There's a single HTTP endpoint at /1/challenge.
Its looking for a password query parameter like so.
If you submit the correct password, you'll receive the secret phrase.