Dispatch an SMS/email verification code for the session's active challenge
POST
/v1/hosted-sessions/{sessionId}/challenge/send
const url = 'https://api.govifi.com/v1/hosted-sessions/example/challenge/send';const options = {method: 'POST', headers: {Authorization: 'Bearer <token>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://api.govifi.com/v1/hosted-sessions/example/challenge/send \ --header 'Authorization: Bearer <token>'For sms/email challenges only, triggers delivery of the verification code bound to the session. No-op for hcaptcha/turnstile. Idempotent within a short window; rate limited. (RFC rfc-fraud-challenges.md §3.2)
Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ” sessionId
required
string
Responses
Section titled “ Responses ”Code dispatched (or no code needed for this challenge type)
Media type application/json
Server-decided fraud challenge the payer must satisfy before confirm (RFC rfc-fraud-challenges.md). Null = no challenge required. Browser-safe — site_key is public and delivery_hint is masked; contains no PII.
object
type
string
site_key
Public key for hcaptcha/turnstile.
string
delivery_hint
Masked destination for sms/email, e.g. --1234.
string
code_sent
Sms/email: whether a verification code has already been dispatched.
boolean
Example
{ "type": "hcaptcha"}Session not found
Media type application/json
object
code
required
string
message
required
string
recoverable
boolean
request_id
string
Example
{ "code": "card_declined"}Validation error
Media type application/json
object
code
required
string
message
required
string
recoverable
boolean
request_id
string
Example
{ "code": "card_declined"}