Request Secure GridPlus authentication

This command allows you to request a single Secure GridPlus authentication.

The server will respond with a unique identifier for each authentication request (referred to as an API request ID). This API request ID can be used to track and monitor the status of your authentication request.


Note that the REST API may respond with various HTTP status codes.

Secure GridPlus challenge flow

  • Step 1: Make an HTTP POST to have a GridPlus challenge sent to a mobile number. You specify the GridPlus categories as well as various optional parameters within your JSON data packet. An API request ID is returned.
  • Step 2: Use the resulting request ID to check the status of the GridPlus authentication by making a GET call to the Secure REST API. You can make the call every five seconds for example to determine the status of an authentication.
  • Step 3: As a response, (HTTP GET) you will receive a data packet with the status the challenge (challengeSolved) set to either true or false, as well as a description of the status.



It makes a new multi-factor authentication (MFA) request. A message is sent with a challenge to the user (such as a PIN code or a grid of images).

API Endpoint

Supported parameters

  • to [ Required – MSISDN ]
  • from [ Optional – For sending from a two-way number or specifying a custom sender ID ]
  • authType [ Required – gridplus ]
  • numberOfChallenges [ Required – JSON array of image categories ]
  • overrideExpireTime [ Optional – Default is 5 minutes ]
  • maximumRetries [ Optional – Default is 1 attempt ]
  • numberOfImagesPerChallenge [ Optional – Default is 6 category images ]
  • companyImageUrl [ Optional – Default is Clickatell Secure’s logo ]


  • API Request ID (to reference the MFA)
  • Only one mobile number can be specified per HTTP request.


  • The from parameter represents the two-way number that you are sending from. This parameter is only required if you want to send messages using a two-way number (short code or long number).
  • The maximumRetries parameter indicates how many chances a user has to solve a GridPlus challenge.



POST /rest/auth HTTP/1.1
X-Version: 1
Content-Type: application/json
Authorization: Bearer [Your Authorization Token]
Accept: application/json


HTTP/1.1 202 Accepted
Content-Type: application/json

Sample code


$authToken="<place auth token here>";

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL,            "");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST,           1);
curl_setopt($ch, CURLOPT_POSTFIELDS,     "{\"authType\":\"$authType\"
curl_setopt($ch, CURLOPT_HTTPHEADER,     array(
    "X-Version: 1",
    "Content-Type: application/JSON",
    "Accept: application/JSON",
    "Authorization: Bearer $authToken"

$result = curl_exec($ch);