POST
/
validate

Body

application/json
token
string
required

The token obtained after a redirect or returned by a client SDK.

userId
string

The ID of the user. Only pass this if doing step-up auth on an existing user session (i.e. not for login).

Response

200 - application/json
isValid
boolean
required

True if the challenge was completed successfully.

state
enum<string>

The current state of the action.

Available options:
CHALLENGE_REQUIRED,
CHALLENGE_FAILED,
CHALLENGE_SUCCEEDED,
ALLOW,
BLOCK
stateUpdatedAt
string

The time in ISO 8061 format when the state of the action was last updated.

userId
string

The ID of the user.

actionCode
string
idempotencyKey
string
verificationMethod
enum<string>
Available options:
SMS,
AUTHENTICATOR_APP,
EMAIL_MAGIC_LINK,
EMAIL_OTP,
PUSH,
SECURITY_KEY,
PASSKEY,
VERIFF,
IPROOV,
REDROCK,
IDVERSE