# Create a SCA session

Manually triggers SCA, returning a one-time token along with a list of associated challenges. These challenges can be cleared with the verify endpoints.

Endpoint: POST /v2/profiles/{profileId}/sca-sessions/authorise
Security: UserToken

## Path parameters:

  - `profileId` (integer, required)
    The profile ID.

## Header parameters:

  - `X-External-Correlation-Id` (string)
    Optional UUID for correlating requests across systems. If provided, Wise echoes it back in the response. Maximum 36 characters. Learn more.
    Example: "f47ac10b-58cc-4372-a567-0e02b2c3d479"

## Response 200 fields (application/json):

  - `oneTimeTokenProperties` (object)
    A one-time token is generated when accessing an endpoint secured by SCA. This token includes a list of all available challenges to complete.

You can use the [OTT status endpoint](/api-reference/sca-ott/ottstatusget) to view challenges and their statuses, or use [create SCA session](/api-reference/sca-sessions/scasessioncreate) to manually trigger SCA and return a one-time token.

  - `oneTimeTokenProperties.oneTimeToken` (string)
    A one-time token unique identifier.
    Example: "5932d5b5-ec13-452f-8688-308feade7834"

  - `oneTimeTokenProperties.challenges` (array)
    An array of challenges.

  - `oneTimeTokenProperties.challenges.primaryChallenge` (object)

  - `oneTimeTokenProperties.challenges.primaryChallenge.type` (string)
    A type of challenge.
    Example: "PIN"

  - `oneTimeTokenProperties.challenges.passed` (boolean)
    The status of a challenge.

  - `oneTimeTokenProperties.validity` (integer)
    The One-Time Token expiration in seconds.
    Example: 3600