Method: challenge.create
Stay organized with collections
Save and categorize content based on your preferences.
HTTP request
POST https://verifiedaccess.googleapis.com/v1/challenge
The URL uses gRPC Transcoding syntax.
Request body
The request body must be empty.
Response body
Result message for VerifiedAccess.CreateChallenge.
If successful, the response body contains data with the following structure:
| JSON representation |
{
"challenge": {
object (SignedData)
},
"alternativeChallenge": {
object (SignedData)
}
} |
| Fields |
challenge |
object (SignedData)
Generated challenge
|
alternativeChallenge |
object (SignedData)
Challenge generated with the old signing key (this will only be present during key rotation)
|
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/verifiedaccess
For more information, see the OAuth 2.0 Overview.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-03-20 UTC.
[null,null,["Last updated 2025-03-20 UTC."],[[["\u003cp\u003eThe \u003ccode\u003echallenge.create\u003c/code\u003e API is accessed via a \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003ehttps://verifiedaccess.googleapis.com/v1/challenge\u003c/code\u003e and uses gRPC Transcoding syntax.\u003c/p\u003e\n"],["\u003cp\u003eThe request body must be empty, while the response body contains a \u003ccode\u003echallenge\u003c/code\u003e and may optionally contain an \u003ccode\u003ealternativeChallenge\u003c/code\u003e, both formatted as SignedData objects.\u003c/p\u003e\n"],["\u003cp\u003eThis API requires the \u003ccode\u003ehttps://www.googleapis.com/auth/verifiedaccess\u003c/code\u003e OAuth scope for authorization.\u003c/p\u003e\n"]]],[],null,["# Method: challenge.create\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Request body](#body.request_body)\n- [Response body](#body.response_body)\n - [JSON representation](#body.Challenge.SCHEMA_REPRESENTATION)\n- [Authorization scopes](#body.aspect)\n\nchallenge.create API\n\n### HTTP request\n\n`POST https://verifiedaccess.googleapis.com/v1/challenge`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Request body\n\nThe request body must be empty.\n\n### Response body\n\nResult message for VerifiedAccess.CreateChallenge.\n\nIf successful, the response body contains data with the following structure:\n\n| JSON representation |\n|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| ``` { \"challenge\": { object (/chrome/verified-access/reference/rest/v1/SignedData) }, \"alternativeChallenge\": { object (/chrome/verified-access/reference/rest/v1/SignedData) } } ``` |\n\n| Fields ||\n|------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `challenge` | `object (`[SignedData](/chrome/verified-access/reference/rest/v1/SignedData)`)` Generated challenge |\n| `alternativeChallenge` | `object (`[SignedData](/chrome/verified-access/reference/rest/v1/SignedData)`)` Challenge generated with the old signing key (this will only be present during key rotation) |\n\n### Authorization scopes\n\nRequires the following OAuth scope:\n\n- `https://www.googleapis.com/auth/verifiedaccess`\n\nFor more information, see the [OAuth 2.0 Overview](/identity/protocols/OAuth2)."]]