> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Server SDKs - Challenges

> Use Authsignal's server-side SDK methods for challenges.

## Initiate Challenge

<Card title="API schema" icon="file-code" href="/api-reference/server-api/initiate-challenge" horizontal />

This method lets you initiate an SMS or email OTP challenge for a given phone number or email address.

<CodeGroup>
  ```ts Node.js theme={null}
  const request = {
    verificationMethod: "SMS",
    action: "signInWithSms",
    phoneNumber: "+64270000000",
  };

  const response = await authsignal.challenge(request);

  const challengeId = response.challengeId;
  ```

  ```csharp C# theme={null}
  var request = new ChallengeRequest(
      VerificationMethod: VerificationMethod.SMS,
      Action: "signInWithSms",
      PhoneNumber: "+64270000000"
  );

  var response = await authsignal.challenge(request);

  var challengeId = response.ChallengeId;
  ```

  ```java Java theme={null}
  ChallengeRequest request = new ChallengeRequest();
  request.verificationMethod = VerificationMethodType.SMS;
  request.action = "signInWithSms";
  request.phoneNumber = "+64270000000";

  ChallengeResponse response = authsignal.challenge(request).get();

  String challengeId = response.challengeId;
  ```

  ```ruby Ruby theme={null}
  response = Authsignal.challenge(
      verification_method: "SMS",
      action: "signInWithSms",
      phone_number: "+64270000000",
  )

  challenge_id = response[:challenge_id]
  ```

  ```go Go theme={null}
  response, err := client.Challenge(
      ChallengeRequest{
          VerificationMethod: "SMS",
          Action: "signInWithSms",
          PhoneNumber: "+64270000000",
      },
  )

  challengeId := response.challengeId
  ```
</CodeGroup>

## Verify Challenge

<Card title="API schema" icon="file-code" href="/api-reference/server-api/verify-challenge" horizontal />

This method lets you verify an SMS or email OTP challenge by determining if the OTP code submitted by the user is valid.

<CodeGroup>
  ```ts Node.js theme={null}
  const request = {
    challengeId: "3a991a14-690c-492b-a5e5-02b9056a4b7d",
    verificationCode: "123456",
  };

  const response = await authsignal.verify(request);

  const isVerified = response.isVerified;
  ```

  ```csharp C# theme={null}
  var request = new VerifyRequest(
      ChallengeId: "3a991a14-690c-492b-a5e5-02b9056a4b7d",
      VerificationCode: "123456"
  );

  var response = await authsignal.Verify(request);

  var isVerified = response.IsVerified;
  ```

  ```java Java theme={null}
  VerifyRequest request = new VerifyRequest();
  request.challengeId = "3a991a14-690c-492b-a5e5-02b9056a4b7d";
  request.verificationCode = "123456";

  VerifyResponse response = authsignal.verify(request).get();

  boolean isVerified = response.isVerified;
  ```

  ```ruby Ruby theme={null}
  response = Authsignal.verify(
      challenge_id: "3a991a14-690c-492b-a5e5-02b9056a4b7d",
      verification_code: "123456",
  )

  is_verified = response[:is_verified]
  ```

  ```go Go theme={null}
  response, err := client.Verify(
      VerifyRequest{
          ChallengeId: "3a991a14-690c-492b-a5e5-02b9056a4b7d",
          VerificationCode: "123456",
      },
  )

  isVerified := response.IsVerified
  ```
</CodeGroup>

## Claim Challenge

<Card title="API schema" icon="file-code" href="/api-reference/server-api/claim-challenge" horizontal />

This method lets you claim a challenge on behalf of a user by associating it with an ID for the corresponding user record in your system.

<CodeGroup>
  ```ts Node.js theme={null}
  const request = {
    challengeId: "3a991a14-690c-492b-a5e5-02b9056a4b7d",
    userId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
  };

  const response = await authsignal.claimChallenge(request);
  ```

  ```csharp C# theme={null}
  var request = new ClaimChallengeRequest(
      ChallengeId: "3a991a14-690c-492b-a5e5-02b9056a4b7d",
      UserId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833"
  );

  var response = await authsignal.ClaimChallenge(request);
  ```

  ```java Java theme={null}
  ClaimChallengeRequest request = new ClaimChallengeRequest();
  request.challengeId = "3a991a14-690c-492b-a5e5-02b9056a4b7d";
  request.userId = "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833";

  ClaimChallengeResponse response = authsignal.claimChallenge(request).get();
  ```

  ```ruby Ruby theme={null}
  response = Authsignal.claim_challenge(
      challenge_id: "3a991a14-690c-492b-a5e5-02b9056a4b7d",
      user_id: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
  )
  ```

  ```go Go theme={null}
  response, err := client.ClaimChallenge(
      ClaimChallengeRequest{
          ChallengeId: "3a991a14-690c-492b-a5e5-02b9056a4b7d",
          UserId: "dc58c6dc-a1fd-4a4f-8e2f-846636dd4833",
      },
  )
  ```
</CodeGroup>

## Get Challenge

<Card title="API schema" icon="file-code" href="/api-reference/server-api/get-challenge" horizontal />

This method can be used to retrieve information about a currently active challenge.

