B2B Saas Authentication

/

API reference

/

Passwords

/

Discovery Authenticate

Discovery Authenticate

POSThttps://test.stytch.com/v1/b2b/passwords/discovery/authenticate

Authenticate an email/password combination in the discovery flow. This authenticate flow is only valid for cross-org passwords use cases, and is not tied to a specific organization.

If you have breach detection during authentication enabled in your password strength policy and the member's credentials have appeared in the HaveIBeenPwned dataset, this endpoint will return a member_reset_password error even if the member enters a correct password. We force a password reset in this case to ensure that the member is the legitimate owner of the email address and not a malicious actor abusing the compromised credentials.

If successful, this endpoint will create a new intermediate session and return a list of discovered organizations that can be session exchanged into.


Body parameters


email_address*string

password*string

Response fields


request_idstring

status_codeint

email_addressstring

intermediate_session_tokenstring

discovered_organizationsarray
curl --request POST \
  --url https://test.stytch.com/v1/b2b/passwords/discovery/authenticate \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "email_address": "sandbox@stytch.com",
    "password": "NYuL&6xRlMFxO8pt"
  }'

RESPONSE

200
{
    "status_code": 200,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "member_id": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
    "organization_id": "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
    "session_jwt": "example_jwt",
    "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
    "intermediate_session_token": "",
    "member_authenticated": true,
    "mfa_required": null,
    "primary_required": null,
    "member_session": {...},
    "member": {...},
    "organization": {...}
}

Common Error Types