Skip to main content

User action for suggest verification methods

POST 
/auth-actions-srv/validation/:track_id

This API allows users to take action on the list of suggested verification methods that are prompted during the suggest_verification_methods precheck step.

When to use this API:

  • After receiving a prevalidation response with validationType: suggest_verification_methods
  • When the user needs to decide whether to skip or permanently dismiss the verification method suggestions
  • The track_id must be from a recent prevalidation (within 1 hour)

Validation Rules:

  • The track_id must be associated with suggest_verification_methods validation type
  • The action can only be used when the prevalidation metadata reason is NONE or ALLOFMANDATORY
  • DONOTSHOWAGAIN can only be used when all verification methods are optional OR all mandatory methods are already configured by the user
  • SKIP cannot be used if there are mandatory methods without a valid skipUntil time or if skipUntil has expired

Security:

  • The track_id is validated and sanitized
  • The user's sub (subject identifier) is removed from the response for security reasons
  • The track_id expires after 1 hour for security purposes

What happens after:

  • The user's decision is stored and associated with their account and client
  • This preference is used for future login attempts
  • If SKIP is chosen, the user will be prompted again after the configured time period
  • If DONOTSHOWAGAIN is chosen, the prompt won't appear until admin changes are made

Request

Responses

Success. The user's decision has been saved. The response contains the stored preference (without the user's sub for security).