Verify authentication

POST

auth

verifiedChallenges

curl --request POST \
  --url https://api.guile.app/auth/verifiedChallenges \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "challengeId": "<string>",
  "code": "<string>"
}
'

{
  "authToken": "<string>",
  "refreshToken": "<string>"
}

Body

application/json

Option 1
Option 2

Unified verification request for both OTP and passkey authentication.

Use the method field to specify which authentication method is being verified:

For OTP: Include challengeId and code
For passkey: Include assertion

method

enum<string>

required

The authentication method being verified.

Available options:

otp

challengeId

string

required

The challenge ID to verify.

code

string

required

The one-time passcode used to verify the authentication challenge.

Required string length: 6

Pattern: ^[0-9]{6}$

Response

Ok. The operation succeeded.

The JSON representation of issued authentication tokens as the result of a successful authentication challenge or the exchange of a refresh token.

authToken

string<jwt>

required

A bearer token representing an authenticated user.

refreshToken

string<jwt>

required

An offline refresh token. Refresh tokens are exchanged for a new authentication token without going through a challenge workflow.

List supported passkey algorithmsList the cryptographic algorithms supported for passkey credentials. Returns the available COSE algorithm identifiers that can be used when creating passkeys. Client SDKs should map these human-readable values to their corresponding COSE numeric identifiers when calling the WebAuthn API.

Verify authentication

curl --request POST \
  --url https://api.guile.app/auth/verifiedChallenges \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "challengeId": "<string>",
  "code": "<string>"
}
'

{
  "authToken": "<string>",
  "refreshToken": "<string>"
}