Solve MFA Challenge
POST /mfa/flows/{flow}/challenges/{challenge}
POST
/mfa/flows/{flow}/challenges/{challenge}
Solves a specific challenge within an MFA flow and returns an updated MFA token. This endpoint is used after initializing a challenge via GET /mfa/:flow/:challenge. The challenge must be in PENDING status. Once solved, the status becomes PASSED. Supported challenges: otp_email, otp_phone
Flow:
- Authenticate user via JWT token (required).
- Validate MFA token from X-GOTU-MFA-Token header.
- Verify flow and challenge parameters match the MFA token.
- Verify the challenge solution (e.g., validate OTP code).
- Update challenge status to PASSED.
- Return updated MFA token.
Note: This function is idempotent. Solving an already PASSED challenge will return success.
Example request body per challenges:
- otp_email:
{"otp":"12345"} - otp_phone:
{"otp":"12345"}
Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ” flow
required
string
MFA Flow Name
challenge
required
string
MFA Challenge Name
Header Parameters
Section titled “Header Parameters ” X-GOTU-MFA-Token
required
string
MFA Token from InitializeMFAChallenge
Request Body
Section titled “Request Body ”Challenge solution data
object
key
additional properties
any
Responses
Section titled “ Responses ”OK
object
token
string
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Bad request - invalid flow/challenge or missing data
object
error
string
some meaningful error messageUnauthorized - missing or invalid auth token
object
error
string
some meaningful error messageForbidden - invalid MFA token or incorrect solution
object
error
string
some meaningful error messageInternal server error
object
error
string
some meaningful error message