> ## Documentation Index
> Fetch the complete documentation index at: https://docs.moralis.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Verify Aptos challenge



## OpenAPI

````yaml /openapi-files/auth-api/auth.json post /challenge/verify/aptos
openapi: 3.0.0
info:
  title: Auth API
  description: API that provides authentication services for dapps.
  version: '1.0'
  contact: {}
servers:
  - url: https://authapi.moralis.io
security: []
tags: []
externalDocs:
  description: View as JSON
  url: ../api-docs-json
paths:
  /challenge/verify/aptos:
    post:
      tags:
        - Challenge
      summary: Verify Aptos challenge
      operationId: verifyChallengeAptos
      parameters: []
      requestBody:
        required: true
        description: Verify Aptos challenge message.
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AptosCompleteChallengeRequestDto'
      responses:
        '201':
          description: The token to be used to call the third party API from the client
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AptosCompleteChallengeResponseDto'
      security:
        - ApiKeyAuth: []
components:
  schemas:
    AptosCompleteChallengeRequestDto:
      type: object
      properties:
        message:
          type: string
          description: Message that needs to be signed by the end user.
          example: |-
            defi.finance wants you to sign in with your Aptos account:
            0xfb2853744bb8afd58d9386d1856afd8e08de135019961dfa3a10d8c9bf83b99d


            URI: https://defi.finance
            Version: 1
            Chain ID: 1
            Nonce: Px7Nh1RPzlCLwqgOb
            Issued At: 2022-11-30T10:20:00.262Z
        signature:
          type: string
          description: >-
            EIP-191 compliant signature signed by the Aptos account address
            requesting authentication.
          example: >-
            0xa8f89a58bf9b433d3100f9e41ee35b5e31fb8c7cd62547acb113162ec6f2e4140207e2dfbd4e387e1801ebc7f08a9dd105ac1d22b2e2ff0df5fa8b6d9bdcfe491c
      required:
        - message
        - signature
    AptosCompleteChallengeResponseDto:
      type: object
      properties:
        id:
          type: string
          maxLength: 64
          minLength: 8
          description: >-
            17-characters Alphanumeric string Secret Challenge ID used to
            identify this particular request. Is should be used at the backend
            of the calling service to identify the completed request.
          example: fRyt67D3eRss3RrX
          pattern: ^[a-zA-Z0-9]{8,64}$
        domain:
          type: string
          description: RFC 4501 dns authority that is requesting the signing.
          example: defi.finance
          format: hostname
        statement:
          type: string
          description: >-
            Human-readable ASCII assertion that the user will sign, and it must
            not contain `

            `.
          example: Please confirm
        uri:
          type: string
          format: uri
          example: https://defi.finance/
          description: >-
            RFC 3986 URI referring to the resource that is the subject of the
            signing (as in the __subject__ of a claim).
        expirationTime:
          type: string
          format: date-time
          example: '2020-01-01T00:00:00.000Z'
          description: >-
            ISO 8601 datetime string that, if present, indicates when the signed
            authentication message is no longer valid.
        notBefore:
          type: string
          format: date-time
          example: '2020-01-01T00:00:00.000Z'
          description: >-
            ISO 8601 datetime string that, if present, indicates when the signed
            authentication message will become valid.
        resources:
          example:
            - https://docs.moralis.io/
          description: >-
            List of information or references to information the user wishes to
            have resolved as part of authentication by the relying party. They
            are expressed as RFC 3986 URIs separated by `

            - `.
          type: array
          items:
            type: string
        version:
          type: string
          example: '1.0'
          description: >-
            EIP-155 Chain ID to which the session is bound, and the network
            where Contract Accounts must be resolved.
        nonce:
          type: string
          example: '0x1234567890abcdef0123456789abcdef1234567890abcdef'
        profileId:
          type: string
          description: Unique identifier with a length of 66 characters
          example: '0xbfbcfab169c67072ff418133124480fea02175f1402aaa497daa4fd09026b0e1'
        network:
          type: string
          enum:
            - mainnet
            - testnet
          example: mainnet
          description: The network where Contract Accounts must be resolved.
        address:
          type: string
          example: '0xfb2853744bb8afd58d9386d1856afd8e08de135019961dfa3a10d8c9bf83b99d'
          description: Aptos address performing the signing conformant.
        publicKey:
          type: string
          example: '0xfb2853744bb8afd58d9386d1856afd8e08de135019961dfa3a10d8c9bf83b99d'
          description: Aptos public key performing the signing conformant.
      required:
        - id
        - domain
        - uri
        - version
        - nonce
        - profileId
        - network
        - address
        - publicKey
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key

````