Skip to contentSkip to navigationSkip to topbar
On this page

Challenge Resource


The Challenge resource is currently used by Verify Push and Verify TOTP features. It represents a single verification attempt of an Entity using a Factor. When the factor_type is push, a Challenge is created to verify the signature of the message sent from the registered device with the public key stored in the Factor. When the factor_type is totp, a Challenge is created to verify that the TOTP code provided by the user matches the one generated by the seed stored in the Factor. Some Challenge properties apply to all factor_types and others do not. A single Entity links to multiple Factors and a single Factor links to multiple Challenges.


Challenges and Billing

challenges-and-billing page anchor

Verify Push

Consistent with overall Verify pricing(link takes you to an external page), Verify Push is billed at a rate of $0.05 per verification. In technical terms, a Verify Push "verification" is defined as a Challenge of factor_type:push that is updated with a status of approved or denied.

Verify TOTP

Consistent with overall Verify pricing(link takes you to an external page), Verify TOTP will be billed at a rate of $0.05 per verification. In technical terms, a Verify TOTP "verification" is defined as a Challenge of factor_type:totp that is updated with a status of approved.


Property nameTypeRequiredDescriptionChild properties
sidSID<YC>

Optional

Not PII

A 34 character string that uniquely identifies this Challenge.

Pattern: ^YC[0-9a-fA-F]{32}$Min length: 34Max length: 34

account_sidSID<AC>

Optional

The unique SID identifier of the Account.

Pattern: ^AC[0-9a-fA-F]{32}$Min length: 34Max length: 34

service_sidSID<VA>

Optional

The unique SID identifier of the Service.

Pattern: ^VA[0-9a-fA-F]{32}$Min length: 34Max length: 34

entity_sidSID<YE>

Optional

The unique SID identifier of the Entity.

Pattern: ^YE[0-9a-fA-F]{32}$Min length: 34Max length: 34

identitystring

Optional

PII MTL: 30 days

Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.


factor_sidSID<YF>

Optional

The unique SID identifier of the Factor.

Pattern: ^YF[0-9a-fA-F]{32}$Min length: 34Max length: 34

date_createdstring<date-time>

Optional

The date that this Challenge was created, given in ISO 8601(link takes you to an external page) format.


date_updatedstring<date-time>

Optional

The date that this Challenge was updated, given in ISO 8601(link takes you to an external page) format.


date_respondedstring<date-time>

Optional

The date that this Challenge was responded, given in ISO 8601(link takes you to an external page) format.


expiration_datestring<date-time>

Optional

The date-time when this Challenge expires, given in ISO 8601(link takes you to an external page) format. The default value is five (5) minutes after Challenge creation. The max value is sixty (60) minutes after creation.


statusenum<string>

Optional

The Status of this Challenge. One of pending, expired, approved or denied.

Possible values:
pendingexpiredapproveddenied

responded_reasonenum<string>

Optional

Reason for the Challenge to be in certain status. One of none, not_needed or not_requested.

Possible values:
nonenot_needednot_requested

detailsobject

Optional

Details provided to give context about the Challenge. Intended to be shown to the end user.


hidden_detailsobject

Optional

Details provided to give context about the Challenge. Intended to be hidden from the end user. It must be a stringified JSON with only strings values eg. {"ip": "172.168.1.234"}


metadataobject

Optional

Custom metadata associated with the challenge. This is added by the Device/SDK directly to allow for the inclusion of device information. It must be a stringified JSON with only strings values eg. {"os": "Android"}. Can be up to 1024 characters in length.


factor_typeenum<string>

Optional

The Factor Type of this Challenge. Currently push and totp are supported.

Possible values:
pushtotp

urlstring<uri>

Optional

The URL of this resource.


linksobject<uri-map>

Optional

Contains a dictionary of URL links to nested resources of this Challenge.


Create a Challenge resource

create-a-challenge-resource page anchor
POST https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges

Path parameters

path-parameters page anchor
Property nameTypeRequiredPIIDescription
ServiceSidSID<VA>required

The unique SID identifier of the Service.

Pattern: ^VA[0-9a-fA-F]{32}$Min length: 34Max length: 34

Identitystringrequired

Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.

Encoding type:application/x-www-form-urlencoded
SchemaExample
Property nameTypeRequiredDescriptionChild properties
FactorSidSID<YF>required

The unique SID identifier of the Factor.

Pattern: ^YF[0-9a-fA-F]{32}$Min length: 34Max length: 34

ExpirationDatestring<date-time>

Optional

The date-time when this Challenge expires, given in ISO 8601(link takes you to an external page) format. The default value is five (5) minutes after Challenge creation. The max value is sixty (60) minutes after creation.


