> ## Documentation Index
> Fetch the complete documentation index at: https://docs.streambird.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Verify Password (Enterprise)

> Verify user password and generate a session. When a new factor is added, a new `session_token` will be generated but inheriting the same session ID and history (e.g. OTP, magic link factors).
## Returns

A successful response returns an object with verified `user_id` and `session` properties.



## OpenAPI

````yaml post /v1/auth/passwords/verify
openapi: 3.1.0
info:
  title: MoonKey Auth API
  description: >-
    Explore all the details of MoonKey Auth API. All of our APIs are RESTful and
    accept and return JSON.
  version: v1
servers:
  - url: https://api.moonkey.fun
    description: Production
    variables: {}
security:
  - Authorization: []
tags:
  - name: Users
    description: User management API
  - name: Magic Links
    description: ''
  - name: OTPs
    description: >-
      Send OTP (One-time passcodes) by all the supported delivery methods such
      as SMS, email.
  - name: OAuth
    description: ''
  - name: Wallets Login
    description: ''
  - name: Managed Wallets
    description: ''
  - name: Wallet Import
    description: >-
      Import existing wallets into the platform using secure HPKE encryption.
      This flow ensures raw entropy (seed phrases or private keys) never touches
      the server in plaintext.
externalDocs:
  url: ''
  description: ''
paths:
  /v1/auth/passwords/verify:
    parameters: []
    post:
      tags:
        - Passwords
      summary: Verify Password (Enterprise)
      description: >-
        Verify user password and generate a session. When a new factor is added,
        a new `session_token` will be generated but inheriting the same session
        ID and history (e.g. OTP, magic link factors).

        ## Returns


        A successful response returns an object with verified `user_id` and
        `session` properties.
      operationId: VerifyPassword
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/VerifyPasswordRequest'
            examples:
              VerifyPasswordReq:
                value:
                  password: samplepass
                  session_token: >-
                    4KdNDr4QAMekuWssW7IDtF9mlsmkOj8QDRbp7oIGOb3Tv4sE3PjX6j6GypoYNnIB
        description: ''
      responses:
        '200':
          description: Verify Password (Enterprise) response
          content:
            application/json:
              schema:
                type: object
                properties:
                  session:
                    $ref: '#/components/schemas/Session'
                  user_id:
                    type: string
                  session_token:
                    type: string
                  session_jwt:
                    type: string
              examples:
                VerifyPasswordResp:
                  value:
                    session:
                      id: sess_2KF44T13b1clHEoOHpwEmTtldx5
                      user_id: user_2Cu2uVhYy0OVgRcO913OsqIVaPI
                      started_at: 1673556805
                      expires_at: 1673562817
                      last_active_at: 1673556817
                      factors:
                        - delivery_channel: email
                          type: otp
                          method:
                            method_id: email_24oXBL3PufzHkH1Jzyjc2EXYeo7
                            method_type: email
