# Issue a one-time password that can be used to verify a list of resources Starts the verification process for a list of resources in which a one-time password is sent to a device belonging to the logged-in user that was previously enrolled through the /authentication_factors/otp/{channel} endpoint. This endpoint can be used to challenge _Outgoing Wire Transfers_, _Sends_, and _Linked Account Declarations_. You should only start this process if the operation state is PENDING_CHALLENGE. _Note that on the Sandbox Environment, text messages are not sent and the one-time-password is always \"123456\"._ Endpoint: POST /challenges/otp/{channel} Version: 3.63.5 Security: auth_token, api-key ## Header parameters: - `idempotency-ref` (string) A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours. ## Path parameters: - `channel` (string, required) The unique identifier for the channel. Enum: "SMS" ## Request fields (application/json): - `resourceType` (string, required) The resource type that the subsequent Ids pertain to. Note that the linked_account_declaration can only be performed by a logged in Root User. Enum: "outgoing_wire_transfers", "sends", "linked_account_declaration" - `resourceIds` (array, required) Can be used with a single or a list of resource Ids. A resource Id is the unique identifier of the resource type that was provided in the response when the resource (such as a transaction) was created. ## Response 200 fields (application/json): - `scaChallengeId` (string) ## Response 400 fields (application/json): - `message` (string) When present helps to identify and fix the problem. - `syntaxErrors` (object) Is returned as part of an HTTP error response whenever a syntax error is detected. A list of the fields together with their syntax error will be provided. - `syntaxErrors.invalidFields` (array) - `syntaxErrors.invalidFields.params` (array) - `syntaxErrors.invalidFields.fieldName` (string) - `syntaxErrors.invalidFields.error` (string) Enum: "REQUIRED", "HAS_TEXT", "REQUIRES", "SIZE", "RANGE", "IN", "NOT_IN", "REGEX", "EXACTLY", "AT_LEAST", "AT_MOST", "ALL_OR_NONE" ## Response 405 fields (application/json): - `code` (string) - `message` (string) ## Response 409 fields (application/json): - `errorCode` (string) Error codes: * STATE_INVALID - The operation no longer requires additional verification, it was either cancelled or completed. * CHANNEL_NOT_SUPPORTED - The channel selected cannot be used to verify this type of operation. * CHANNEL_NOT_REGISTERED - The channel selected must be enrolled to receive one-time passwords before it can be used to verify this type of operation. * RETRY_IN_15_SECS - The endpoint can be called again in 15 seconds. Once called successfully, a new SMS will be sent (with a different OTP to the original SMS). * CHALLENGE_LIMIT_EXCEEDED - No more SMS OTPs can be requested. If verification was not completed, the original action must be started again from the beginning. Enum: "STATE_INVALID", "CHANNEL_NOT_SUPPORTED", "CHANNEL_NOT_REGISTERED", "RETRY_IN_15SEC", "CHALLENGE_LIMIT_EXCEEDED" ## Response default fields (application/json): - `code` (string) - `message` (string) ## Response 401 fields ## Response 403 fields ## Response 429 fields ## Response 500 fields ## Response 503 fields