<!--
Sitemap:
- [Page Not Found](/404)
- [Brand](/brand): MPP brand assets and guidelines
- [Frequently asked questions](/faq): Common questions about the Machine Payments Protocol
- [Machine Payments Protocol](/overview): The open protocol for internet-native payments
- [Payment methods](/payment-methods/): Available methods and how to choose one
- [Protocol overview](/protocol/): Standardizing HTTP 402 for machine-to-machine payments
- [Quickstart](/quickstart/): Get started with MPP in minutes
- [SDKs](/sdk/): Official implementations in multiple languages
- [Building with an LLM](/guides/building-with-an-llm): Use llms-full.txt to give your coding agent complete MPP context.
- [Accept one-time payments](/guides/one-time-payments): Charge per request with a payment-gated API
- [Accept pay-as-you-go payments](/guides/pay-as-you-go): Session-based billing with payment channels
- [Accept streamed payments](/guides/streamed-payments): Per-token billing over Server-Sent Events
- [Charge](/intents/charge): Immediate one-time payments
- [Custom](/payment-methods/custom): Build your own payment method
- [Lightning](/payment-methods/lightning/): Bitcoin payments over the Lightning Network
- [Stripe](/payment-methods/stripe/): Cards, wallets, and other Stripe supported payment methods
- [Tempo](/payment-methods/tempo/): Stablecoin payments on the Tempo blockchain
- [Challenges](/protocol/challenges): Server-issued payment requirements
- [Credentials](/protocol/credentials): Client-submitted payment proofs
- [HTTP 402 payment required](/protocol/http-402): The status code that signals payment is required
- [Receipts](/protocol/receipts): Server acknowledgment of successful payment
- [Transports](/protocol/transports/): HTTP and MCP bindings for payment flows
- [Use with agents](/quickstart/agent): Connect your coding agent to MPP-enabled services
- [Use with your app](/quickstart/client): Handle payment-gated resources automatically
- [Monetize your API](/quickstart/server): Charge for access to protected resources
- [Python SDK](/sdk/python/): The pympp Python library
- [Rust SDK](/sdk/rust/): The mpp Rust library
- [Getting started](/sdk/typescript/): The mppx TypeScript library
- [Lightning charge](/payment-methods/lightning/charge): One-time payments using BOLT11 invoices
- [Lightning session](/payment-methods/lightning/session): Pay-as-you-go payments over Lightning
- [Stripe charge](/payment-methods/stripe/charge): One-time payments using Shared Payment Tokens
- [Tempo charge](/payment-methods/tempo/charge): One-time TIP-20 token transfers
- [Session](/payment-methods/tempo/session): Low-cost high-throughput payments
- [HTTP transport](/protocol/transports/http): Payment flows using standard HTTP headers
- [MCP transport](/protocol/transports/mcp): Payment flows for AI tool calls
- [Client](/sdk/python/client): Handle 402 responses automatically
- [Core Types](/sdk/python/core): Challenge, Credential, and Receipt primitives
- [Server](/sdk/python/server): Protect endpoints with payment requirements
- [Client](/sdk/rust/client): Handle 402 responses automatically
- [Core types](/sdk/rust/core): Challenge, Credential, and Receipt primitives
- [Server](/sdk/rust/server): Protect endpoints with payment requirements
- [CLI Reference](/sdk/typescript/cli): Built-in command-line tool for paid HTTP requests
- [Method.from](/sdk/typescript/Method.from)
- [stripe](/sdk/typescript/client/Method.stripe): Register all Stripe intents
- [Method.stripe.charge](/sdk/typescript/client/Method.stripe.charge): One-time payments via Shared Payment Tokens
- [tempo](/sdk/typescript/client/Method.tempo): Register all Tempo intents
- [Method.tempo.charge](/sdk/typescript/client/Method.tempo.charge): One-time payments
- [Method.tempo.session](/sdk/typescript/client/Method.tempo.session): Low-cost high-throughput payments
- [Mppx.create](/sdk/typescript/client/Mppx.create)
- [Mppx.restore](/sdk/typescript/client/Mppx.restore)
- [Transport.from](/sdk/typescript/client/Transport.from)
- [Transport.http](/sdk/typescript/client/Transport.http)
- [Transport.mcp](/sdk/typescript/client/Transport.mcp)
- [BodyDigest.compute](/sdk/typescript/core/BodyDigest.compute)
- [BodyDigest.verify](/sdk/typescript/core/BodyDigest.verify)
- [Challenge.deserialize](/sdk/typescript/core/Challenge.deserialize)
- [Challenge.from](/sdk/typescript/core/Challenge.from)
- [Challenge.fromHeaders](/sdk/typescript/core/Challenge.fromHeaders)
- [Challenge.fromMethod](/sdk/typescript/core/Challenge.fromMethod)
- [Challenge.fromResponse](/sdk/typescript/core/Challenge.fromResponse)
- [Challenge.meta](/sdk/typescript/core/Challenge.meta)
- [Challenge.serialize](/sdk/typescript/core/Challenge.serialize)
- [Challenge.verify](/sdk/typescript/core/Challenge.verify)
- [Credential.deserialize](/sdk/typescript/core/Credential.deserialize)
- [Credential.from](/sdk/typescript/core/Credential.from)
- [Credential.fromRequest](/sdk/typescript/core/Credential.fromRequest)
- [Credential.serialize](/sdk/typescript/core/Credential.serialize)
- [Expires](/sdk/typescript/core/Expires)
- [Method.from](/sdk/typescript/core/Method.from)
- [Method.toClient](/sdk/typescript/core/Method.toClient)
- [Method.toServer](/sdk/typescript/core/Method.toServer)
- [PaymentRequest.deserialize](/sdk/typescript/core/PaymentRequest.deserialize)
- [PaymentRequest.from](/sdk/typescript/core/PaymentRequest.from)
- [PaymentRequest.serialize](/sdk/typescript/core/PaymentRequest.serialize)
- [Receipt.deserialize](/sdk/typescript/core/Receipt.deserialize)
- [Receipt.from](/sdk/typescript/core/Receipt.from)
- [Receipt.fromResponse](/sdk/typescript/core/Receipt.fromResponse)
- [Receipt.serialize](/sdk/typescript/core/Receipt.serialize)
- [Elysia](/sdk/typescript/middlewares/elysia): Payment middleware for Elysia
- [Express](/sdk/typescript/middlewares/express): Payment middleware for Express
- [Hono](/sdk/typescript/middlewares/hono): Payment middleware for Hono
- [Next.js](/sdk/typescript/middlewares/nextjs): Payment middleware for Next.js
- [stripe](/sdk/typescript/server/Method.stripe): Register all Stripe intents
- [Method.stripe.charge](/sdk/typescript/server/Method.stripe.charge): One-time payments via Shared Payment Tokens
- [tempo](/sdk/typescript/server/Method.tempo): Register all Tempo intents
- [Method.tempo.charge](/sdk/typescript/server/Method.tempo.charge)
- [Method.tempo.session](/sdk/typescript/server/Method.tempo.session): Low-cost high-throughput payments
- [Mppx.compose](/sdk/typescript/server/Mppx.compose): Present multiple payment options
- [Mppx.create](/sdk/typescript/server/Mppx.create)
- [Mppx.toNodeListener](/sdk/typescript/server/Mppx.toNodeListener)
- [Transport.from](/sdk/typescript/server/Transport.from)
- [Transport.http](/sdk/typescript/server/Transport.http)
- [Transport.mcp](/sdk/typescript/server/Transport.mcp)
- [Transport.mcpSdk](/sdk/typescript/server/Transport.mcpSdk)
-->

