Creates a challenge for the FIDO2/U2F device to sign.

  • Published on Jun 2, 2025
  • 1 minute(s) read
Prev Next
Post
/sys/v1/approval_requests/{req_id}/challenge

If the quorum policy is configured to require 2FA, then a call to this API produces a challenge that needs to be signed by the respective FIDO2/U2F device. The signed data that U2F device provides can be then used with POST /sys/v1/approval_requests/:req_id/approve to successfully approve the request.

Security
HTTP
Type bearer
API Key: apiKeyAuth
Header parameter nameAuthorization
Path parameters
req_id
string (uuid) Required
Query parameters
MfaChallengeParams
object
protocol
string Required
Valid values[ "u2f", "fido2" ]
Responses
2XX

Success result

Expand All
OneOf
object
object
u2f_challenge
string
u2f_keys
Array of object (U2fRegisteredKey)
object
keyHandle
string
version
string
object
OneOf
object
object
rp
object
name
string
entity
object
id
string | null
user
object
name
string
entity
object
id
string (byte)
displayName
string
challenge
string (byte)
pubKeyCredParams
Array of object (PublicKeyCredentialParameters)
object
type
string
Valid values[ "public-key" ]
alg
string
Valid values[ "Es256" ]
timeout
integer | null
excludeCredentials
Array of object (PublicKeyCredentialDescriptor)
object
type
string
Valid values[ "public-key" ]
id
string (byte)
transports
Array
OneOf
string
string
Valid values[ "usb", "nfc", "ble", "internal" ]
string
string
authenticatorSelection
object
authenticatorAttachment
string
Valid values[ "platform", "cross-platform" ]
residentKey
string
Valid values[ "discouraged", "preferred", "required" ]
requireResidentKey
boolean | null
userVerification
string
Valid values[ "required", "preferred", "discouraged" ]
attestation
string
Valid values[ "none", "indirect", "direct", "enterprise" ]
extensions
object
appidExclude
string | null
appid
string | null
example.extension.bool
boolean | null
object
object
challenge
string (byte)
timeout
integer | null
rpId
string | null
allowCredentials
Array of object | null
object
type
string
Valid values[ "public-key" ]
id
string (byte)
transports
Array
OneOf
string
string
Valid values[ "usb", "nfc", "ble", "internal" ]
string
string
userVerification
string
Valid values[ "required", "preferred", "discouraged" ]
extensions
object
appidExclude
string | null
appid
string | null
example.extension.bool
boolean | null