Details.Messagestring

Optional

Shown to the user when the push notification arrives. Required when factor_type is push. Can be up to 256 characters in length


Details.Fieldsarray

Optional

A list of objects that describe the Fields included in the Challenge. Each object contains the label and value of the field, the label can be up to 36 characters in length and the value can be up to 128 characters in length. Used when factor_type is push. There can be up to 20 details fields.


HiddenDetailsobject

Optional

Details provided to give context about the Challenge. Not shown to the end user. It must be a stringified JSON with only strings values eg. {"ip": "172.168.1.234"}. Can be up to 1024 characters in length


AuthPayloadstring

Optional

Optional payload used to verify the Challenge upon creation. Only used with a Factor of type totp to carry the TOTP code that needs to be verified. For TOTP this value must be between 3 and 8 characters long.

Create Push ChallengeLink to code sample: Create Push Challenge
1
// Download the helper library from https://www.twilio.com/docs/node/install
2
const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";
3
4
// Find your Account SID and Auth Token at twilio.com/console
5
// and set the environment variables. See http://twil.io/secure
6
const accountSid = process.env.TWILIO_ACCOUNT_SID;
7
const authToken = process.env.TWILIO_AUTH_TOKEN;
8
const client = twilio(accountSid, authToken);
9
10
async function createChallenge() {
11
const challenge = await client.verify.v2
12
.services("VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
13
.entities("ff483d1ff591898a9942916050d2ca3f")
14
.challenges.create({
15
"details.fields": [
16
{
17
label: "Action",
18
value: "Sign up in portal",
19
},
20
{
21
label: "Location",
22
value: "California",
23
},
24
],
25
"details.message": "Hi! Mr. John Doe, would you like to sign up?",
26
factorSid: "YFaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
27
hiddenDetails: {
28
ip: "127.0.0.1",
29
},
30
});
31
32
console.log(challenge.sid);
33
}
34
35
createChallenge();

Output

1
{
2
"sid": "YC03aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
3
"account_sid": "ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
4
"service_sid": "VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
5
"entity_sid": "YEaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
6
"identity": "ff483d1ff591898a9942916050d2ca3f",
7
"factor_sid": "YFaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
8
"date_created": "2015-07-30T20:00:00Z",
9
"date_updated": "2015-07-30T20:00:00Z",
10
"date_responded": "2015-07-30T20:00:00Z",
11
"expiration_date": "2015-07-30T20:00:00Z",
12
"status": "pending",
13
"responded_reason": "none",
14
"details": {
15
"message": "Hi! Mr. John Doe, would you like to sign up?",
16
"date": "2020-07-01T12:13:14Z",
17
"fields": [
18
{
19
"label": "Action",
20
"value": "Sign up in portal"
21
}
22
]
23
},
24
"hidden_details": {
25
"ip": "172.168.1.234"
26
},
27
"metadata": null,
28
"factor_type": "push",
29
"url": "https://verify.twilio.com/v2/Services/VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Entities/ff483d1ff591898a9942916050d2ca3f/Challenges/YC03aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
30
"links": {
31
"notifications": "https://verify.twilio.com/v2/Services/VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Entities/ff483d1ff591898a9942916050d2ca3f/Challenges/YC03aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Notifications"
32
}
33
}
1
// Download the helper library from https://www.twilio.com/docs/node/install
2
const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";
3
4
// Find your Account SID and Auth Token at twilio.com/console
5
// and set the environment variables. See http://twil.io/secure
6
const accountSid = process.env.TWILIO_ACCOUNT_SID;
7
const authToken = process.env.TWILIO_AUTH_TOKEN;
8
const client = twilio(accountSid, authToken);
9
10
async function createChallenge() {
11
const challenge = await client.verify.v2
12
.services("VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
13
.entities("ff483d1ff591898a9942916050d2ca3f")
14
.challenges.create({
15
authPayload: "12345678",
16
"details.fields": [
17
{
18
label: "Action",
19
value: "Sign up in portal",
20
},
21
{
22
label: "Location",
23
value: "California",
24
},
25
],
26
"details.message": "Hi! Mr. John Doe, would you like to sign up?",
27
factorSid: "YFaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
28
hiddenDetails: {
29
ip: "127.0.0.1",
30
},
31
});
32
33
console.log(challenge.sid);
34
}
35
36
createChallenge();

