Stytch · Schema

api_b2b_otp_v1_b2b_otp_sms_AuthenticateRequest

Request type

AuthenticationIdentityPasswordlessSecurityB2BConnected AppsMCPAI AgentsDeveloper Tools

Properties

Name Type Description
organization_id string Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organi
member_id string Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set
code string The code to authenticate.
intermediate_session_token string The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be u
session_token string A secret token for a given Stytch Session.
session_jwt string The JSON Web Token (JWT) for a given Stytch Session.
session_duration_minutes integer Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, returning both an opaque `session_token` and `session_jwt` for this session. Reme
session_custom_claims object Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Sessi
set_mfa_enrollment string Optionally sets the Member’s MFA enrollment status upon a successful authentication. If the Organization’s MFA policy is `REQUIRED_FOR_ALL`, this field will be ignored. If this field is not passed in,
set_default_mfa boolean
telemetry_id string If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and
View JSON Schema on GitHub

JSON Schema

stytch-api-b2b-otp-v1-b2b-otp-sms-authenticaterequest-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/api_b2b_otp_v1_b2b_otp_sms_AuthenticateRequest",
  "title": "api_b2b_otp_v1_b2b_otp_sms_AuthenticateRequest",
  "type": "object",
  "properties": {
    "organization_id": {
      "type": "string",
      "description": "Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience."
    },
    "member_id": {
      "type": "string",
      "description": "Globally unique UUID that identifies a specific Member. The `member_id` is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member."
    },
    "code": {
      "type": "string",
      "description": "The code to authenticate."
    },
    "intermediate_session_token": {
      "type": "string",
      "description": "The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. The token has a default expiry of 10 minutes. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. Intermediate Session Tokens have a default expiry of 10 minutes."
    },
    "session_token": {
      "type": "string",
      "description": "A secret token for a given Stytch Session."
    },
    "session_jwt": {
      "type": "string",
      "description": "The JSON Web Token (JWT) for a given Stytch Session."
    },
    "session_duration_minutes": {
      "type": "integer",
      "format": "int32",
      "description": "Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist,\n  returning both an opaque `session_token` and `session_jwt` for this session. Remember that the `session_jwt` will have a fixed lifetime of\n  five minutes regardless of the underlying session duration, and will need to be refreshed over time.\n\n  This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).\n\n  If a `session_token` or `session_jwt` is provided then a successful authentication will continue to extend the session this many minutes.\n\n  If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want\n  to use the Stytch session product, you can ignore the session fields in the response."
    },
    "session_custom_claims": {
      "type": "object",
      "additionalProperties": true,
      "description": "Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in\n  `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To\n  delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored.\n  Total custom claims size cannot exceed four kilobytes."
    },
    "set_mfa_enrollment": {
      "type": "string",
      "description": "Optionally sets the Member\u2019s MFA enrollment status upon a successful authentication. If the Organization\u2019s MFA policy is `REQUIRED_FOR_ALL`, this field will be ignored. If this field is not passed in, the Member\u2019s `mfa_enrolled` boolean will not be affected. The options are:\n \n  `enroll` \u2013 sets the Member's `mfa_enrolled` boolean to `true`. The Member will be required to complete an MFA step upon subsequent logins to the Organization.\n \n  `unenroll` \u2013  sets the Member's `mfa_enrolled` boolean to `false`. The Member will no longer be required to complete MFA steps when logging in to the Organization.\n  "
    },
    "set_default_mfa": {
      "type": "boolean"
    },
    "telemetry_id": {
      "type": "string",
      "description": "If the `telemetry_id` is passed, as part of this request, Stytch will call the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) and store the associated fingerprints and IPGEO information for the Member. Your workspace must be enabled for Device Fingerprinting to use this feature."
    }
  },
  "description": "Request type",
  "required": [
    "organization_id",
    "member_id",
    "code"
  ]
}