Verify a specific Challenge

POST /v2/Services/{ServiceSid}/Entities/{Identity}/Challenges/{Sid}

Account sid auth token

TODO: Resource-level docs

Verify a specific Challenge.

Path parameters

ServiceSid string Required

The unique SID identifier of the Service.

Minimum length is 34, maximum length is 34. Format should match the following pattern: ^VA[0-9a-fA-F]{32}$.
Identity string Required

Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters.
Sid string Required

A 34 character string that uniquely identifies this Challenge.

Minimum length is 34, maximum length is 34. Format should match the following pattern: ^YC[0-9a-fA-F]{32}$.

application/x-www-form-urlencoded

Body

AuthPayload string

The optional payload needed to verify the Challenge. E.g., a TOTP would use the numeric code. For TOTP this value must be between 3 and 8 characters long. For Push this value can be up to 5456 characters in length
Metadata

Custom metadata associated with the challenge. This is added by the Device/SDK directly to allow for the inclusion of device information. It must be a stringified JSON with only strings values eg. {"os": "Android"}. Can be up to 1024 characters in length.

Responses

200 application/json

OK
Hide response attributes Show response attributes object
- account_sid string | null
  
  Account Sid.
  
  Minimum length is 34, maximum length is 34. Format should match the following pattern: ^AC[0-9a-fA-F]{32}$.
- date_created string(date-time) | null
  
  The date this Challenge was created
- date_responded string(date-time) | null
  
  The date this Challenge was responded
- date_updated string(date-time) | null
  
  The date this Challenge was updated
- details
  
  Details about the Challenge.
- entity_sid string | null
  
  Entity Sid.
  
  Minimum length is 34, maximum length is 34. Format should match the following pattern: ^YE[0-9a-fA-F]{32}$.
- expiration_date string(date-time) | null
  
  The date-time when this Challenge expires
- factor_sid string | null
  
  Factor Sid.
  
  Minimum length is 34, maximum length is 34. Format should match the following pattern: ^YF[0-9a-fA-F]{32}$.
- factor_type string | null
  
  The Factor Type of this Challenge
  
  Values are push or totp.
- hidden_details
  
  Hidden details about the Challenge
- identity string | null
  
  Unique external identifier of the Entity
- links object(uri-map) | null
  
  Nested resource URLs.
- metadata
  
  Metadata of the challenge.
- responded_reason string | null
  
  The Reason of this Challenge status
  
  Values are none, not_needed, or not_requested.
- service_sid string | null
  
  Service Sid.
  
  Minimum length is 34, maximum length is 34. Format should match the following pattern: ^VA[0-9a-fA-F]{32}$.
- sid string | null
  
  A string that uniquely identifies this Challenge.
  
  Minimum length is 34, maximum length is 34. Format should match the following pattern: ^YC[0-9a-fA-F]{32}$.
- status string | null
  
  The Status of this Challenge
  
  Values are pending, expired, approved, or denied.
- url string(uri) | null
  
  The URL of this resource.

POST /v2/Services/{ServiceSid}/Entities/{Identity}/Challenges/{Sid}

curl \
 --request POST 'https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges/{Sid}' \
 --user "username:password" \
 --header "Content-Type: application/x-www-form-urlencoded" \
 --data 'AuthPayload=string'

Response examples (200)

{
  "account_sid": "string",
  "date_created": "2026-05-04T09:42:00Z",
  "date_responded": "2026-05-04T09:42:00Z",
  "date_updated": "2026-05-04T09:42:00Z",
  "entity_sid": "string",
  "expiration_date": "2026-05-04T09:42:00Z",
  "factor_sid": "string",
  "factor_type": "push",
  "identity": "string",
  "links": {},
  "responded_reason": "none",
  "service_sid": "string",
  "sid": "string",
  "status": "pending",
  "url": "https://example.com"
}