Auth Final (Validate / Poll)
POST/prove/auth/:session_id
Completes or polls the possession step for the session identified by {session_id}. Behavior depends on the channel chosen at Auth Initial:
- OTP sessions — submit the applicant's SMS code in
otp_code. Returns a pass/fail (passed,sms_status). - Magic Link sessions — there is no code to submit; the applicant completes possession by tapping the Magic Link. Call this endpoint with an empty body to poll the result.
statusispendinguntil the applicant taps the link, thenverifiedorfailed. Poll untilcompletedistrue.
Polling note: this endpoint is a
POSTand responses are cached perIdempotency-Key. Send a freshIdempotency-Keyon each poll so you receive the latest status rather than a cached response.
Request
Responses
- 200
- 400
- 401
- 403
- 410
- 429
- 500
Possession status
Response Headers
The applicant id
We update the API major version whenever we introduce breaking changes. Internally, we update minor and patch versions whenever we add functionality and backward-compatible updates
The current limit on a 5-minute window.
The remaining calls on a 5-minute window.
The timestamp of the request reception.
Bad Request
Unauthorized
Forbidden
Gone - the Prove session expired or was not found. Restart with Auth Initial.
Too Many Requests
Internal Server Error