Docs › API Reference › MFA Service › POST /mfa/push/challenge
POST /mfa/push/challenge
Create a Push MFA challenge, push an approval request to the user's device via notification-service, including Number Matching anti-phishing protection. Reference: NIST SP 800-63B §5.1.7 (Verifier Impersonation Resistance), OWASP ASVS V2.8.
Multi-Factor Authentication `bearerAuth` application/json
Request Body
Schema: dto.PushChallengeRequest
Field Type Required Example Constraints Description
device_id
string
No
dev-001
login_context
string
No
login from Beijing
Referenced Schemas
dto.PushChallengeDetailResponse
Field Type Required Example Constraints Description
code
integer
No
data
dto.PushChallengeResponse
No
message
string
No
timestamp
string
No
dto.PushChallengeResponse
Field Type Required Example Constraints Description
challenge_id
string
No
chal-abc123
created_at
string
No
2026-05-12T12:00:00Z
expires_in
integer
No
120
login_context
string
No
login from Beijing
number_matching
string
No
42
status
string
No
pending
user_id
string
No
user-001
gitee_com_linmes_authms_base_dto.SimpleResponse
Field Type Required Example Constraints Description
code
integer
No
message
string
No
timestamp
string
No