Frequently asked questions.
ALLOW
when I have already configured authenticators for my tenant?CHALLENGE
or have at least one rule triggered whose outcome is CHALLENGE
.
AUTHENTICATOR_NOT_FOUND
with a 400 HTTP status codeAuthenticator type | Rate limit |
---|---|
Email magic link | 12 per 10 mins |
Email OTP | 12 per 10 mins |
SMS OTP | 6 per 10 mins |
Authenticator type | Rate limit |
---|---|
Email OTP | 10 per 5 mins |
SMS OTP | 10 per 5 mins |
Time-based OTP (TOTP) | 10 per 5 mins |
CHALLENGE_FAILED
state?CHALLENGE_REQUIRED
state.
deviceId
?__as_aid
is set on the user’s browser.
When tracking an action on your server, you can extract the deviceId
from this cookie:
deviceId
on the client via authsignal.anonymousId
and pass it it to your server in the request body: