> ## Documentation Index > Fetch the complete documentation index at: https://developers.bonifiq.com.br/llms.txt > Use this file to discover all available pages before exploring further. # Creates a challenge (OTP) to confirm that the customer is the owner of the points > When this endpoint is called BonifiQ sends a unique PIN code to the customer Phone (SMS) or E-mail. The customer must inform this number in the /challengevalidate endpoint call ## OpenAPI ````yaml https://api.bonifiq.com.br/swagger/Private%20APIs/swagger.json post /v1/pvt/POS/customers/{id}/challenge openapi: 3.0.0 info: title: BonifiQ Private APIs description: >- # Introduction This is the BonifiQ Private APIs documentation. With these endpoints you can interact with BonifiQ systems and enhance your program points. # Limitations These endpoints are intended to be used in backend communication so they are not CORS-compatible and cannot be used by in-browser frontend libraries (such as React, Angular, Vue, jQuery, etc) If are required to call BonifiQ API from a browser, please refer to our [Public APIs](https://api.bonifiq.com.br/apidocs/public) # Authentication These Private APis use the [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) scheme. You need both an API Token (Username) and API Key (Password) to use with it You can generate this key pair in BonifiQ admin panel, at the "API Keys" menu. # How to use this page ## Making calls You can simulate, test and make calls to API from this Swagger page. To do that: - Click on the **Authorize** button - Inform the Username (API Token) and Passwoird (API Key) and click on **Authorize** - From the list bellow, choose an API call and click on **Try it out** - Inform the required parameters (if any) and click on **Execute** ## Verifying requests and responses bodies In every API Call there is an explanation of what each field means, theirs types and accepted values for all Requests and Responses. To view this information, just go to any API Call bellow and in the Responses section, click on the Schema. version: 1.0.0 servers: - url: https://api.bonifiq.com.br security: [] tags: - name: POS description: >- Flow methods to integrate BonifiQ with a POS system. Check the Flow Documentation link on the right externalDocs: description: Flow Documentation url: >- https://suporte.bonifiq.com.br/support/solutions/articles/159000319538-integrar-com-pdv - name: Checkout description: Operations related to checkout cashback redeem, refresh and removal - name: Customization description: Retrieve customizations for the loyalty program - name: Rewards description: Interact with rewards already redeemed paths: /v1/pvt/POS/customers/{id}/challenge: post: tags: - POS summary: >- Creates a challenge (OTP) to confirm that the customer is the owner of the points description: >- When this endpoint is called BonifiQ sends a unique PIN code to the customer Phone (SMS) or E-mail. The customer must inform this number in the /challengevalidate endpoint call operationId: POS_Challenge parameters: - name: id in: path required: true schema: type: string x-position: 1 requestBody: x-name: request content: application/json: schema: $ref: '#/components/schemas/CustomerChallengeRequest' required: true x-position: 2 responses: '200': description: '' content: application/json: schema: $ref: '#/components/schemas/CustomerChallengeResponse' security: - Basic Authentication: [] components: schemas: CustomerChallengeRequest: type: object additionalProperties: false properties: TransactionId: type: string description: >- This is a unique ID that is used to identify this request. Can be any string that is linked to the currente purchase. If no ID is available, the current timestamp can be used nullable: true Phone: type: string description: >- If the customers dont have a phone number in BonifiQ yet it can be informed by the customer. BonifiQ can use this number to execute the challenge nullable: true Email: type: string description: >- If the customer dont have an e-mail address yet in BonifiQ it can be informed by the customer. BonifiQ can use this address to execute the challenge nullable: true Document: type: string description: >- Customer document. Used only when a new customer is created by this challenge flow. nullable: true Name: type: string description: >- Customer name. Used only when a new customer is created by this challenge flow. nullable: true CustomerChallengeResponse: type: object additionalProperties: false properties: Success: type: boolean description: If true, the challenge was successfuly sent FriendlyErrorMessage: type: string description: If Success=false them this field will display some helpful message ShouldInformPhone: type: boolean description: >- Is Success=False and this field is true them the customer Phone must be informed in a new request call ShouldInformEmail: type: boolean description: >- Is Success=False and this field is true them the customer Email must be informed in a new request call SentBySMS: type: boolean description: If true, the challenge PIN was sent by SMS SentByEmail: type: boolean description: If true, the challenge PIN was sent by Email TransactionId: type: string description: Same Transaction ID as informed in the request nullable: true ErrorMessage: type: string description: >- If Success=false this field will show information regarding the problem nullable: true Code: type: string description: The code sent to the customer securitySchemes: Basic Authentication: type: http description: Use API Basic Auth Keys name: Basic Authentication in: header scheme: basic ````