Create an Email Verification Protocol nonce for the active runtime Flow step.
curl --request POST \ --url https://auth.example.com/api/v1/login/interactions/example/email-verification/challenge \ --header 'Content-Type: application/json' \ --data '{ "step_id": "example", "contract_hash": "example", "signature": "example" }'Returns a short-lived nonce only when mail OTP is enabled and the active Flow step is an explicit email-verification step, or its mail-OTP branch leads directly to one. A response with available=false means the client must use the normal mail-OTP path.
Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”Request Body required
Section titled “Request Body required ”object
Example generated
{ "step_id": "example", "contract_hash": "example", "signature": "example"}Responses
Section titled “ Responses ”Email Verification Protocol availability and, when available, its nonce.
object
Example generated
{ "available": true, "challenge_id": "example", "nonce": "example", "expires_in": 1, "interaction_id": "example", "step_id": "example"}Headers
Section titled “Headers ”Set to no-store when a nonce is returned.
Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}