                            email_id: email_24oXBL3PufzHkH1Jzyjc2EXYeo7
                            email: sandbox@moonkey.fun
                            last_verified_at: 1673556805
                        - delivery_channel: password
                          type: password
                          method:
                            last_verified_at: 1673556817
                      device_fingerprint:
                        user_agent: Chrome
                        ip: ''
                      permissions: []
                      deleted: false
                      deleted_at: 0
                      updated_at: 1673556817
                      created_at: 1673556805
                    session_token: >-
                      4KdNDr4QAMekuWssW7IDtF9mlsmkOj8QDRbp7oIGOb3Tv4sE3PjX6j6GypoYNnIB
                    session_jwt: >-
                      eyJhbGciOiJSUzI1NiIsImtpZCI6Imp3a18yN0Q1dU9UaFIyZHNncmFYN1dWb0VMRzRxRVgiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjE2NzM1NjI4MTcsImh0dHBzOi8vc3RyZWFtYmlyZC5pby9qd3Qvc2Vzc2lvbiI6eyJpZCI6InNlc3NfMktGNDRUMTNiMWNsSEVvT0hwd0VtVHRsZHg1IiwidXNlcl9pZCI6ImRlOGRjM2IxLWI3ZTAtNGU3OS05MjU3LTZmNjgwZTUxOTcwYiIsInN0YXJ0ZWRfYXQiOjE2NzM1NTY4MDUsImV4cGlyZXNfYXQiOjE2NzM1NjI4MTcsImxhc3RfYWN0aXZlX2F0IjoxNjczNTU2ODE3LCJmYWN0b3JzIjpbeyJkZWxpdmVyeV9jaGFubmVsIjoiZW1haWwiLCJ0eXBlIjoib3RwIiwibWV0aG9kIjp7Im1ldGhvZF9pZCI6IjU5MzY2NTEzLWNmMzctNDE5Ni05NmY0LTI0ZGE3NTc3MjRiYSIsIm1ldGhvZF90eXBlIjoiZW1haWwiLCJlbWFpbF9pZCI6IjU5MzY2NTEzLWNmMzctNDE5Ni05NmY0LTI0ZGE3NTc3MjRiYSIsImVtYWlsIjoidGltQHN0cmVhbWJpcmQuaW8iLCJsYXN0X3ZlcmlmaWVkX2F0IjoxNjczNTU2ODA1fX0seyJkZWxpdmVyeV9jaGFubmVsIjoicGFzc3dvcmQiLCJ0eXBlIjoicGFzc3dvcmQiLCJtZXRob2QiOnsibGFzdF92ZXJpZmllZF9hdCI6MTY3MzU1NjgxN319XSwiZGV2aWNlX2ZpbmdlcnByaW50Ijp7InVzZXJfYWdlbnQiOiJDaHJvbWUiLCJpcCI6IiJ9LCJ1cGRhdGVkX2F0IjoxNjczNTU2ODE3LCJjcmVhdGVkX2F0IjoxNjczNTU2ODA1fSwiaWF0IjoxNjczNTU2ODE3LCJpc3MiOiJhcGkuc3RyZWFtYmlyZC5pby82ZTdjOWYxYi01ZTY2LTQwMGMtOTlhNy03ODM0MTFlMDNhYWMiLCJqdGkiOiJzZXNzXzJLRjQ0VDEzYjFjbEhFb09IcHdFbVR0bGR4NSIsIm5iZiI6MTY3MzU1NjgxNywic3ViIjoiZGU4ZGMzYjEtYjdlMC00ZTc5LTkyNTctNmY2ODBlNTE5NzBiIn0.ftGVnMztULiawr7XICEbKNT1KBep0XR3GHwzt-XWfz4BWSwUWEyueNUb1OVlS7wObyVZS6GvAHd2FfyJDv9LLneRzza6zuYxrZ6P52mI6zCGeyxJX95LBR5eyx-55Se_Z13cK1Lnky6xI4rm96wKvUkE3SObse9b1J7rXaZk_TF0Phss2-L53n_xTtXiDecPKe6DvnVh-AWv6pcDB4HpsMDSEiSgGo-0NNgcDNs5WuDz7W9AIOH_6DjfIghBx7RDr_S8EUkn55-w01uJjohHshTKtN2GsGgiR-mbpHum84RpakCMvXMqVURcQsjtQP7uN5qjllTXPI272QQkmGtQYg
                    user_id: user_2Cu2uVhYy0OVgRcO913OsqIVaPIb
components:
  schemas:
    VerifyPasswordRequest:
      type: object
      properties:
        user_id:
          type: string
          description: Unique given user ID.
        password:
          type: string
          description: User password.
        session_expires_in:
          type: integer
          description: >-
            Extend the session expiration time to N minutes from now, must be
            between 5 to 525600 minutes (365 days).
        session_token:
          type: string
          description: 'Unique Session token to verify. '
        session_jwt:
          type: string
          description: 'Unique Session JWT to verify. '
        device_fingerprint:
          type: object
          description: >-
            Device fingerprinting metadata for fraud detection during
            verification step. This is useful to ensure that the user who
            originated the request matches the user that verifies the token.
