POST
/
v1
/
customers
/
{customerId}
/
accounts
/
{accountId}
/
cards
/
{cardId}
/
secure
/
passkey-challenge
Secure details — passkey challenge
curl --request POST \
  --url https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards/{cardId}/secure/passkey-challenge \
  --header 'Authorization: Bearer <token>'
import requests

url = "https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards/{cardId}/secure/passkey-challenge"

headers = {"Authorization": "Bearer <token>"}

response = requests.post(url, headers=headers)

print(response.text)
const options = {method: 'POST', headers: {Authorization: 'Bearer <token>'}};

fetch('https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards/{cardId}/secure/passkey-challenge', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards/{cardId}/secure/passkey-challenge",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"net/http"
"io"
)

func main() {

url := "https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards/{cardId}/secure/passkey-challenge"

req, _ := http.NewRequest("POST", url, nil)

req.Header.Add("Authorization", "Bearer <token>")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards/{cardId}/secure/passkey-challenge")
.header("Authorization", "Bearer <token>")
.asString();
require 'uri'
require 'net/http'

url = URI("https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards/{cardId}/secure/passkey-challenge")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'

response = http.request(request)
puts response.read_body
{
  "success": true,
  "data": {
    "passkeySession": "pks_5e8a3c1d9b7f",
    "fido2options": {
      "challenge": "k9Hd3v2qY7nLwR0pXe1aZb4cF6gT8jU2",
      "timeout": 60000,
      "rpId": "next.orenda.finance",
      "userVerification": "required",
      "allowCredentials": [
        {
          "type": "public-key",
          "id": "AQIDBAUGBwgJCgsMDQ4PEA"
        }
      ]
    }
  }
}
{
"success": false,
"code": "UNAUTHORIZED",
"message": "Unauthorized"
}

Authorizations

Authorization
string
header
required

The user's access token. The program and environment come from the token.

Path Parameters

customerId
string
required

The customer's id.

accountId
string
required

The account the card belongs to. A customer can have several accounts; cards are issued against one.

cardId
string
required

The card id from create / get cards.

Response

Passkey challenge

success
boolean
Example:

true

data
object