# PSD2 account payment and consent

## Update challenge ID

 - [PATCH /v1/psd2/challenges/{psd2_challenge_id}](https://docs.solarisgroup.com/api-reference/onboarding/compliance/psd2-account-payment-and-consent/paths/~1v1~1psd2~1challenges~1%7Bpsd2_challenge_id%7D/patch.md): This endpoint updates the status of a . After a customer enters their credentials on your login screen, use this endpoint to update the status of the  and include the  in the payload. If successful, the API returns a  for the second-factor authentication (done by Solaris). You have to redirect the customer to this URL to perform the 2FA. Expected error messages:  401 - Unauthorized: The ChallengeID is expired. 404 - Not found: The ChallengeID doesn't exist. 400 - General Bad Request: The IBAN requested by the TPP does not belong to the specified person. 

## Verify PSD2 challenge ID

 - [GET /v1/psd2/challenges/{psd2_challenge_id}](https://docs.solarisgroup.com/api-reference/onboarding/compliance/psd2-account-payment-and-consent/paths/~1v1~1psd2~1challenges~1%7Bpsd2_challenge_id%7D/get.md): This endpoint validates the  for a customer. Before allowing the customer to log in, you can use this endpoint to verify that the customer is coming from Solaris and that the session is still valid. If the request fails, the customer should see an error message and must restart the process from the TTP's application. Expected error messages:  401 - Unauthorized: The Challenge ID is expired. 404 - Not found: The Challenge ID doesn't exist.