POST
/
api
/
v1
/
authenticate

Authorizations

X-Client-Secret
string
headerrequired

Contact Mesh to get client Secret

X-Client-Id
string
headerrequired

Contact Mesh to get client Id

Query Parameters

userId
string
required

Id of the end-user

Maximum length: 50

Body

application/json
type
enum<string>
required
Available options:
robinhood,
eTrade,
alpaca,
tdAmeritrade,
weBull,
stash,
interactiveBrokers,
public,
coinbase,
kraken,
coinbasePro,
cryptoCom,
openSea,
binanceUs,
gemini,
cryptocurrencyAddress,
cryptocurrencyWallet,
okCoin,
bittrex,
kuCoin,
etoro,
cexIo,
binanceInternational,
bitstamp,
gateIo,
acorns,
okx,
bitFlyer,
coinlist,
huobi,
bitfinex,
deFiWallet,
krakenDirect,
vanguard,
binanceInternationalDirect,
bitfinexDirect,
bybit,
paxos,
coinbasePrime,
btcTurkDirect,
kuCoinDirect,
okxOAuth,
paribuDirect,
robinhoodConnect,
blockchainCom,
bitsoDirect,
binanceConnect,
binanceOAuth,
revolutConnect,
binancePay
phone
string | null
username
string | null
password
string | null
tradePin
string | null
countryInfo
object
challengeId
string | null
challengeCode
string | null
challengeType
string | null
challengeAnswer
string | null

Used to provide answers to security questions

mfaCode
string | null
mfaType
enum<string>
Available options:
phone,
email,
totp,
phoneAndEmail,
requireNextSecurityQuestion,
readEmail,
face,
tradingPin,
qrCode,
password,
roaming,
mobile
deviceInfo
string | null
webData
string | null
authFlowStep
enum<string>
Available options:
loginPassword,
mfaFlow,
faceVerification,
createAPIKey,
loginQrCode
key
string | null
authToken
string | null
redirectLink
string | null
confirmationEmail
string | null
isSensitiveFieldsEncrypted
boolean

Indicates whether the sensitive fields in this request are encrypted. When set to true, the following fields should be encrypted using Base64 encoding:

  • Username
  • Password
  • Phone
  • TradePin
  • ChallengeAnswer
  • MfaCode
  • DeviceInfo
  • ConfirmationEmail

Base64 encoding is used to encode these fields into a format that can be safely transmitted and stored.

isTryingAnotherWay
boolean

Flag indicating that the user is attempting to switch to the next available 2FA method (e.g., Email, Google Authenticator) after failing to complete or canceling the current verification method (e.g., Roaming 2FA).

This field is primarily used for Robinhood and BinanceInternationalDirect on the DeviceConfirmationPage when a user clicks the "Try Another Way" button. It informs the backend to move to the next MFA method instead of retrying the current one.

Response

200 - application/json
status
enum<string>
Available options:
ok,
serverFailure,
permissionDenied,
badRequest,
notFound,
conflict,
tooManyRequest,
locked,
unavailableForLegalReasons
message
string | null

A message generated by the API

displayMessage
string | null

User-friendly display message that can be presented to the end user

errorType
string | null

Strictly-typed error type that is explaining the reason of an unsuccessful status of the operation. All possible error types are available in the documentation.

errorData
any | null
content
object
Get authentication schemesGet OAuth authentication link