# Challenge approval

If the user approves the challenge request, the **PKSA** must create a `challenge_ack_data` object

The structure of the `challenge_ack_data` is:

### challenge\_ack\_data

```javascript
{
    pubkey: string,
    challenge: string
}
```

{% tabs %}
{% tab title="Properties" %}

* **`pubkey`**: the account public key
* **`challenge`**: the signed challenge
  {% endtab %}
  {% endtabs %}

The **PKSA** will then encrypt the `challenge_ack_data` object using the encryption key previously shared with the **APP** (`auth_key`). 

Finally, the **PKSA** then inform the **HAS** of the user's approval by sending the following message:

### challenge\_ack

```javascript
{
    cmd: "challenge_ack",
    uuid: string,
    data: string,
    pok: string
}
```

{% tabs %}
{% tab title="Properties" %}

* **`uuid`**: the `challenge_req` request identifier
* **`data`**: `challenge_ack_data` encrypted with the `auth_key` and converted to Base64
* **`pok`**: the `uuid` encrypted using the account private key and the HAS server public key (see [Proof of Key](https://docs.hiveauth.com/has-for-wallets-pksa/proof-of-key))
  {% endtab %}
  {% endtabs %}