[{"data":1,"prerenderedAt":499},["ShallowReactive",2],{"docsv3-nav":3,"\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchallenges":198},[4],{"title":5,"path":6,"stem":7,"children":8,"page":188},"V3","\u002Fdocs\u002Fv3","1.docs\u002Fv3",[9,13,17,21,38,87,189],{"title":10,"path":11,"stem":12},"Introduction","\u002Fdocs\u002Fv3\u002Fintroduction","1.docs\u002Fv3\u002F1.Introduction",{"title":14,"path":15,"stem":16},"Quick start","\u002Fdocs\u002Fv3\u002Fquick-start","1.docs\u002Fv3\u002F2.Quick start",{"title":18,"path":19,"stem":20},"Challenge flow","\u002Fdocs\u002Fv3\u002Fchallenge-flow","1.docs\u002Fv3\u002F3.Challenge flow",{"title":22,"path":23,"stem":24,"children":25},"Fundamentals","\u002Fdocs\u002Fv3\u002Ffundamentals","1.docs\u002Fv3\u002F4.fundamentals",[26,30,34],{"title":27,"path":28,"stem":29},"Signup protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Fsignup-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F00.Signup protection",{"title":31,"path":32,"stem":33},"Login protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Flogin-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F01.Login protection",{"title":35,"path":36,"stem":37},"Access protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Faccess-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F02.Access protection",{"title":39,"path":40,"stem":41,"children":42},"Guides","\u002Fdocs\u002Fv3\u002Fguides","1.docs\u002Fv3\u002F5.guides",[43,47,51,55,59,63,67,71,75,79,83],{"title":44,"path":45,"stem":46},"Account sharing prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Faccount-sharing-prevention","1.docs\u002Fv3\u002F5.guides\u002F1.Account sharing prevention",{"title":48,"path":49,"stem":50},"Web scraping prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fweb-scraping-prevention","1.docs\u002Fv3\u002F5.guides\u002F13.Web scraping prevention",{"title":52,"path":53,"stem":54},"Ban enforcement","\u002Fdocs\u002Fv3\u002Fguides\u002Fban-enforcement","1.docs\u002Fv3\u002F5.guides\u002F14.Ban enforcement",{"title":56,"path":57,"stem":58},"Chargeback dispute","\u002Fdocs\u002Fv3\u002Fguides\u002Fchargeback-dispute","1.docs\u002Fv3\u002F5.guides\u002F15.Chargeback dispute",{"title":60,"path":61,"stem":62},"Multi-accounting prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fmulti-accounting-prevention","1.docs\u002Fv3\u002F5.guides\u002F16.Multi-accounting prevention",{"title":64,"path":65,"stem":66},"Account takeover prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Faccount-takeover-prevention","1.docs\u002Fv3\u002F5.guides\u002F2.Account takeover prevention",{"title":68,"path":69,"stem":70},"Risky transaction prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Frisky-transaction-prevention","1.docs\u002Fv3\u002F5.guides\u002F20.Risky transaction prevention",{"title":72,"path":73,"stem":74},"Fake account detection","\u002Fdocs\u002Fv3\u002Fguides\u002Ffake-account-detection","1.docs\u002Fv3\u002F5.guides\u002F3.Fake account detection",{"title":76,"path":77,"stem":78},"Bot detection","\u002Fdocs\u002Fv3\u002Fguides\u002Fbot-detection","1.docs\u002Fv3\u002F5.guides\u002F4.Bot detection",{"title":80,"path":81,"stem":82},"Card testing prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fcard-testing-prevention","1.docs\u002Fv3\u002F5.guides\u002F5.Card testing prevention",{"title":84,"path":85,"stem":86},"Incentive abuse prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fincentive-abuse-prevention","1.docs\u002Fv3\u002F5.guides\u002F9.Incentive abuse prevention",{"title":88,"path":89,"stem":90,"children":91,"page":188},"Concepts","\u002Fdocs\u002Fv3\u002Fconcepts","1.docs\u002Fv3\u002F6.concepts",[92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184],{"title":93,"path":94,"stem":95},"Evaluations","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fevaluations","1.docs\u002Fv3\u002F6.concepts\u002F01.evaluations",{"title":97,"path":98,"stem":99},"Actions","\u002Fdocs\u002Fv3\u002Fconcepts\u002Factions","1.docs\u002Fv3\u002F6.concepts\u002F02.actions",{"title":101,"path":102,"stem":103},"Signals","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fsignals","1.docs\u002Fv3\u002F6.concepts\u002F03.signals",{"title":105,"path":106,"stem":107},"Checks","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchecks","1.docs\u002Fv3\u002F6.concepts\u002F04.checks",{"title":109,"path":110,"stem":111},"Risks","\u002Fdocs\u002Fv3\u002Fconcepts\u002Frisks","1.docs\u002