# Authentications request

After reading the `auth_req_payload` and registering an account with the **HAS**, the **PKSA** will start to receive registered account authentication request with the  message:

### auth\_req

```
{
    cmd: "auth_req", 
    account: string,
    data: string,
    uuid: string, 
    expire: number
}
```

{% tabs %}
{% tab title="Properties" %}

* **account**: the Hive account name that an application wants to authenticate
* **`data`**: the Base64 representation of an encrypted `auth_req_data` object
* **`uuid`**: the request identifier
* **`expire`**: UNIX time when the request will expire
  {% endtab %}
  {% endtabs %}

The structure of the `auth_req_data` is:

### auth\_req\_data

```javascript
{
    app: {
        name: string
        description: string = undefined
        icon: string = undefined
    },
    challenge : object = undefined
    token: string = undefined // DEPRECATED - protocol < 1 only
}
```

{% tabs %}
{% tab title="Properties" %}

* **`app`**: an object describing the application
  * **`name`**: short name of the app (ex: "peakd")
  * **`description`**: *(optional)* description of the app (ex: "Peakd for Hive")
  * **`icon`**: *(optional)* URL to retrieve the application icon (ex: `"https://peakd.com/logo.png"`)
* **`challenge`**: *(optional)* a `challenge_data` object that the app can pass to the PKSA for signing (see [Challenge request](/developer-documentation/has-for-applications/challenge/challenge-request.md)).<br>
* **`token`**: *(optional)* a valid session token previously received from the **PKSA -&#x20;*****Depecrated since protocol v1***
  {% endtab %}
  {% endtabs %}

The **PKSA** must decrypt the `auth_req_data` object using the encryption key previously shared with the **PKSA** (`auth_key`). By encrypting the `auth_req_data` object, the **HAS** will be unaware of what's going on between the app and the PKSA and unable to tamper with the authentication request process.

The **PKSA** should verify that the `uuid` found in the `auth_req` message matches the one from the `auth_req_payload` and ignore any message with a mismatching `uuid`

A PKSA which doesn't manage an account:

* will not be able to register that account to the HAS and therefore will not receive the related auth\_req requests
* should ignore and not reply to an auth\_req request it can't process with an 'auth\_err' (edge case where it registered the account but removed it from its managed accounts before getting the `auth_req` message)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.hiveauth.com/has-for-wallets-pksa/authentication/authentications-request.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.