# Challenge request

The **APP** can request the **PKSA** to sign a challenge.

Before sending its request, the **APP** must create a "challenge request data" object (`challenge_req_data`) it will send to the **PKSA**

The structure of the `challenge_req_data` is:

### challenge\_req\_data

```javascript
{
    key_type: string
    challenge: string
    decrypt: boolean = false // protocol >= 1
    nonce: number
}
```

{% tabs %}
{% tab title="Properties" %}

* **`key_type`**: the key type required to sign the transactions. It can be one of `posting`|`active`|`memo`.
* **`challenge`**: a string to be encrypted or decrypted
* **decrypt**: (optional - default value is false) indicates if the passed `challenge` must be encrypted (decrypt=false) or decrypted (decrypt=true) before being returned by the **PKSA**
* **`nonce`**: current UNIX time in ms (`Date.now()` in JavaScript). If a transaction request ever fails, do **NOT** reuse the `challenge_req_data` object before **first updating the nonce**!
  {% endtab %}
  {% endtabs %}

The **APP** must then encrypt the `challenge_req_data` object using the encryption key previously shared with the **PKSA** (`auth_key`). By encrypting the `sign_data` object, the **HAS** will be unaware of what's going on between the app and the **PKSA** and unable to tamper with the challenge request process.

Finally, the **APP** sends its request to the **HAS** using the following message:

### challenge\_req

```javascript
{ 
    cmd: "challenge_req" 
    account: string
    data: string
    token: string // DEPRECATED - protocol < 1 only    
}
```

{% tabs %}
{% tab title="Properties" %}

* **`account`**: the Hive account name
* **`data`**: the Base64 representation of an encrypted `challenge_req_data` object<br>
* **`token`**: the authentication token - ***DEPRECATED since protocol V1***
  {% endtab %}
  {% endtabs %}

The **HAS** will reply with a `challenge_wait` message:

### challenge\_wait

```javascript
{
    cmd: "challenge_wait"
    uuid: string
    expire: number
}
```

{% tabs %}
{% tab title="Properties" %}

* **`uuid`**: a unique identifier given by the **HAS** to the request
* **`expire`**: UNIX timestamp when the request will expire
  {% endtab %}
  {% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.hiveauth.com/developer-documentation/has-for-applications/challenge/challenge-request.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.