Submit an Embedded or Hybrid SCA Attempt

POST 
/auth/sca/events/:eventId/attempts

Submits an Embedded or Hybrid authentication attempt for a Strong Customer Authentication (SCA) event.

Each challenge must be manually submitted by the user, and the number of submission attempts allowed is controlled by internal security rules to ensure optimal protection against fraud (e.g., verify the OTP code sent via SMS), as defined by the allowableAttempts. Each new attempt increments the currentAttempts count until it reaches the predefined limit. When the limit is reached, no further attempts for the same challenge are accepted and are automatically denied. There is no cooldown period, and the challenge is marked as failed. To retry the process, a new challenge must be sent, and the user can attempt the verification again. The challenge status is always determined by the most recent verification attempt, regardless of what happened in previous attempts (e.g., the challenge will be marked as failed if the last attempt failed, even if earlier attempts were successful).

More details can be found in Strong Customer Authentication.

Request

Responses

201

Created

400

Bad Request

401

Unauthorized

404

Not Found

429

Too Many Requests

500

Internal Server Error

503

Service Unavailable