Skip to main content
POST
/
v1
/
session
/
stepup
/
request
Request step-up scope
curl --request POST \
  --url https://{appId}.session.prelude.dev/v1/session/stepup/request \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "scope": "<string>",
  "metadata": {},
  "dispatch_id": "<string>"
}
'
{
  "status": "<string>",
  "challenge_token": "<string>"
}

Authorizations

Authorization
string
header
required

Access token obtained from session refresh

Body

application/json
scope
string
required

A scope identifier. Must only contain lowercase letters, uppercase letters, numbers, or the following characters: . - _ :

Pattern: ^[a-zA-Z0-9.\-_:]+$
Example:

"transfer:write"

metadata
object

Optional metadata (max 5 fields, keys max 12 chars, values max 32 chars). Metadata keys must only contain lowercase letters, uppercase letters, numbers, or the following characters: . - _ :

Example:
{ "amount": "500", "currency": "USD" }
dispatch_id
string

The identifier of the dispatch from the front-end SDK.

Example:

"123e4567-e89b-12d3-a456-426614174000"

Response

OK

status
string

The status of the step-up request (e.g., "continue", "granted").

Example:

"continue"

challenge_token
string

The challenge token for the step-up flow (present when status is "continue").

Example:

"eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9..."