]

The list of verification methods which the user is permitted to enroll.

Available options:
SMS,
AUTHENTICATOR_APP,
EMAIL_MAGIC_LINK,
EMAIL_OTP,
PUSH,
SECURITY_KEY,
PASSKEY,
VERIFF,
IPROOV,
REDROCK,
IDVERSE
enrolledVerificationMethods
enum<string>[]

The list of verification methods which the user has enrolled.

Available options:
SMS,
AUTHENTICATOR_APP,
EMAIL_MAGIC_LINK,
EMAIL_OTP,
PUSH,
SECURITY_KEY,
PASSKEY,
VERIFF,
IPROOV,
REDROCK,
IDVERSE
defaultVerificationMethod
enum<string>
Available options:
SMS,
AUTHENTICATOR_APP,
EMAIL_MAGIC_LINK,
EMAIL_OTP,
PUSH,
SECURITY_KEY,
PASSKEY,
VERIFF,
IPROOV,
REDROCK,
IDVERSE