Authentication Attempts
OpenAPI operations for the authentication attempt state machine.
Authentication attempts hold the short-lived state for a login, registration, step-up, or recovery journey. Use these endpoints to start an attempt, issue factor challenges, verify proofs, and mint a handoff token for session exchange.
Submit client-side event POST
Submits telemetry or fingerprint data from the frontend. Does not advance the state machine. Used for risk evaluation.
Create a new authentication attempt POST
Starts a new authentication attempt. This is the entry point for the auth_attempts state machine. An attempt is an ephemeral (15-minute TTL) state machine that drives a single authentication round. It accepts factor challenges, verifies proofs, and completes into a session or handoff token. Accepts a project_id and challenge_nonce (from POST /bootstrap/challenge). For step-up re-auth, also include session_id to add factors to an existing session.