stellar-sdk/com.soneso.stellar.sdk.sep.sep10/WebAuth/getChallenge

getChallenge

suspend fun getChallenge(clientAccountId: String, memo: Long? = null, homeDomain: String? = null, clientDomain: String? = null): ChallengeResponse

Requests a challenge transaction from the authentication server.

This is the first step of the SEP-10 authentication flow. The server generates a challenge transaction specifically for the client account and returns it as base64-encoded XDR.

The challenge transaction:

  • Has sequence number 0 (cannot be submitted to network)

  • Contains ManageData operations with authentication metadata

  • Is already signed by the server

  • Has time bounds to prevent replay attacks

  • Includes the home domain in the first operation

HTTP Request:

GET {authEndpoint}?account={clientAccountId}[&memo={memo}][&home_domain={homeDomain}][&client_domain={clientDomain}]
Content copied to clipboard

Example - Basic challenge request:

val challenge = webAuth.getChallenge(clientAccountId = "GACCOUNT...")
println("Challenge XDR: ${challenge.transaction}")
Content copied to clipboard

Example - With memo for sub-account:

val challenge = webAuth.getChallenge(
    clientAccountId = custodialAccountId,
    memo = 12345
)
Content copied to clipboard

Example - With client domain:

val challenge = webAuth.getChallenge(
    clientAccountId = "GACCOUNT...",
    clientDomain = "wallet.mycompany.com"
)
Content copied to clipboard

Security note: Always validate the returned challenge with validateChallenge before signing it. Never sign an unvalidiated challenge.

Return

ChallengeResponse containing challenge transaction XDR

Parameters

clientAccountId

Stellar account ID to authenticate (G... or M... address)

memo

Optional ID memo for sub-account identification

homeDomain

Optional home domain for multi-domain servers

clientDomain

Optional client domain for domain verification

Throws

If the request fails or returns an error

If memo is provided with muxed account

Generated by Dokka
© 2026 Copyright