Autional Autional
API Reference GitHub autional.com →

POST /mfa/push/challenge

Create a Push MFA challenge, push an approval request to the user's device via notification-service, including Number Matching anti-phishing protection. Reference: NIST SP 800-63B §5.1.7 (Verifier Impersonation Resistance), OWASP ASVS V2.8.

Multi-Factor Authentication `bearerAuth` application/json

Request Body

Schema: dto.PushChallengeRequest

FieldTypeRequiredExampleConstraintsDescription
device_id string No dev-001
login_context string No login from Beijing

Responses

StatusDescriptionSchema
201Challenge created successfullydto.PushChallengeDetailResponse
400Invalid parametergitee_com_linmes_authms_base_dto.SimpleResponse
401Unauthenticatedgitee_com_linmes_authms_base_dto.SimpleResponse
404Device not foundgitee_com_linmes_authms_base_dto.SimpleResponse
429Request too frequentgitee_com_linmes_authms_base_dto.SimpleResponse
500Internal server errorgitee_com_linmes_authms_base_dto.SimpleResponse

Referenced Schemas

dto.PushChallengeDetailResponse

FieldTypeRequiredExampleConstraintsDescription
code integer No
data dto.PushChallengeResponse No
message string No
timestamp string No

dto.PushChallengeResponse

FieldTypeRequiredExampleConstraintsDescription
challenge_id string No chal-abc123
created_at string No 2026-05-12T12:00:00Z
expires_in integer No 120
login_context string No login from Beijing
number_matching string No 42
status string No pending
user_id string No user-001

gitee_com_linmes_authms_base_dto.SimpleResponse

FieldTypeRequiredExampleConstraintsDescription
code integer No
message string No
timestamp string No