# Create a SCA session

Manually triggers SCA, returning a one-time token along with a list of associated challenges. These challenges can be cleared with the verify endpoints.

Endpoint: POST /v2/profiles/{profileId}/sca-sessions/authorise
Security: UserToken

## Path parameters:

  - `profileId` (integer, required)
    The profile ID.

## Response 200 fields (application/json):

  - `oneTimeTokenProperties` (object)
    A one-time token is generated when accessing an endpoint secured by SCA. This token includes a list of all available challenges to complete.

You can use the [OTT status endpoint](/api-reference/one-time-token/ottstatusget) to view challenges and their statuses, or use [create SCA session](/api-reference/strong-customer-authentication/scasessioncreate) to manually trigger SCA and return a one-time token.

At least two challenges must be completed to access an SCA-secured endpoint. For low-risk operations, access is valid for 5 minutes before the one-time token expires.

  - `oneTimeTokenProperties.oneTimeToken` (string)
    A one-time token unique identifier.
    Example: "5932d5b5-ec13-452f-8688-308feade7834"

  - `oneTimeTokenProperties.challenges` (array)
    An array of challenges.

  - `oneTimeTokenProperties.challenges.primaryChallenge` (object)

  - `oneTimeTokenProperties.challenges.primaryChallenge.type` (string)
    A type of challenge.
    Example: "PIN"

  - `oneTimeTokenProperties.challenges.passed` (boolean)
    The status of a challenge.

  - `oneTimeTokenProperties.validity` (integer)
    The One-Time Token expiration in seconds.
    Example: 3600