Hi @praveena! The stateToken tells us what status the user is in during the authentication process - see https://developer.okta.com/docs/reference/api/authn/#transaction-state. And like @rajnadimpalli mentioned it is ephemeral so it gets converted to a session token immediately i.e., once the user has passed all the MFA requirements.
I see in your second comment your response already includes the sessionToken; this is the expected behavior. You will only receive a stateToken if you are still in the authenticating process - for example https://developer.okta.com/docs/reference/api/authn/#response-example-for-primary-authentication-with-public-application-and-expired-password.
Otherwise, you shouldn’t need to provide a stateToken at /api/v1/authn https://developer.okta.com/docs/reference/api/authn/#request-example-for-primary-authentication-with-public-application.