Skip to main content
POST
/
auth
/
verifiedChallenges
Verify authentication
curl --request POST \
  --url https://api.guile.app/auth/verifiedChallenges \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "method": "otp",
  "challengeId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "code": "<string>"
}
'
{
  "authToken": "<string>",
  "refreshToken": "<string>"
}

Body

application/json

Unified verification request for both OTP and passkey authentication.

Use the method field to specify which authentication method is being verified:

  • For OTP: Include challengeId and code
  • For passkey: Include assertion
ā€‹
method
enum<string>
required

The authentication method being verified.

Available options:
otp
ā€‹
challengeId
string<uuid>
required

The challenge ID to verify.

ā€‹
code
string
required

The one-time passcode used to verify the authentication challenge.

Required string length: 6

Response

Ok. The operation succeeded.

The JSON representation of issued authentication tokens as the result of a successful authentication challenge or the exchange of a refresh token.

ā€‹
authToken
string<jwt>
required

A bearer token representing an authenticated user.

ā€‹
refreshToken
string<jwt>
required

An offline refresh token. Refresh tokens are exchanged for a new authentication token without going through a challenge workflow.