---
title: Obtaining a server nonce
framework: authenticationservices
role: article
role_heading: Article
path: authenticationservices/obtaining-a-server-nonce
---

# Obtaining a server nonce

Request and process a server nonce to verify communication and detect replays.

## Overview

Overview The login request, refresh request, and key requests use the server nonce so the identity provider (IdP) can verify it’s communicating to a live client. The IdP can also use the server nonce for replay detection. Create the server nonce network request The following table specifies the header parameters that the system uses to create a server nonce request:  |  |   |  |   |  |   |  |  The server nonce request is an HTTP POST to the login configuration nonceEndpointURL, as shown in the following example: POST /oauth2/token HTTP/1.1 Host: auth.example.com Accept: application/json Content-Type: application/x-www-form-urlencoded client-request-id: DCAB01D3-B1FE-4E1C-802F-B3EBDCDF9E67 grant_type=srv_challenge Receive the server nonce network response If the http status is 200, the response body loads as JSON. If the body is valid JSON, the system pulls the server nonce from the response using the login configuration nonceResponseKeypath or the default value Nonce. Platform SSO doesn’t validate the token and treats it as an opaque value.

## See Also

### Pre-login

- [Performing a preauthentication request](authenticationservices/performing-a-preauthentication-request.md)
- [Performing a WS-Trust metadata exchange data (MEX) request](authenticationservices/performing-a-ws-trust-metadata-exchange-data-mex-request.md)