# Change requests

## Request authorization for a change request

 - [POST /v1/change_requests/{change_request_id}/authorize](https://docs.solarisgroup.com/api-reference/onboarding/device-management/change-requests/paths/~1v1~1change_requests~1%7Bchange_request_id%7D~1authorize/post.md): This endpoint initiates an SMS OTP or device signing challenge to authorize a change request. For SMS OTP challenges: include the person_id of the person to whom the SMS challenge should be sent in the body of the request. This person must have a verified mobile number. If the change request relates to a change on a business, then the person must have the necessary role to authorize the change request. For device signing challenges: Include the device_id of the device to use for authorizing the change request. This device must already be registered via the device binding process.

## Confirm change request authorization

 - [POST /v1/change_requests/{change_request_id}/confirm](https://docs.solarisgroup.com/api-reference/onboarding/device-management/change-requests/paths/~1v1~1change_requests~1%7Bchange_request_id%7D~1confirm/post.md): Confirms a change request by validating an SMS OTP or device signature provided by the customer. Your solution must collect either the OTP or the signature from the customer in its frontend after calling the POST Request authorization for a change request method. When the change request is successfully confirmed, the response will include metadata around the created/updated resource, a response_body with its properties, and the relevant response_code for the creation/update operation. Note: If the delivery_method of the change request authorization was static (i.e., for testing purposes), then set the value of tan to 212212.