Skip to content
My Docs

Initialize MFA Challenge

GET
/mfa/flows/{flow}/challenges/{challenge}

Initializes a specific challenge within an MFA flow and returns an updated MFA token. This endpoint is used after obtaining an MFA token from GET /mfa/:flow. The challenge will be initialized (e.g., 6-digit OTP sent via email or phone). Supported challenges: otp_email, otp_phone

Flow:

  1. Authenticate user via JWT token (required).
  2. Validate MFA token from X-GOTU-MFA-Token header.
  3. Verify flow and challenge parameters match the MFA token.
  4. Initialize the challenge (send OTP).
  5. Return updated MFA token.

Authorizations

Section titled “Authorizations ”

Parameters

Section titled “ Parameters ”

Path Parameters

Section titled “Path Parameters ”
flow
required
string
Allowed values: phone_update_flow payment_method_create_flow payment_method_select_flow payment_method_delete_flow

MFA Flow Name

challenge
required
string
Allowed values: otp_email otp_phone

MFA Challenge Name

Header Parameters

Section titled “Header Parameters ”
X-GOTU-MFA-Token
required
string

MFA Token from InitializeMFAFlow

Query Parameters

Section titled “Query Parameters ”
email
string

Email address (required for otp_email challenge for unauthenticated flows)

phone
string

Phone number (required for otp_phone challenge for unauthenticated flows)

Responses

Section titled “ Responses ”

200

Section titled “200 ”

OK

object
token
string
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

400

Section titled “400 ”

Bad request - invalid flow/challenge

object
error
string
some meaningful error message

401

Section titled “401 ”

Unauthorized - missing or invalid auth token

object
error
string
some meaningful error message

403

Section titled “403 ”

Forbidden - invalid MFA token

object
error
string
some meaningful error message

500

Section titled “500 ”

Internal server error

object
error
string
some meaningful error message