<CodeGroup>
  ```ts Node.js theme={null}
  const request = {
    challengeId: "3a991a14-690c-492b-a5e5-02b9056a4b7d",
  };

  const response = await authsignal.getChallenge(request);
  ```

  ```csharp C# theme={null}
  var request = new GetChallengeRequest(
      ChallengeId: "3a991a14-690c-492b-a5e5-02b9056a4b7d"
  );

  var response = await authsignal.GetChallenge(request);
  ```

  ```java Java theme={null}
  GetChallengeRequest request = new GetChallengeRequest();
  request.challengeId = "3a991a14-690c-492b-a5e5-02b9056a4b7d";

  GetChallengeResponse response = authsignal.getChallenge(request).get();
  ```

  ```ruby Ruby theme={null}
  response = Authsignal.get_challenge(
      challenge_id: "3a991a14-690c-492b-a5e5-02b9056a4b7d",
  )
  ```

  ```go Go theme={null}
  response, err := client.GetChallenge(
      GetChallengeRequest{
          ChallengeId: "3a991a14-690c-492b-a5e5-02b9056a4b7d",
      },
  )


  ```
</CodeGroup>

## Validate Challenge

<Card title="API schema" icon="file-code" href="/api-reference/server-api/validate-challenge" horizontal />

This method lets you validate server-side whether a user has successfully completed an authentication challenge via the [Authsignal pre-built UI](/implementation-options/prebuilt-ui/overview#3-backend-validate-challenge) or an [Authsignal Client SDK](/implementation-options/web-sdk/overview#2-backend-validate-challenge).

After obtaining a short-lived `token` from the pre-built UI or a Client SDK, pass this token to your server to determine the result.

<CodeGroup>
  ```ts Node.js theme={null}
  const request = {
    action: "signIn",
    token: "eyJhbGciOiJ...",
  };

  const response = await authsignal.validateChallenge(request);

  if (response.state === "CHALLENGE_SUCCEEDED") {
    // The user completed the challenge successfully
    // Proceed with authenticated action
  } else {
    // The user did not complete the challenge successfully
  }
  ```

  ```csharp C# theme={null}
  var request = new ValidateChallengeRequest(
      Action: "signIn,
      Token: "eyJhbGciOiJ..."
  );

  var response = await authsignal.ValidateChallenge(request);

  if (response.State == UserActionState.CHALLENGE_SUCCEEDED) {
    // The user completed the challenge successfully
    // Proceed with authenticated action
  } else {
    // The user did not complete the challenge successfully
  }
  ```

  ```java Java theme={null}
  ValidateChallengeRequest request = new ValidateChallengeRequest();
  request.action = "signIn";
  request.token = "eyJhbGciOiJ...";

  ValidateChallengeResponse response = authsignal.validateChallenge(request).get();

  if (response.state == UserActionState.CHALLENGE_SUCCEEDED) {
      // The user completed the challenge successfully
      // Proceed with authenticated action
  } else {
      // The user did not complete the challenge successfully
  }
  ```

  ```ruby Ruby theme={null}
  response = Authsignal.validate_challenge(
      action: "signIn",
      token: "eyJhbGciOiJ..."
  )

  if response[:state] == "CHALLENGE_SUCCEEDED"
    # The user completed the challenge successfully
    # Proceed with authenticated action
  else
    # The user did not complete the challenge successfully
  end
  ```

  ```python Python theme={null}
  response = authsignal.validate_challenge(
      attributes={
          "action": "signIn",
          "token": "eyJhbGciOiJ..."
      }
  )

  if response["state"] == "CHALLENGE_SUCCEEDED":
      # The user completed the challenge successfully
      # Proceed with authenticated action
  else:
      # The user did not complete the challenge successfully
  ```

  ```php PHP theme={null}
  $response = Authsignal::validateChallenge([
      'action' => "signIn",
      'token' => "eyJhbGciOiJ...",
  ]);

  if ($response["state"] === "CHALLENGE_SUCCEEDED") {
      # The user completed the challenge successfully
      # Proceed with authenticated action
  } else {
      # The user did not complete the challenge successfully
  }
  ```

  ```go Go theme={null}
  response, err := client.ValidateChallenge(
      ValidateChallengeRequest{
          Action: "signIn",
          Token: "eyJhbGciOiJ...",
      },
  )


  if response.State == "CHALLENGE_SUCCEEDED" {
      // The user completed the challenge successfully
      // Proceed with authenticated action
  } else {
      // The user did not complete the challenge successfully
  }
  ```
</CodeGroup>
