Get a device attestation challenge

Generates a one-time challenge used by the mobile SDK to request a device attestation from Apple App Attest or Google Play Integrity. The challenge expires after 5 minutes and is single-use.

Authenticated by capture session token.

Generates a one-time challenge used by the mobile SDK to request a device attestation from Apple App Attest or Google Play Integrity. The challenge expires after 5 minutes and is single-use.

Authenticated by capture session token.

Authentication

X-API-Keystring

Organization API key. Keys are prefixed with vk_live_ (production) or vk_sandbox_ (sandbox).

Query parameters

tokenstringRequired

Response

Challenge issued.

challengestring

Errors

400

Bad Request Error

Organization API key. Keys are prefixed with vk_live_ (production) or vk_sandbox_ (sandbox).

API version date string (e.g. 2026-02-01). If omitted, the version pinned to your API key is used.

$	curl -G https://devapi.withverifa.com/api/v1/sdk/attest/challenge \
>	-H "X-API-Key: <apiKey>" \
>	-H "Content-Type: application/json" \
>	-d token=token

$	curl -G https://devapi.withverifa.com/api/v1/sdk/attest/challenge \
>	-H "X-API-Key: <apiKey>" \
>	-H "Content-Type: application/json" \
>	-d token=token

Get a device attestation challenge

Authentication

Headers

Query parameters

Response

Errors

Authentication

Headers

Query parameters

Response

Errors

1	{
2	"challenge": "a1b2c3d4e5f67890abcdef1234567890abcdef1234567890abcdef1234567890"
3	}