Step-up authentication challenges (SCA / PSD2).
Step-up authentication is required when performing certain requests covered by PSD2 Strong Customer Authentication requirements — for example, creating a Managed Account or initiating an OWT.
The flow is:
- Attempt the protected operation → receive a
403with step-up challenge details (or aSTEP_UP_REQUIREDerror code) - Call
initiate_otp/3to send an OTP to the user's enrolled device - User enters the code → call
verify_otp/4 - The token returned from
verify_otp/4is a stepped-up token — retry the original operation with this token
Confirmed endpoints (from Weavr error-handling docs and curl examples)
POST /stepup/challenges/otp/{channel}— initiate step-up OTP challengePOST /stepup/challenges/otp/{channel}/verify— verify the OTP code
Channels
Currently supported channels: "SMS", "AUTHY" (Twilio Authy push notification).
Sandbox note
On Sandbox, the verification code is always "123456".
Summary
Functions
Initiates a step-up OTP challenge on the given channel.
The supported step-up OTP channels.
Verifies a step-up OTP code and returns a stepped-up token.
Functions
@spec initiate_otp(Weavr.Config.t(), String.t(), String.t()) :: {:ok, map()} | {:error, Weavr.Error.t()}
Initiates a step-up OTP challenge on the given channel.
POST /stepup/challenges/otp/{channel}
channel must be one of ["SMS", "AUTHY"].
On Sandbox, the OTP code is always "123456".
@spec supported_channels() :: [String.t()]
The supported step-up OTP channels.
@spec verify_otp(Weavr.Config.t(), String.t(), String.t(), String.t()) :: {:ok, map()} | {:error, Weavr.Error.t()}
Verifies a step-up OTP code and returns a stepped-up token.
POST /stepup/challenges/otp/{channel}/verify
On success, use the returned token for the operation that required
step-up authentication. On Sandbox the code is always "123456".