> ## Documentation Index
> Fetch the complete documentation index at: https://docs.moralis.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Verify EVM challenge



## OpenAPI

````yaml /openapi-files/auth-api/auth.json post /challenge/verify/evm
openapi: 3.0.0
info:
  title: Auth API
  description: API that provides authentication services for dapps.
  version: '1.0'
  contact: {}
servers:
  - url: https://authapi.moralis.io
security: []
tags: []
externalDocs:
  description: View as JSON
  url: ../api-docs-json
paths:
  /challenge/verify/evm:
    post:
      tags:
        - Challenge
      summary: Verify EVM challenge
      operationId: verifyChallengeEvm
      parameters: []
      requestBody:
        required: true
        description: Verify EVM challenge message.
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EvmCompleteChallengeRequestDto'
      responses:
        '201':
          description: The token to be used to call the third party API from the client
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EvmCompleteChallengeResponseDto'
      security:
        - ApiKeyAuth: []
components:
  schemas:
    EvmCompleteChallengeRequestDto:
      type: object
      properties:
        message:
          type: string
          description: Message that needs to be signed by the end user.
          example: |-
            defi.finance wants you to sign in with your Ethereum account:
            0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B


            URI: https://defi.finance
            Version: 1
            Chain ID: 1
            Nonce: Px7Nh1RPzlCLwqgOb
            Issued At: 2022-11-30T10:20:00.262Z
        signature:
          type: string
          description: >-
            EIP-191 compliant signature signed by the Ethereum account address
            requesting authentication.
          example: >-
            0xa8f89a58bf9b433d3100f9e41ee35b5e31fb8c7cd62547acb113162ec6f2e4140207e2dfbd4e387e1801ebc7f08a9dd105ac1d22b2e2ff0df5fa8b6d9bdcfe491c
      required:
        - message
        - signature
    EvmCompleteChallengeResponseDto:
      type: object
      properties:
        id:
          type: string
          maxLength: 64
          minLength: 8
          description: >-
            17-characters Alphanumeric string Secret Challenge ID used to
            identify this particular request. Is should be used at the backend
            of the calling service to identify the completed request.
          example: fRyt67D3eRss3RrX
          pattern: ^[a-zA-Z0-9]{8,64}$
        domain:
          type: string
          description: RFC 4501 dns authority that is requesting the signing.
          example: defi.finance
          format: hostname
        statement:
          type: string
          description: >-
            Human-readable ASCII assertion that the user will sign, and it must
            not contain `

            `.
          example: Please confirm
        uri:
          type: string
          format: uri
          example: https://defi.finance/
          description: >-
            RFC 3986 URI referring to the resource that is the subject of the
            signing (as in the __subject__ of a claim).
        expirationTime:
          type: string
          format: date-time
          example: '2020-01-01T00:00:00.000Z'
          description: >-
            ISO 8601 datetime string that, if present, indicates when the signed
            authentication message is no longer valid.
        notBefore:
          type: string
          format: date-time
          example: '2020-01-01T00:00:00.000Z'
          description: >-
            ISO 8601 datetime string that, if present, indicates when the signed
            authentication message will become valid.
        resources:
          example:
            - https://docs.moralis.io/
          description: >-
            List of information or references to information the user wishes to
            have resolved as part of authentication by the relying party. They
            are expressed as RFC 3986 URIs separated by `

            - `.
          type: array
          items:
            type: string
        version:
          type: string
          example: '1.0'
          description: >-
            EIP-155 Chain ID to which the session is bound, and the network
            where Contract Accounts must be resolved.
        nonce:
          type: string
          example: '0x1234567890abcdef0123456789abcdef1234567890abcdef'
        profileId:
          type: string
          description: Unique identifier with a length of 66 characters
          example: '0xbfbcfab169c67072ff418133124480fea02175f1402aaa497daa4fd09026b0e1'
        chainId:
          type: string
          enum:
            - '1'
            - '5'
            - '10'
            - '25'
            - '56'
            - '97'
            - '100'
            - '137'
            - '250'
            - '338'
            - '420'
            - '1284'
            - '1285'
            - '1337'
            - '8453'
            - '43113'
            - '43114'
            - '80001'
            - '80002'
            - '84531'
            - '88888'
            - '11155111'
          example: 1
          description: >-
            EIP-155 Chain ID to which the session is bound, and the network
            where Contract Accounts must be resolved.
        address:
          type: string
          example: '0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B'
          description: >-
            Ethereum address performing the signing conformant to capitalization
            encoded checksum specified in EIP-55 where applicable.
      required:
        - id
        - domain
        - uri
        - version
        - nonce
        - profileId
        - chainId
        - address
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key

````