            Verification requirements can be enabled in the `Verify Token` step
            by matching fields in the `device_fingerprint` such as IP, User
            Agent or the combination of them (more fraud detection features
            **coming soon**!)
          properties:
            ip:
              type: string
              description: IP of the user originating the request.
            user_agent:
              type: string
              description: User Agent of the browser originating the request.
      required:
        - user_id
        - password
    Session:
      description: ''
      type: object
      x-examples:
        Session:
          id: sess_24tZ6tlJ7CxlTwB6Zoj6SHQ9vU3
          user_id: user_24wFP9pDa9YiMJLun94iKykoZs2
          session_token: 7hssInGtOjKGUh8w7T4NjgLIKKSw6UdZ8uOduBYmJzrtfV6GrNtaUYoGehRS6jBh
          started_at: 1643496805
          expires_at: 1643502805
          last_active_at: 1643496805
          factors:
            - delivery_channel: sms
              type: otp
              method:
                method_id: pn_24oXBLRv6BoHXbNZoTAZkAFlRsy
                method_type: phone_number
                phone_number_id: pn_24oXBLRv6BoHXbNZoTAZkAFlRsy
                phone_number: '+14152222222'
                last_verified_at: 1643496805
          device_fingerprint:
            user_agent: ''
            ip: 123.2.1.1
          updated_at: 1643496805
          created_at: 1643496805
      title: Session
      properties:
        id:
          type: string
          minLength: 1
        user_id:
          type: string
          minLength: 1
        session_token:
          type: string
          minLength: 1
        started_at:
          type: number
        expires_at:
          type: number
        last_active_at:
          type: number
        factors:
          type: array
          uniqueItems: true
          minItems: 1
          items:
            type: object
            properties:
              delivery_channel:
                type: string
                minLength: 1
                description: >-
                  Delivery channel for this factor. Possible values: sms, email,
                  totp_authenticator, totp_recovery_code, google_oauth,
                  apple_oauth, microsoft_oauth, discord_oauth, okta_oauth,
                  github_oauth, slack_oauth, facebook_oauth,
                  webauthn_credential, eth_wallet, sol_wallet.
              type:
                type: string
                minLength: 1
                description: >-
                  Authentication type of factor. Possible values: otp, oauth,
                  wallet, totp, webauthn.
              method:
                type: object
                required:
                  - method_id
                  - method_type
                  - last_verified_at
                properties:
                  id:
                    type: string
                  method_id:
                    type: string
                    minLength: 1
                  method_type:
                    type: string
                    minLength: 1
                    description: >-
                      Identifier method type. Possible values: email, wallet,
                      phone_number, webauthn.
                  last_verified_at:
                    type: number
                  phone_number_id:
                    type: string
                    minLength: 1
                  phone_number:
                    type: string
                    minLength: 1
                  email_id:
                    type: string
                  email:
                    type: string
                  wallet_type:
                    type: string
                  wallet_id:
                    type: string
                  wallet_public_address:
                    type: string
                  totp_id:
                    type: string
                  webauthn_credential_id:
                    type: string
                  provider_subject:
                    type: string
            required:
              - delivery_channel
              - type
              - method
        device_fingerprint:
          type: object
          required:
            - user_agent
            - ip
          properties:
            user_agent:
              type: string
            ip:
              type: string
              minLength: 1
        updated_at:
          type: number
        created_at:
          type: number
      required:
        - id
        - user_id
        - session_token
        - started_at
        - expires_at
        - last_active_at
        - factors
        - device_fingerprint
        - updated_at
        - created_at
  securitySchemes:
    Authorization:
      type: http
      scheme: bearer
      description: >-
        Auth Platform API includes all the Auth related features. All Users,
        Phone Numbers, Emails, and OTPs are associated with an `App` as the
        container.


        Endpoints only accept App's `Secret API keys` other than certain
        endpoints that are used client side or via SDK that accept the
        `public_token`.


        ## Authentication using App Api Key


        ## Header:


        ```

        Authorization: Bearer {api_key}

        ```


        ## Authenticated Request


        ```curl

        curl \
          -X GET https://api.moonkey.fun/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2 \
          -H "Authorization: Bearer sk_test_pRqweh3wvWmJAAVYv7Z0T5iPLzFM4ql0muoyQcjOxGeN3p1r"
        ```

````