Output

1
{
2
"sid": "YC02aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
3
"account_sid": "ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
4
"service_sid": "VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
5
"entity_sid": "YEaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
6
"identity": "ff483d1ff591898a9942916050d2ca3f",
7
"factor_sid": "YFaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
8
"date_created": "2015-07-30T20:00:00Z",
9
"date_updated": "2015-07-30T20:00:00Z",
10
"date_responded": "2015-07-30T20:00:00Z",
11
"expiration_date": "2015-07-30T20:00:00Z",
12
"status": "approved",
13
"responded_reason": "none",
14
"details": {
15
"message": "Hi! Mr. John Doe, would you like to sign up?",
16
"date": "2020-07-01T12:13:14Z",
17
"fields": [
18
{
19
"label": "Action",
20
"value": "Sign up in portal"
21
}
22
]
23
},
24
"hidden_details": {
25
"ip": "172.168.1.234"
26
},
27
"metadata": null,
28
"factor_type": "totp",
29
"url": "https://verify.twilio.com/v2/Services/VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Entities/ff483d1ff591898a9942916050d2ca3f/Challenges/YC02aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
30
"links": {
31
"notifications": "https://verify.twilio.com/v2/Services/VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Entities/ff483d1ff591898a9942916050d2ca3f/Challenges/YC02aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Notifications"
32
}
33
}

Fetch a Challenge resource

fetch-a-challenge-resource page anchor
GET https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges/{Sid}

Property nameTypeRequiredPIIDescription
ServiceSidSID<VA>required

The unique SID identifier of the Service.

Pattern: ^VA[0-9a-fA-F]{32}$Min length: 34Max length: 34

Identitystringrequired

Customer unique identity for the Entity owner of the Challenges. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.


SidSID<YC>required

A 34 character string that uniquely identifies this Challenge.

Pattern: ^YC[0-9a-fA-F]{32}$Min length: 34Max length: 34
1
// Download the helper library from https://www.twilio.com/docs/node/install
2
const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";
3
4
// Find your Account SID and Auth Token at twilio.com/console
5
// and set the environment variables. See http://twil.io/secure
6
const accountSid = process.env.TWILIO_ACCOUNT_SID;
7
const authToken = process.env.TWILIO_AUTH_TOKEN;
8
const client = twilio(accountSid, authToken);
9
10
async function fetchChallenge() {
11
const challenge = await client.verify.v2
12
.services("VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
13
.entities("Identity")
14
.challenges("YCaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
15
.fetch();
16
17
console.log(challenge.sid);
18
}
19
20
fetchChallenge();

Output

1
{
2
"sid": "YCaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
3
"account_sid": "ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
4
"service_sid": "VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
5
"entity_sid": "YEaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
6
"identity": "Identity",
7
"factor_sid": "YFaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
8
"date_created": "2015-07-30T20:00:00Z",
9
"date_updated": "2015-07-30T20:00:00Z",
10
"date_responded": "2015-07-30T20:00:00Z",
11
"expiration_date": "2015-07-30T20:00:00Z",
12
"status": "approved",
13
"responded_reason": "none",
14
"details": {
15
"message": "Hi! Mr. John Doe, would you like to sign up?",
16
"date": "2020-07-01T12:13:14Z",
17
"fields": [
18
{
19
"label": "Action",
20
"value": "Sign up in portal"
21
}
22
]
23
},
24
"hidden_details": {
25
"ip": "172.168.1.234"
26
},
27
"metadata": {
28
"os": "Android"
29
},
30
"factor_type": "push",
31
"url": "https://verify.twilio.com/v2/Services/VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Entities/ff483d1ff591898a9942916050d2ca3f/Challenges/YCaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
32
"links": {
33
"notifications": "https://verify.twilio.com/v2/Services/VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Entities/ff483d1ff591898a9942916050d2ca3f/Challenges/YCaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Notifications"
34
}
35
}

Read multiple Challenge resources

read-multiple-challenge-resources page anchor
GET https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges

Property nameTypeRequiredPIIDescription
ServiceSidSID<VA>required

The unique SID identifier of the Service.

Pattern: ^VA[0-9a-fA-F]{32}$Min length: 34Max length: 34

Identitystringrequired

Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.

Property nameTypeRequiredPIIDescription
FactorSidSID<YF>

Optional

The unique SID identifier of the Factor.

Pattern: ^YF[0-9a-fA-F]{32}$Min length: 34Max length: 34

Statusenum<string>

Optional

The Status of the Challenges to fetch. One of pending, expired, approved or denied.

Possible values:
pendingexpiredapproveddenied

Orderenum<string>

Optional

The desired sort order of the Challenges list. One of asc or desc for ascending and descending respectively. Defaults to asc.

Possible values:
ascdesc

PageSizeinteger

Optional

How many resources to return in each list page. The default is 50, and the maximum is 1000.

