Skip to main content
POST
/
medical
/
v1
/
identity
/
aal2
/
challenge
Create AAL2 Challenge
curl --request POST \
  --url https://api.sandbox.metriport.com/medical/v1/identity/aal2/challenge \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <api-key>' \
  --data '
{
  "proofedIdentityId": "<string>",
  "redirectUrl": "<string>"
}
'
{
  "challengeId": "<string>",
  "challengeUrl": "<string>",
  "expiresAt": "<string>",
  "method": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://docs.metriport.com/llms.txt

Use this file to discover all available pages before exploring further.

Returns a single-use URL where the user authenticates with their enrolled authenticator. After the user satisfies the challenge, they’re redirected to your redirectUrl with ?aal2SessionId=aal2_...&status=verified appended. Pass the aal2SessionId on subsequent IAS-purposed queries via the x-aal2-session header.

Body

proofedIdentityId
string
required
The verified identity to challenge. Must be in active status.
redirectUrl
string
required
HTTPS URL on your account’s allowlist.

Response

challengeId
string
required
Unique identifier for this AAL2 challenge.
challengeUrl
string
required
Single-use URL for the user to complete the challenge.
expiresAt
string
required
ISO-8601 timestamp when the challenge URL expires.
method
string
required
How the user will complete the challenge: totp is a time-based one-time password from an authenticator app (e.g. Google Authenticator, 1Password). webauthn is a Web Authentication challenge in the browser (passkey or security key).
Response
{
  "challengeId": "aalc_018f7c40...",
  "challengeUrl": "https://auth.ias.metriport.com/aal2/eyJhbGc...",
  "expiresAt": "2026-04-29T14:42:00.000Z",
  "method": "totp"
}