Fv3\u002F6.concepts\u002F05.risks",{"title":113,"path":114,"stem":115},"Verdicts","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fverdicts","1.docs\u002Fv3\u002F6.concepts\u002F06.verdicts",{"title":117,"path":118,"stem":119},"Policies","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpolicies","1.docs\u002Fv3\u002F6.concepts\u002F07.policies",{"title":121,"path":122,"stem":123},"Challenges","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchallenges","1.docs\u002Fv3\u002F6.concepts\u002F08.challenges",{"title":125,"path":126,"stem":127},"Concurrency","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fconcurrency","1.docs\u002Fv3\u002F6.concepts\u002F09.concurrency",{"title":129,"path":130,"stem":131},"Impossible travel","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fimpossible-travel","1.docs\u002Fv3\u002F6.concepts\u002F10.impossible-travel",{"title":133,"path":134,"stem":135},"Bots","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fbots","1.docs\u002Fv3\u002F6.concepts\u002F11.bots",{"title":137,"path":138,"stem":139},"Devices","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fdevices","1.docs\u002Fv3\u002F6.concepts\u002F12.devices",{"title":141,"path":142,"stem":143},"Fingerprints","\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffingerprints","1.docs\u002Fv3\u002F6.concepts\u002F13.fingerprints",{"title":145,"path":146,"stem":147},"People","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpeople","1.docs\u002Fv3\u002F6.concepts\u002F14.people",{"title":149,"path":150,"stem":151},"Lists","\u002Fdocs\u002Fv3\u002Fconcepts\u002Flists","1.docs\u002Fv3\u002F6.concepts\u002F15.lists",{"title":153,"path":154,"stem":155},"Account takeover","\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-takeover","1.docs\u002Fv3\u002F6.concepts\u002F16.account-takeover",{"title":157,"path":158,"stem":159},"Account sharing","\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-sharing","1.docs\u002Fv3\u002F6.concepts\u002F17.account-sharing",{"title":161,"path":162,"stem":163},"Fake account","\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffake-account","1.docs\u002Fv3\u002F6.concepts\u002F18.fake-account",{"title":165,"path":166,"stem":167},"Scraping","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fscraping","1.docs\u002Fv3\u002F6.concepts\u002F19.scraping",{"title":169,"path":170,"stem":171},"Linked accounts","\u002Fdocs\u002Fv3\u002Fconcepts\u002Flinked-accounts","1.docs\u002Fv3\u002F6.concepts\u002F20.linked-accounts",{"title":173,"path":174,"stem":175},"New IP","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fip","1.docs\u002Fv3\u002F6.concepts\u002F21.ip",{"title":177,"path":178,"stem":179},"Anonymizing network","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fanonymizing-network","1.docs\u002Fv3\u002F6.concepts\u002F22.anonymizing-network",{"title":181,"path":182,"stem":183},"Email quality","\u002Fdocs\u002Fv3\u002Fconcepts\u002Femail","1.docs\u002Fv3\u002F6.concepts\u002F23.email",{"title":185,"path":186,"stem":187},"Velocity","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fvelocity","1.docs\u002Fv3\u002F6.concepts\u002F24.velocity",false,{"title":190,"path":191,"stem":192,"children":193,"page":188},"Advanced","\u002Fdocs\u002Fv3\u002Fadvanced","1.docs\u002Fv3\u002F7.Advanced",[194],{"title":195,"path":196,"stem":197},"Proxy setup","\u002Fdocs\u002Fv3\u002Fadvanced\u002Fproxy-setup","1.docs\u002Fv3\u002F7.Advanced\u002F1.Proxy-setup",{"id":199,"title":121,"body":200,"description":492,"extension":493,"meta":494,"navigation":495,"path":122,"rawbody":496,"seo":497,"stem":123,"__hash__":498},"docsv3\u002F1.docs\u002Fv3\u002F6.concepts\u002F08.challenges.md",{"type":201,"value":202,"toc":486},"minimark",[203,207,225,235,240,243,260,263,267,270,328,385,413,417,424,466,475,479,482],[204,205,121],"h1",{"id":206},"challenges",[208,209,210,211,215,216,219,220,224],"p",{},"A challenge is the interactive verification step Rupt runs when an ",[212,213,214],"a",{"href":94},"evaluation's"," ",[212,217,218],{"href":114},"verdict"," is ",[221,222,223],"code",{},"challenge",". It interrupts the user, asks them to prove they own the account through a channel you trust, and records the outcome on the challenge.",[208,226,227,228,231,232,234],{},"Challenges fire automatically. When a ",[212,229,230],{"href":118},"policy"," whose action is ",[221,233,223],{}," matches, Rupt creates the challenge and the SDK redirects the