Start unified SCA login

post

https://www.sandbox.striga.com/api/v1/user/login/start

Issues a server-side challenge for the chosen factor. With sms the response carries challengeId + dateExpires and an OTP is dispatched. With passkey the response carries the WebAuthn assertion request (options, allowedOrigins, relyingPartyId) for the browser. With totp the response is { ok: true } — the user reads the code from their authenticator app.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Responses

Language

Credentials

URL

Loading…

Response

Click Try It! to start a request and see the response here! Or choose an example:

application/json

200Factor-specific challenge. The populated fields depend on verificationMethod: sms returns challengeId + dateExpires; passkey returns options + allowedOrigins + relyingPartyId; totp returns ok.

400Request was rejected. The errorCode field disambiguates.

401Invalid API key or HMAC signature.