# Verify Password (Enterprise)

**POST /v1/auth/passwords/verify**

Verify user password and generate a session. When a new factor is added, a new `session_token` will be generated but inheriting the same session ID and history (e.g. OTP, magic link factors).

## HTTP Request

`POST /v1/auth/passwords/verify`

## Returns

A successful response returns an object with verified `user_id` and `session` properties.


## Servers
- Production: https://api.moonkey.fun (Production)


## Authentication methods
- Authorization


## Parameters



## Body parameters
Content-type: application/json

- **user_id** (string)
  Unique given user ID.
- **password** (string)
  User password.
- **session_expires_in** (integer)
  Extend the session expiration time to N minutes from now, must be between 5 to 525600 minutes (365 days).
- **session_token** (string)
  Unique Session token to verify. 
- **session_jwt** (string)
  Unique Session JWT to verify. 
- **device_fingerprint** (object)
  Device fingerprinting metadata for fraud detection during verification step. This is useful to ensure that the user who originated the request matches the user that verifies the token. Verification requirements can be enabled in the `Verify Token` step by matching fields in the `device_fingerprint` such as IP, User Agent or the combination of them (more fraud detection features **coming soon**!)

## Responses
### 200: 

#### Body Parameters: application/json (object)
- **session** (object)
  
- **user_id** (string)
  
- **session_token** (string)
  
- **session_jwt** (string)
  


[Powered by Bump.sh](https://bump.sh)