# `Challenge.from`

Creates a challenge from the given parameters.

If `secretKey` option is provided, the challenge ID is computed as HMAC-SHA256 over the challenge parameters (realm|method|intent|request|expires|digest|opaque), cryptographically binding the ID to its contents.

## Usage

```ts twoslash
import { Challenge } from 'mppx'

// With HMAC-bound ID (recommended for servers)
const challenge = Challenge.from(
  {
    realm: 'mpp.dev',
    method: 'tempo',
    intent: 'charge',
    request: { amount: '1000000', currency: '0x...', recipient: '0x...' },
    secretKey: 'my-secret',
  },
)
```

### With explicit ID

Use an explicit ID when you don't need HMAC-bound challenge verification.

```ts twoslash
import { Challenge } from 'mppx'

const challenge = Challenge.from({
  id: 'abc123',
  realm: 'mpp.dev',
  method: 'tempo',
  intent: 'charge',
  request: { amount: '1000000', currency: '0x...', recipient: '0x...' },
})
```

## Return type

```ts
type ReturnType = Challenge
```

A challenge object.

## Parameters

### parameters

Challenge parameters. Must include either `id` or `secretKey`.

#### description (optional)

* **Type:** `string`

Human-readable description of the payment.

#### digest (optional)

* **Type:** `string`

Digest of the request body.

#### expires (optional)

* **Type:** `string`

Expiration timestamp (ISO 8601).

#### id (when not using secretKey)

* **Type:** `string`

Explicit challenge ID.

#### intent

* **Type:** `string`

Intent type (for example, `"charge"`, `"session"`).

#### meta (optional)

* **Type:** `Record<string, string>`

Server-defined correlation data, serialized as `opaque` on the Challenge.

#### method

* **Type:** `string`

Payment method (for example, "tempo", "stripe").

#### realm

* **Type:** `string`

Server realm (for example, hostname).

#### request

* **Type:** `Record<string, unknown>`

Method-specific request data.

#### secretKey (when not using id)

* **Type:** `string`

Secret key for HMAC-bound challenge ID.