> ## Documentation Index > Fetch the complete documentation index at: https://developer.rocket.chat/llms.txt > Use this file to discover all available pages before exploring further. # Verify Two-Factor Challenge > Verifies a two-factor authentication code submitted against a pending challenge and, on success, returns a login token for the associated user. Use this endpoint to complete the second factor of a login flow that issued a `challengeId`. The endpoint does not require an authenticated session. It is rate-limited to 5 requests per minute per caller. Exceeding the per-user maximum failed attempts removes the challenge and returns a `totp-max-attempts` error. ### Changelog | Version | Description | | ------- | ----------- | | 8.5.0 | Added | ## OpenAPI ````json POST /api/v1/twoFactorChallenges.verifyChallenge { "openapi": "3.0.0", "info": { "version": "1.0.0", "title": "Authentication" }, "servers": [ { "url": "https://apiexplorer.support.rocket.chat" } ], "tags": [ { "name": "Authentication" }, { "name": "Two-Factor Authentication" } ], "paths": { "/api/v1/twoFactorChallenges.verifyChallenge": { "post": { "tags": [ "Two-Factor Authentication" ], "summary": "Verify Two-Factor Challenge", "description": "Verifies a two-factor authentication code submitted against a pending challenge and, on success, returns a login token for the associated user. Use this endpoint to complete the second factor of a login flow that issued a `challengeId`.\n\nThe endpoint does not require an authenticated session. It is rate-limited to 5 requests per minute per caller. Exceeding the per-user maximum failed attempts removes the challenge and returns a `totp-max-attempts` error.\n\n### Changelog\n| Version | Description |\n| ------- | ----------- |\n| 8.5.0 | Added |", "operationId": "post-api-v1-twoFactorChallenges.verifyChallenge", "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "challengeId": { "type": "string", "description": "The ID of the pending two-factor challenge returned by the login flow.", "example": "8f4c2d1e9a7b6c5d3e2f1a0b" }, "code": { "type": "string", "description": "The two-factor code provided by the user for the challenge.", "example": "482913" } }, "required": [ "challengeId", "code" ] }, "examples": { "Example 1": { "value": { "challengeId": "8f4c2d1e9a7b6c5d3e2f1a0b", "code": "482913" } } } } } }, "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "type": "object", "properties": { "loginToken": { "type": "string" }, "userId": { "type": "string" }, "success": { "type": "boolean" } } }, "examples": { "Verification successful": { "value": { "loginToken": "exampleLoginTokenString123", "userId": "aobEdbYhXfu5hkeqG", "success": "true" } } } } } }, "400": { "description": "Bad Request", "content": { "application/json": { "schema": { "type": "object", "properties": { "success": { "type": "boolean" }, "error": { "type": "string" }, "errorType": { "type": "string" } } }, "examples": { "Missing parameters": { "value": { "success": "false", "error": "challengeId and code are required", "errorType": "error-parameter-required" } }, "Invalid code": { "value": { "success": "false", "error": "Invalid code", "errorType": "error-invalid-code" } }, "Challenge not found": { "value": { "success": "false", "error": "challenge not found", "errorType": "error-challenge-not-found" } }, "User not found": { "value": { "success": "false", "error": "user not found", "errorType": "error-user-not-found" } }, "Max attempts reached": { "value": { "success": "false", "error": "TOTP Maximun Failed Attempts Reached", "errorType": "totp-max-attempts" } } } } } } } } } } } ````