B2B Saas Authentication

/

API reference

/

Passwords

/

Discovery Authenticate

Discovery Authenticate

POSThttps://test.stytch.com/v1/b2b/passwords/discovery/authenticate

Authenticate an email/password combination in the discovery flow. This authenticate flow is only valid for cross-org passwords use cases, and is not tied to a specific organization.

If you have breach detection during authentication enabled in your password strength policy and the member's credentials have appeared in the HaveIBeenPwned dataset, this endpoint will return a member_reset_password error even if the member enters a correct password. We force a password reset in this case to ensure that the member is the legitimate owner of the email address and not a malicious actor abusing the compromised credentials.

If successful, this endpoint will create a new intermediate session and return a list of discovered organizations that can be session exchanged into.


Body parameters


email_address*string

password*string

Response fields


request_idstring

status_codeint

email_addressstring

intermediate_session_tokenstring

discovered_organizationsarray
curl --request POST \
  --url https://test.stytch.com/v1/b2b/passwords/discovery/authenticate \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "email_address": "sandbox@stytch.com",
    "password": "$B&M)3$B$eCk_2@c"
  }'

RESPONSE

200
{
    "status_code": 200,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "intermediate_session_token": "",
    "email_address": "",
    "discovered_organizations": []
}

Common Error Types