> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Validate Action

> Validate the result of an action using a token obtained after redirecting back from the pre-built UI or returned by an Authsignal SDK.



## OpenAPI

````yaml server-api POST /validate
openapi: 3.0.0
info:
  description: Authsignal's Server API.
  version: 1.0.0
  title: Server API
  termsOfService: https://www.authsignal.com/legal/terms-of-service
  contact:
    email: hello@authsignal.com
servers:
  - url: https://api.authsignal.com/v1
  - url: https://au.api.authsignal.com/v1
  - url: https://eu.api.authsignal.com/v1
  - url: https://ca.api.authsignal.com/v1
security:
  - basicAuth: []
tags:
  - name: users
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: challenge
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: authenticator configurations
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: actions
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: query
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: email
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: sms
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: verify
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: challenges
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: sessions
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: devices
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
externalDocs:
  description: Find out more about Authsignal
  url: https://docs.authsignal.com
paths:
  /validate:
    post:
      tags:
        - action
      summary: Validate action
      description: >-
        Validate the result of an action using a token obtained after
        redirecting back from the pre-built UI or returned by an Authsignal SDK.
      operationId: validateAction
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                token:
                  type: string
                  description: >-
                    The token obtained after a redirect or returned by an
                    Authsignal SDK.
                userId:
                  type: string
                  description: >-
                    The ID of the user (if known). If passed, this will be used
                    to validate that the token is for the correct user.
                action:
                  type: string
                  description: >-
                    The action which was tracked. Use this to ensure that the
                    action being validated matches the action that was tracked.
              required:
                - token
            example:
              token: eyJhbGciOiJ...
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  isValid:
                    type: boolean
                    description: '`true` if the challenge''s state is `CHALLENGE_SUCCEEDED`.'
                  state:
                    $ref: '#/components/schemas/ActionState'
                    example: CHALLENGE_SUCCEEDED
                  stateUpdatedAt:
                    type: string
                    format: date-time
                    description: >-
                      The time in ISO 8061 format when the state of the action
                      was last updated.
                  userId:
                    type: string
                    description: The ID of the user.
                  action:
                    type: string
                  idempotencyKey:
                    type: string
                  verificationMethod:
                    $ref: '#/components/schemas/VerificationMethod'
                  veriffSessionId:
                    type: string
                    description: >-
                      The Veriff session ID, returned when the challenge was
                      completed using Veriff. Use this with your own Veriff API
                      credentials to fetch the full decision and provider
                      payload.
        '400':
          $ref: '#/components/responses/InvalidRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  schemas:
    ActionState:
      type: string
      enum:
        - ALLOW
        - BLOCK
        - CHALLENGE_REQUIRED
        - CHALLENGE_FAILED
        - CHALLENGE_SUCCEEDED
        - REVIEW_REQUIRED
        - REVIEW_FAILED
        - REVIEW_SUCCEEDED
      description: The current state of the action.
    VerificationMethod:
      type: string
      enum:
        - SMS
        - AUTHENTICATOR_APP
        - EMAIL_MAGIC_LINK
        - EMAIL_OTP
        - PUSH
        - DEVICE
        - SECURITY_KEY
        - PASSKEY
        - VERIFF
        - IPROOV
        - PALM_BIOMETRICS_RR
        - IDVERSE
    Error:
      type: object
      properties:
        error:
          type: string
        errorDescription:
          type: string
      required:
        - error
  responses:
    InvalidRequest:
      description: Invalid Request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic
      description: >-
        Use your Authsignal Server API secret key as the username and leave the
        password empty. The secret key can be found in the API Keys section of
        the Authsignal Portal settings page.

````