user to the challenge UI.",[236,237,239],"h2",{"id":238},"channels","Channels",[208,241,242],{},"A challenge verifies the user over the channels you've configured:",[244,245,246,254],"ul",{},[247,248,249,253],"li",{},[250,251,252],"strong",{},"Email",": a code sent to the email on file.",[247,255,256,259],{},[250,257,258],{},"SMS",": a code sent to the phone on file.",[208,261,262],{},"You can require every configured channel, or accept any one of them.",[236,264,266],{"id":265},"status-lifecycle","Status lifecycle",[208,268,269],{},"Every challenge moves through a fixed set of statuses:",[271,272,277],"pre",{"className":273,"code":274,"language":275,"meta":276,"style":276},"language-sh shiki shiki-themes material-theme-lighter one-dark-pro monokai","created → presented → code_sent → verified → completed\n                          ↓\n                    skipped \u002F overridden\n","sh","",[221,278,279,310,316],{"__ignoreMap":276},[280,281,284,288,292,295,297,300,302,305,307],"span",{"class":282,"line":283},"line",1,[280,285,287],{"class":286},"sHrIR","created",[280,289,291],{"class":290},"siibJ"," →",[280,293,294],{"class":290}," presented",[280,296,291],{"class":290},[280,298,299],{"class":290}," code_sent",[280,301,291],{"class":290},[280,303,304],{"class":290}," verified",[280,306,291],{"class":290},[280,308,309],{"class":290}," completed\n",[280,311,313],{"class":282,"line":312},2,[280,314,315],{"class":286},"                          ↓\n",[280,317,319,322,325],{"class":282,"line":318},3,[280,320,321],{"class":286},"                    skipped",[280,323,324],{"class":290}," \u002F",[280,326,327],{"class":290}," overridden\n",[244,329,330,337,345,353,361,369,377],{},[247,331,332,336],{},[250,333,334],{},[221,335,287],{},": the policy fired and the challenge record exists, but the user hasn't seen it yet.",[247,338,339,344],{},[250,340,341],{},[221,342,343],{},"presented",": the user has loaded the challenge UI.",[247,346,347,352],{},[250,348,349],{},[221,350,351],{},"code_sent",": a verification code has gone out.",[247,354,355,360],{},[250,356,357],{},[221,358,359],{},"verified",": the user entered the right code.",[247,362,363,368],{},[250,364,365],{},[221,366,367],{},"completed",": the challenge is fully resolved in the user's favor.",[247,370,371,376],{},[250,372,373],{},[221,374,375],{},"skipped",": the user chose to skip the challenge. Skipping is off by default; it's available only when you allow it, and only up to the skip limit you set.",[247,378,379,384],{},[250,380,381],{},[221,382,383],{},"overridden",": a newer challenge replaced this one. When Rupt issues a fresh challenge for the same user and device, it marks any still-pending earlier one as overridden.",[208,386,387,388,390,391,393,394,397,398,401,402,404,405,407,408,412],{},"The ",[212,389,218],{"href":114}," on the evaluation is a snapshot from the moment it ran. It stays ",[221,392,223],{}," and doesn't flip to ",[221,395,396],{},"allow"," on its own. To decide whether to honor the action, read the challenge's ",[221,399,400],{},"status",": honor it once the status is ",[221,403,367],{},", and keep blocking for anything else, like ",[221,406,375],{}," or a challenge that simply hasn't completed yet. See ",[212,409,411],{"href":410},"\u002Fdocs\u002Fv3\u002Fquick-start#3-confirm-the-evaluation-server-side","Quick start step 3",".",[236,414,416],{"id":415},"categories","Categories",[208,418,419,420,423],{},"Each challenge carries a ",[221,421,422],{},"type"," that records why it fired:",[244,425,426,434,442,450,458],{},[247,427,428,433],{},[250,429,430],{},[221,431,432],{},"account_sharing",": too many concurrent users or devices on the account.",[247,435,436,441],{},[250,437,438],{},[221,439,440],{},"account_takeover",": a login from an unfamiliar device or location.",[247,443,444,449],{},[250,445,446],{},[221,447,448],{},"multi_accounting",": the same fingerprint across accounts that should be independent.",[247,451,452,457],{},[250,453,454],{},[221,455,456],{},"fake_account",": the signup looks synthetic.",[247,459,460,465],{},[250,461,462],{},[221,463,464],{},"repeat_trial",": the same person re-creating throwaway accounts.",[208,467,387,468,470,471,474],{},[221,469,422],{}," comes back on the challenge object returned with the ",[212,472,473],{"href":94},"evaluation",", and Rupt uses it to tailor the wording the user sees.",[236,476,478],{"id":477},"the-challenge-ui","The challenge UI",[208,480,481],{},"The