Minimum: 1Maximum: 1000

Pageinteger

Optional

The page index. This value is simply for client state.

Minimum: 0

PageTokenstring

Optional

The page token. This is provided by the API.

1
// Download the helper library from https://www.twilio.com/docs/node/install
2
const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";
3
4
// Find your Account SID and Auth Token at twilio.com/console
5
// and set the environment variables. See http://twil.io/secure
6
const accountSid = process.env.TWILIO_ACCOUNT_SID;
7
const authToken = process.env.TWILIO_AUTH_TOKEN;
8
const client = twilio(accountSid, authToken);
9
10
async function listChallenge() {
11
const challenges = await client.verify.v2
12
.services("VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
13
.entities("Identity")
14
.challenges.list({ limit: 20 });
15
16
challenges.forEach((c) => console.log(c.sid));
17
}
18
19
listChallenge();

Output

1
{
2
"challenges": [],
3
"meta": {
4
"page": 0,
5
"page_size": 50,
6
"first_page_url": "https://verify.twilio.com/v2/Services/VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Entities/ff483d1ff591898a9942916050d2ca3f/Challenges?PageSize=50&Page=0",
7
"previous_page_url": null,
8
"url": "https://verify.twilio.com/v2/Services/VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Entities/ff483d1ff591898a9942916050d2ca3f/Challenges?PageSize=50&Page=0",
9
"next_page_url": null,
10
"key": "challenges"
11
}
12
}

Update a Challenge resource

update-a-challenge-resource page anchor
POST https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges/{Sid}

Property nameTypeRequiredPIIDescription
ServiceSidSID<VA>required

The unique SID identifier of the Service.

Pattern: ^VA[0-9a-fA-F]{32}$Min length: 34Max length: 34

Identitystringrequired

Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.


SidSID<YC>required

A 34 character string that uniquely identifies this Challenge.

Pattern: ^YC[0-9a-fA-F]{32}$Min length: 34Max length: 34
Encoding type:application/x-www-form-urlencoded
SchemaExample
Property nameTypeRequiredDescriptionChild properties
AuthPayloadstring

Optional

The optional payload needed to verify the Challenge. E.g., a TOTP would use the numeric code. For TOTP this value must be between 3 and 8 characters long. For Push this value can be up to 5456 characters in length


Metadataobject

Optional

Custom metadata associated with the challenge. This is added by the Device/SDK directly to allow for the inclusion of device information. It must be a stringified JSON with only strings values eg. {"os": "Android"}. Can be up to 1024 characters in length.

1
// Download the helper library from https://www.twilio.com/docs/node/install
2
const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";
3
4
// Find your Account SID and Auth Token at twilio.com/console
5
// and set the environment variables. See http://twil.io/secure
6
const accountSid = process.env.TWILIO_ACCOUNT_SID;
7
const authToken = process.env.TWILIO_AUTH_TOKEN;
8
const client = twilio(accountSid, authToken);
9
10
async function updateChallenge() {
11
const challenge = await client.verify.v2
12
.services("VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
13
.entities("Identity")
14
.challenges("YCaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
15
.update({ authPayload: "AuthPayload" });
16
17
console.log(challenge.sid);
18
}
19
20
updateChallenge();

Output

1
{
2
"sid": "YCaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
3
"account_sid": "ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
4
"service_sid": "VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
5
"entity_sid": "YEaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
6
"identity": "Identity",
7
"factor_sid": "YF03aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
8
"date_created": "2015-07-30T20:00:00Z",
9
"date_updated": "2015-07-30T20:00:00Z",
10
"date_responded": "2015-07-30T20:00:00Z",
11
"expiration_date": "2015-07-30T20:00:00Z",
12
"status": "approved",
13
"responded_reason": "none",
14
"details": {
15
"message": "Hi! Mr. John Doe, would you like to sign up?",
16
"date": "2020-07-01T12:13:14Z",
17
"fields": [
18
{
19
"label": "Action",
20
"value": "Sign up in portal"
21
}
22
]
23
},
24
"hidden_details": {
25
"ip": "172.168.1.234"
26
},
27
"metadata": {
28
"os": "Android"
29
},
30
"factor_type": "push",
31
"url": "https://verify.twilio.com/v2/Services/VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Entities/ff483d1ff591898a9942916050d2ca3f/Challenges/YC03aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
32
"links": {
33
"notifications": "https://verify.twilio.com/v2/Services/VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Entities/ff483d1ff591898a9942916050d2ca3f/Challenges/YC03aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Notifications"
34
}
35
}

Need some help?

Terms of service

Copyright © 2024 Twilio Inc.