Autional Autional
API Reference GitHub autional.com →

POST /mfa/challenge

Create a one-time MFA challenge code for a specified user, supporting SMS, email, TOTP, push, and other verification methods, used for secondary authentication before login or sensitive operations. Reference: NIST SP 800-63B §5.1.7 (Verifier Impersonation Resistance), OWASP ASVS V2.8.

Multi-Factor Authentication `bearerAuth` application/json

Request Body

Schema: dto.MFAChallengeRequest

FieldTypeRequiredExampleConstraintsDescription
method string Yes sms

Responses

StatusDescriptionSchema
201Challenge code created successfullydto.MFAChallengeDetailResponse
400Invalid parametergitee_com_linmes_authms_base_dto.SimpleResponse
401Unauthenticatedgitee_com_linmes_authms_base_dto.SimpleResponse
404Challenge not foundgitee_com_linmes_authms_base_dto.SimpleResponse
429Request too frequentgitee_com_linmes_authms_base_dto.SimpleResponse
500Internal server errorgitee_com_linmes_authms_base_dto.SimpleResponse

Referenced Schemas

dto.MFAChallengeDetailResponse

FieldTypeRequiredExampleConstraintsDescription
code integer No
data dto.MFAChallengeResponse No
message string No
timestamp string No

dto.MFAChallengeResponse

FieldTypeRequiredExampleConstraintsDescription
challenge_id string No challenge-1234567890
created_at string No 2026-04-14T12:00:00Z
expires_in integer No 300
method string No sms
tenant_id string No tenant-001
user_id string No user-001

gitee_com_linmes_authms_base_dto.SimpleResponse

FieldTypeRequiredExampleConstraintsDescription
code integer No
message string No
timestamp string No