POST
/
validate
Validate challenge
curl --request POST \
  --url https://api.authsignal.com/v1/validate \
  --header 'Content-Type: application/json' \
  --data '{
  "token": "eyJhbGciOiJ..."
}'
{
  "isValid": true,
  "state": "CHALLENGE_SUCCEEDED",
  "stateUpdatedAt": "2023-11-07T05:31:56Z",
  "userId": "<string>",
  "action": "<string>",
  "idempotencyKey": "<string>",
  "verificationMethod": "SMS"
}

Body

application/json
token
string
required

The token obtained after a redirect or returned by an Authsignal SDK.

userId
string

The ID of the user (if known). If passed, this will be used to validate that the token is for the correct user.

action
string

The action which was tracked. Use this to ensure that the action being validated matches the action that was tracked.

Response

OK

isValid
boolean
required

True if the challenge was completed successfully.

state
enum<string>

The current state of the action.

Available options:
ALLOW,
BLOCK,
CHALLENGE_REQUIRED,
CHALLENGE_FAILED,
CHALLENGE_SUCCEEDED,
REVIEW_REQUIRED,
REVIEW_FAILED,
REVIEW_SUCCEEDED
stateUpdatedAt
string<date-time>

The time in ISO 8061 format when the state of the action was last updated.

userId
string

The ID of the user.

action
string
idempotencyKey
string
verificationMethod
enum<string>
Available options:
SMS,
AUTHENTICATOR_APP,
EMAIL_MAGIC_LINK,
EMAIL_OTP,
PUSH,
DEVICE,
SECURITY_KEY,
PASSKEY,
VERIFF,
IPROOV,
PALM_BIOMETRICS_RR,
IDVERSE