> ## Documentation Index > Fetch the complete documentation index at: https://docs.prelude.so/llms.txt > Use this file to discover all available pages before exploring further. # Continue step-up challenge > Verify the customer's verification token and advance the challenge to the next step. ## OpenAPI ````yaml post /v1/session/stepup/continue openapi: 3.1.1 info: title: Prelude Auth Frontend API version: 0.0.1 description: The Prelude Frontend API for Authentication and Session Management contact: email: support@prelude.so servers: - url: https://{appId}.session.prelude.dev description: Production server variables: appId: default: changeme description: The appID security: [] tags: - name: Login OTP description: Login and step-up via OTP (phone or email) - name: Login Email Password description: Login via email and password - name: Login OAuth description: Login via OAuth providers - name: Login Finalize description: Finalize a login flow and create a session - name: Login Migration description: Migrate sessions from a legacy authentication system - name: Session description: Session refresh and revocation - name: Session Management description: Authenticated session and identifier management - name: Step-Up description: Step-up authentication flow - name: Well-Known description: Public key discovery endpoints - name: Password description: Password compliancy and change password paths: /v1/session/stepup/continue: post: tags: - Step-Up summary: Continue step-up challenge description: >- Verify the customer's verification token and advance the challenge to the next step. operationId: stepUpContinue requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/StepUpContinueRequest' responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/StepUpContinueResponse' '400': description: Bad Request content: application/json: schema: oneOf: - $ref: '#/components/schemas/BadRequestError' - $ref: '#/components/schemas/ExpiredChallengeTokenError' - $ref: '#/components/schemas/InvalidChallengeTokenError' - $ref: '#/components/schemas/InvalidVerificationTokenError' - $ref: '#/components/schemas/TokenMismatchError' - $ref: '#/components/schemas/StepNotCompletedError' - $ref: '#/components/schemas/StepBypassedError' '401': description: Unauthorized content: application/json: schema: oneOf: - $ref: '#/components/schemas/UnauthorizedError' - $ref: '#/components/schemas/InvalidDPoPProofError' '404': description: Not Found content: application/json: schema: $ref: '#/components/schemas/StepNotFoundError' '409': description: Conflict content: application/json: schema: $ref: '#/components/schemas/TokenReusedError' '422': description: Unprocessable Entity content: application/json: schema: $ref: '#/components/schemas/StepUpNotConfiguredError' '500': description: Internal Error content: application/json: schema: $ref: '#/components/schemas/InternalError' security: - accessTokenAuth: [] components: schemas: StepUpContinueRequest: type: object properties: challenge_token: type: string description: The current challenge token. examples: - eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9... verification_token: type: string description: The verification token from the completed step. examples: - eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9... required: - challenge_token - verification_token StepUpContinueResponse: type: object properties: challenge_token: type: string description: The updated challenge token for the next step or final grant. examples: - eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9... required: - challenge_token BadRequestError: type: object properties: code: type: string enum: - bad_request type: type: string enum: - bad_request ExpiredChallengeTokenError: type: object properties: code: type: string enum: - expired_challenge_token type: type: string enum: - bad_request InvalidChallengeTokenError: type: object properties: code: type: string enum: - invalid_challenge_token type: type: string enum: - bad_request InvalidVerificationTokenError: type: object properties: code: type: string enum: - invalid_verification_token type: type: string enum: - bad_request TokenMismatchError: type: object properties: code: type: string enum: - token_mismatch type: type: string enum: - bad_request StepNotCompletedError: type: object properties: code: type: string enum: - step_not_completed type: type: string enum: - bad_request StepBypassedError: type: object properties: code: type: string enum: - step_bypassed type: type: string enum: - bad_request UnauthorizedError: type: object properties: code: type: string enum: - unauthorized type: type: string enum: - unauthorized InvalidDPoPProofError: type: object properties: code: type: string enum: - invalid_dpop_proof type: type: string enum: - unauthorized StepNotFoundError: type: object properties: code: type: string enum: - step_not_found type: type: string enum: - not_found TokenReusedError: type: object properties: code: type: string enum: - token_reused type: type: string enum: - conflict StepUpNotConfiguredError: type: object properties: code: type: string enum: - not_configured type: type: string enum: - unprocessable_entity InternalError: type: object properties: code: type: string enum: - internal type: type: string enum: - internal securitySchemes: accessTokenAuth: type: http scheme: bearer bearerFormat: JWT description: Access token obtained from session refresh ````