Send an Embedded or Hybrid SCA Challenge

POST 
/auth/sca/events/:eventId/challenges

Sends a challenge via a secure communication mechanism as part of the ongoing Embedded or Hybrid SCA process.

Once an SCA process is initiated, a challenge must be sent through one of the available verification mechanisms (e.g., send an OTP code via SMS). Тhe challenges have their own expiration (e.g., the OTP sent via SMS is valid for only a short time). If a challenge expires, a new one must be sent. Each challenge sent for the same process will increment the currentChallenges field. This process can only be performed a limited number of times, as defined by allowableChallenges (its value is determined by the best security practices). If this limit is exceeded, an error will be returned, and no additional challenges can be sent for the same process until a cooldown period has elapsed. After this period, the currentChallenges are reset, and new challenges can be sent for the same process as previously described.

More details can be found in Strong Customer Authentication.

Request

Responses

201

Created

400

Bad Request

401

Unauthorized

404

Not Found

405

Method Not Allowed

429

Too Many Requests

500

Internal Server Error

503

Service Unavailable