SDK redirects the user to Rupt's hosted challenge UI. It handles channel selection, code entry, retries, and rate-limiting, and applies the branding and language you've configured: English, Spanish, French, and Arabic out of the box.",[483,484,485],"style",{},"html pre.shiki code .sHrIR, html code.shiki .sHrIR{--shiki-light:#E2931D;--shiki-default:#61AFEF;--shiki-dark:#A6E22E}html pre.shiki code .siibJ, html code.shiki .siibJ{--shiki-light:#91B859;--shiki-default:#98C379;--shiki-dark:#E6DB74}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":276,"searchDepth":312,"depth":312,"links":487},[488,489,490,491],{"id":238,"depth":312,"text":239},{"id":265,"depth":312,"text":266},{"id":415,"depth":312,"text":416},{"id":477,"depth":312,"text":478},"A challenge is the interactive verification step Rupt runs when a verdict is challenge. It walks the user through email or SMS verification and records whether they passed.","md",{},true,"---\ntitle: Challenges\ndescription: A challenge is the interactive verification step Rupt runs when a verdict is challenge. It walks the user through email or SMS verification and records whether they passed.\n---\n\n# Challenges\n\nA challenge is the interactive verification step Rupt runs when an [evaluation's](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fevaluations) [verdict](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fverdicts) is `challenge`. It interrupts the user, asks them to prove they own the account through a channel you trust, and records the outcome on the challenge.\n\nChallenges fire automatically. When a [policy](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpolicies) whose action is `challenge` matches, Rupt creates the challenge and the SDK redirects the user to the challenge UI.\n\n## Channels\n\nA challenge verifies the user over the channels you've configured:\n\n- **Email**: a code sent to the email on file.\n- **SMS**: a code sent to the phone on file.\n\nYou can require every configured channel, or accept any one of them.\n\n## Status lifecycle\n\nEvery challenge moves through a fixed set of statuses:\n\n```sh\ncreated → presented → code_sent → verified → completed\n                          ↓\n                    skipped \u002F overridden\n```\n\n- **`created`**: the policy fired and the challenge record exists, but the user hasn't seen it yet.\n- **`presented`**: the user has loaded the challenge UI.\n- **`code_sent`**: a verification code has gone out.\n- **`verified`**: the user entered the right code.\n- **`completed`**: the challenge is fully resolved in the user's favor.\n- **`skipped`**: the user chose to skip the challenge. Skipping is off by default; it's available only when you allow it, and only up to the skip limit you set.\n- **`overridden`**: a newer challenge replaced this one. When Rupt issues a fresh challenge for the same user and device, it marks any still-pending earlier one as overridden.\n\nThe [verdict](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fverdicts) on the evaluation is a snapshot from the moment it ran. It stays `challenge` and doesn't flip to `allow` on its own. To decide whether to honor the action, read the challenge's `status`: honor it once the status is `completed`, and keep blocking for anything else, like `skipped` or a challenge that simply hasn't completed yet. See [Quick start step 3](\u002Fdocs\u002Fv3\u002Fquick-start#3-confirm-the-evaluation-server-side).\n\n## Categories\n\nEach challenge carries a `type` that records why it fired:\n\n- **`account_sharing`**: too many concurrent users or devices on the account.\n- **`account_takeover`**: a login from an unfamiliar device or location.\n- **`multi_accounting`**: the same fingerprint across accounts that should be independent.\n- **`fake_account`**: the signup looks synthetic.\n- **`repeat_trial`**: the same person re-creating throwaway accounts.\n\nThe `type` comes back on the challenge object returned with the [evaluation](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fevaluations), and Rupt uses it to tailor the wording the user sees.\n\n## The challenge UI\n\nThe SDK redirects the user to Rupt's hosted challenge UI. It handles channel selection, code entry, retries, and rate-limiting, and applies the branding and language you've configured: English, Spanish, French, and Arabic out of the box.\n",{"title":121,"description":492},"UGRYNro2puT1PLYNudzqhOrQ5QXh9SIxvRArxqvI0tc",1780344893438]