Perform the authentication method

POST 
/verification-srv/authentication/:method/verification

This API call is used to perform authentication depending on the type of verification configured.

This is a public API that requires no groups or roles but requires a valid exchange_id obtained from the initiation step. The verification method is specified in the URL path parameter {method}.

Validation Steps Performed:

1. Validates exchange_id is present and valid
2. Validates single_factor_auth is only allowed for FACE method
3. Method-specific validations:
   • Backup Code: Validates backup code exists, is not already used, and marks it as used after successful authentication
   • Email/SMS/TOTP: Validates pass_code matches the sent code
   • FIDO2: Validates FIDO2 client response
   • Password: Validates password matches user's stored password
   • Pattern: Validates pattern matches user's configured pattern
   • Push/TouchID/Face: Validates device and biometric authentication
4. Performs Fraud Detection System (FDS) checks for suspicious activity

Request

Responses

200

SUCCESS

400

Bad Request

417

Expectation Failed