> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mx.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List member challenges

>  

When a member has been challenged by multi-factor authentication, this endpoint allows you to read the specific challenges that must be answered. It returns an array of credentials.  Best practice is to use this endpoint to list challenges that need to be answered; however, MX continues to support partners who use the mfa credentials endpoint for that purpose.


## OpenAPI

````yaml openapi/nexus/v1.yaml GET /members/{member_guid}/challenges
openapi: 3.0.0
info:
  contact:
    name: Nexus API
    url: https://www.mx.com
  version: 1.0.0
  title: Nexus API
  description: >-
    Legacy clients can use Nexus API for all their connectivity needs. If you
    are a new client refer to our Platform API. Review our [Nexus API
    Guides](/nexus) for more information.
servers:
  - url: https://int-data.moneydesktop.com/
  - url: https://data.moneydesktop.com/
security:
  - sessionToken: []
tags:
  - name: accounts
  - name: beats
  - name: budgets
  - name: categories
  - name: extended transaction history
  - name: goals
  - name: holdings
  - name: identity
  - name: insights
  - name: institutions
  - name: jobs
  - name: member credentials
  - name: members
  - name: merchants
  - name: microdeposits
  - name: monthly cash flow profile
  - name: notifications
  - name: scheduled payments
  - name: sessions
  - name: spending plan
  - name: taggings
  - name: tags
  - name: transaction rules
  - name: transactions
  - name: user
  - name: verification
paths:
  /members/{member_guid}/challenges:
    get:
      tags:
        - members
      summary: List member challenges
      description: >-
        When a member has been challenged by multi-factor authentication, this
        endpoint allows you to read the specific challenges that must be
        answered. It returns an array of credentials.  Best practice is to use
        this endpoint to list challenges that need to be answered; however, MX
        continues to support partners who use the mfa credentials endpoint for
        that purpose.
      operationId: listMemberChallenges
      parameters:
        - name: member_guid
          description: The unique identifier for the member. Defined by MX.
          required: true
          in: path
          schema:
            type: string
      responses:
        '200':
          description: Successful response with challenges
          content:
            application/vnd.mx.nexus.v1+json:
              schema:
                $ref: '#/components/schemas/ChallengesResponseBody'
              examples:
                text_challenge:
                  value:
                    challenges:
                      - type: TEXT
                        field_name: What city were you born in?
                        guid: CRD-22f1b144-dde6-4c80-9d98-ca3c4900d173
                        label: What city were you born in?
                options_challenge:
                  value:
                    challenges:
                      - type: OPTIONS
                        field_name: >-
                          Your institution requires that you enter a temporary
                          PIN number sent to you by one of the following
                          methods:
                        guid: CRD-47291cf2-8767-8767-8ffa-db5e1a77f388
                        label: >-
                          Your institution requires that you enter a temporary
                          PIN number sent to you by one of the following
                          methods:
                        options:
                          - guid: CRO-6d64cc9a-0998-461d-a072-78801143337e
                            label: Text (***)***-9265
                            value: '1'
                          - guid: CRO-309b2ceb-5434-4a34-8a48-bfa0e94b5dd2
                            label: Email p********@gmail.com
                            value: '0'
                image_data_challenge:
                  value:
                    challenges:
                      - type: IMAGE_DATA
                        field_name: Who is this guy?
                        guid: CRD-ce76d2e3-86bd-ec4a-ec52-eb53b5194bf5
                        label: Who is this guy?
                        image_data: data:image/png;base64,iVBORw0KGgoAAAANSUh ...
                image_options_challenge:
                  value:
                    challenges:
                      - type: IMAGE_OPTIONS
                        field_name: Please select your favorite actor.
                        guid: CRD-5763eb0a-a97d-452e-a30d-890fcdf11450
                        label: Please select your favorite actor
                        image_options:
                          - guid: CRO-e7ecc864-61fd-47a6-a122-3cbc9016660d
                            label: Tom Hanks
                            value: '0'
                            data_uri: data:image/png;base64,/9j/4AAQSkZJRgAB...
                          - guid: CRO-6b11e6c5-44c8-4d7f-b9c5-562f3ad19263
                            label: Matt Damon
                            value: '1'
                            data_uri: data:image/png;base64,/9j/4AAQSkZJRgAgICA=
                          - guid: CRO-0a1a07e1-66d4-4a55-9a9b-395782652320
                            label: Julia Roberts
                            value: '2'
                            data_uri: data:image/png;base64,iVBORggg==
components:
  schemas:
    ChallengesResponseBody:
      properties:
        member:
          items:
            $ref: '#/components/schemas/ChallengesResponse'
      type: object
    ChallengesResponse:
      properties:
        type:
          example: TEXT
        field_name:
          example: What city were you born in?
        guid:
          example: CRD-22f1b144-dde6-4c80-9d98-ca3c4900d173
          type: string
        label:
          example: What city were you born in?
          type: string
  securitySchemes:
    sessionToken:
      description: >
        ### MX Session Token 

        - Request an API token using the read API token endpoint in the MX SSO
        API.

        - Exchange an API token for a session token. 
          - A session token is obtained by sending a POST request to /sessions
          - The session token will be used in each request made for the user. It should be passed in an `MD-SESSION-TOKEN` HTTP header as shown below.
          - This session token is valid for 30 minutes from the time it was created. The 30 minute expiration counter is refreshed with each call.
          - If you send a request with an expired session token you'll receive an error code of `4011`.

        ```

        curl -i https://int-data.moneydesktop.com/accounts \

        -H 'MD-SESSION-TOKEN:
        CWforZl1Vn2vC_v6H4rnQRT1DoWpDouJAV-_5TBmiQRAtA8rsOG_BoajTiOSsL0A3bd-bmHXlA-eQzc9ywItKg'
        \

        -H 'Content-Type: application/vnd.mx.nexus.v1+json' \

        -H 'Accept: application/vnd.mx.nexus.v1+json'

        ```


        In documentation code examples, replace `<API_KEY_VALUE>` with the
        session token.
      type: apiKey
      name: MD-SESSION-TOKEN
      in: header

````