Skip to main content
POST
/
validate
Validate challenge
curl --request POST \
  --url https://api.authsignal.com/v1/validate \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "token": "eyJhbGciOiJ..."
}
'
{
  "isValid": true,
  "state": "CHALLENGE_SUCCEEDED",
  "stateUpdatedAt": "2023-11-07T05:31:56Z",
  "userId": "<string>",
  "action": "<string>",
  "idempotencyKey": "<string>",
  "verificationMethod": "SMS"
}

Authorizations

Authorization
string
header
required

Use your Authsignal secret key as the username and leave the password empty. The secret key can be found in the API Keys section of the Authsignal Portal settings page.

Body

application/json
token
string
required

The token obtained after a redirect or returned by an Authsignal SDK.

userId
string

The ID of the user (if known). If passed, this will be used to validate that the token is for the correct user.

action
string

The action which was tracked. Use this to ensure that the action being validated matches the action that was tracked.

Response

OK

isValid
boolean
required

True if the challenge was completed successfully.

state
enum<string>

The current state of the action.

Available options:
ALLOW,
BLOCK,
CHALLENGE_REQUIRED,
CHALLENGE_FAILED,
CHALLENGE_SUCCEEDED,
REVIEW_REQUIRED,
REVIEW_FAILED,
REVIEW_SUCCEEDED
stateUpdatedAt
string<date-time>

The time in ISO 8061 format when the state of the action was last updated.

userId
string

The ID of the user.

action
string
idempotencyKey
string
verificationMethod
enum<string>
Available options:
SMS,
AUTHENTICATOR_APP,
EMAIL_MAGIC_LINK,
EMAIL_OTP,
PUSH,
DEVICE,
SECURITY_KEY,
PASSKEY,
VERIFF,
IPROOV,
PALM_BIOMETRICS_RR,
IDVERSE