> ## Documentation Index
> Fetch the complete documentation index at: https://docs.iron.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# Get the pending authentication code for an entity

> Get the pending authentication code for an entity by ID
e.g. ID of Autoramp or FiatAddress (entity in AuhorizationRequired state)
if no pending code is found, retry flow will have to be triggered




## OpenAPI

````yaml /spec.yaml get /authentication-codes/entity/{id}
openapi: 3.1.0
info:
  description: The Stablecoin Payment Network
  title: Iron API - Sandbox
  version: 1.0-16077
servers:
  - url: https://api.sandbox.iron.xyz/api
security: []
tags:
  - description: >-
      Wallet and bank account registration


      Every wallet address that interacts with Iron must be registered (linked)
      to a customer **before** it can be used in any flow — onramp, offramp, or
      swap. This is a regulatory requirement under the **Travel Rule**, which
      obliges Virtual Asset Service Providers to exchange originator and
      beneficiary information for crypto transfers.


      Iron supports two wallet types:


      - **Self-hosted wallets** — the customer controls the private key.
      Registration requires a signed proof-of-ownership message.

      - **Hosted wallets** — the wallet is custodied by another VASP (e.g.
      Coinbase, Kraken). Registration requires the VASP's DID so Iron can
      exchange travel-rule data with the custodian.


      Similarly, fiat bank accounts must be registered before they can receive
      offramp payouts.
    name: Addresses
  - description: Operations on Autoramp
    name: Autoramp
  - description: Operations on Chronicle collateral
    name: ChronicleCollateral
  - description: Operations on Currencies
    name: Currencies
  - description: Operations on Customers
    name: Customer
  - description: Operations on Exchange Rate
    name: ExchangeRate
  - description: Operations on Fee Profiles
    name: FeeProfiles
  - description: Operations for Sandbox Testing
    name: Sandbox
  - description: Operations on SSE
    name: Sse
  - description: Operations on Terms and Conditions
    name: TermsAndConditions
  - description: Operations on Webhooks
    name: Webhooks
paths:
  /authentication-codes/entity/{id}:
    get:
      tags:
        - Customer
      summary: Get the pending authentication code for an entity
      description: >
        Get the pending authentication code for an entity by ID

        e.g. ID of Autoramp or FiatAddress (entity in AuhorizationRequired
        state)

        if no pending code is found, retry flow will have to be triggered
      operationId: getPendingAuthenticationCode
      parameters:
        - deprecated: false
          description: >-
            Optional sub-partner UUID, if provided, the authentication code will
            be filtered for the sub-partner
          explode: true
          in: header
          name: X-SUB-PARTNER-ID
          required: false
          schema:
            type: string
        - deprecated: false
          description: The ID of the entity to get the pending authentication code for
          explode: true
          in: path
          name: id
          required: true
          schema:
            format: uuid
            type: string
      responses:
        '200':
          content:
            application/json; charset=utf-8:
              schema:
                $ref: '#/components/schemas/AuthenticationCode'
          description: GET Authentication Code Succeeded
        '401':
          content:
            application/json; charset=utf-8:
              schema:
                type: string
          description: GET Authentication Code Failed (Unauthorized)
        '404':
          content:
            application/json; charset=utf-8:
              schema:
                type: string
          description: GET Authentication Code Failed (Not Found)
        '500':
          content:
            application/json; charset=utf-8:
              schema:
                $ref: '#/components/schemas/ApiError'
          description: GET Authentication Code Failed (Internal Error)
      security:
        - ApiKeyAuth: []
components:
  schemas:
    AuthenticationCode:
      description: |
        An authentication code

        used to confirm a 2FA action
      properties:
        attempts:
          description: attempts to submit the authentication code
          format: int32
          type: integer
        entity_id:
          description: the ID of the entity the authentication is related to
          format: uuid
          type: string
        expires_at:
          description: the time of expiry for the authentication code
          format: date-time
          type: string
        id:
          description: The ID of the authentication code
          format: uuid
          type: string
        status:
          $ref: '#/components/schemas/AuthenticationCodeStatus'
      required:
        - id
        - status
        - expires_at
        - attempts
        - entity_id
      title: AuthenticationCode
      type: object
    ApiError:
      description: |-
        Standard error response returned to API clients for server errors.
        Includes a trace_id that clients can reference when reporting issues.
      properties:
        message:
          description: Human-readable error message
          type: string
        trace_id:
          description: Trace ID that can be used to look up request details in logs
          type: string
      required:
        - message
        - trace_id
      title: ApiError
      type: object
    AuthenticationCodeStatus:
      description: The status of the Authentication Code
      enum:
        - Pending
        - Expired
        - Confirmed
        - Rejected
      type: string
  securitySchemes:
    ApiKeyAuth:
      description: API Key
      in: header
      name: X-API-Key
      type: apiKey

````