NextStep Server RESTful API Reference

PowerAuth Web Flow communicates with the Next Step Server via a REST API to resolve the next step in the authentication process. This chapter defines the REST API published by Next Step Server and consumed by the Web Flow Server during user authentication. The Next Step REST API can be also used standalone.

The Next Step REST API has following main use cases:

  • manage authentication methods and configure them (e.g. enable mobile token for a user, list enabled authentication methods, etc.)
  • manage operations and configure them (e.g. create an operation, update an operation, configure operation parameters, etc.)
  • configure Next Step organizations, applications, step definitions, and user roles
  • configure credential policies, credential definitions, OTP policies, OTP policies, OTP definitions, and hashing configurations
  • manage user identities (e.g. create user, update user, lookup users, manage user contacts, roles, and aliases, etc.)
  • manage user credentials and OTP codes (e.g. create credentials and OTP codes, their listing and management)
  • perform user authentication using credentials and/or OTP codes

Following topics are covered in this chapter:

You can access the generated REST API documentation in deployed Next Step application:

http[s]://[host]:[port]/powerauth-nextstep/swagger-ui.html

Status codes and error handling

PowerAuth Web Flow Server uses a unified format for error response body, accompanied with an appropriate HTTP status code. Besides the HTTP error codes that application server may return regardless of server application (such as 404 when resource is not found or 503 when server is down).

The list of error status codes:

Code Description
200 OK response - REST API call succeeded
500 Server error - details in the message

All error responses that are produced by the Next Step Server have following body:

{
    "status": "ERROR",
    "responseObject": {
        "code": "ERROR_CODE",
        "message": "ERROR_MESSAGE_I18N_KEY"
    }
}

Service API

get /api/service/status Service Status

Get a system status response, with basic information about the running application.

The list of expected status codes:

Code Description
200 OK response - system status successfully retrieved
404 Not found - application is not running
500 Server errors - unexpected server error

Response

{
    "status" : "OK",
    "responseObject": {
        "applicationName" : "powerauth-nextstep",
        "applicationDisplayName" : "PowerAuth Next Step Server",
        "applicationEnvironment" : "",
        "version" : "0.22.0",
        "buildTime" : "2019-06-11T09:34:52Z",
        "timestamp" : "2019-06-14T14:54:14Z"
    }  
}
  • applicationName - Application name.
  • applicationDisplayName - Application display name.
  • applicationEnvironment - Application environment.
  • version - Version of Next Step.
  • buildTime - Timestamp when powerauth-nextstep.war file was created.
  • timestamp - Response timestamp.

Authentication Methods API

post /auth-method Create an Authentication Method

Create an authentication method in Next Step server.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 AUTH_METHOD_ALREADY_EXISTS - authentication method already exists
500 Server errors - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "authMethod": "INIT",
    "orderNumber": 1,
    "checkUserPrefs": false,
    "userPrefsColumn": 0,
    "userPrefsDefault": false,
    "checkAuthFails": false,
    "maxAuthFails": 0,
    "hasUserInterface": false,
    "hasMobileToken": false,
    "displayNameKey": null
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "authMethod": "INIT",
    "orderNumber": 1,
    "checkUserPrefs": false,
    "userPrefsColumn": 0,
    "userPrefsDefault": false,
    "checkAuthFails": false,
    "maxAuthFails": 0,
    "hasUserInterface": false,
    "hasMobileToken": false,
    "displayNameKey": null
  }
}

get /auth-method List Authentication Methods

List all authentication methods supported by the server.

This method has a POST /auth-method/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_CONFIGURATION - Next Step configuration is invalid
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "authMethods": [
      {
        "authMethod": "INIT",
        "hasUserInterface": false,
        "displayNameKey": null,
        "hasMobileToken": false
      },
      {
        "authMethod": "USER_ID_ASSIGN",
        "hasUserInterface": false,
        "displayNameKey": null,
        "hasMobileToken": false
      },
      {
        "authMethod": "USERNAME_PASSWORD_AUTH",
        "hasUserInterface": true,
        "displayNameKey": "method.usernamePassword",
        "hasMobileToken": false
      },
      {
        "authMethod": "SHOW_OPERATION_DETAIL",
        "hasUserInterface": true,
        "displayNameKey": "method.showOperationDetail",
        "hasMobileToken": false
      },
      {
        "authMethod": "POWERAUTH_TOKEN",
        "hasUserInterface": true,
        "displayNameKey": "method.powerauthToken",
        "hasMobileToken": true
      },
      {
        "authMethod": "SMS_KEY",
        "hasUserInterface": true,
        "displayNameKey": "method.smsKey",
        "hasMobileToken": false
      },
      {
        "authMethod": "CONSENT",
        "hasUserInterface": true,
        "displayNameKey": "method.consent",
        "hasMobileToken": false
      },
      {
        "authMethod": "LOGIN_SCA",
        "hasUserInterface": true,
        "displayNameKey": "method.loginSca",
        "hasMobileToken": true
      },
      {
        "authMethod": "APPROVAL_SCA",
        "hasUserInterface": true,
        "displayNameKey": "method.approvalSca",
        "hasMobileToken": true
      }
    ]
  }
}

get /user/auth-method/enabled List Authentication Methods Enabled for Given User

List enabled authentication methods for given user.

This method has a POST /user/auth-method/enabled/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_CONFIGURATION - Next Step configuration is invalid
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "12345678",
    "operationName": "auth_token_otp"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "12345678",
    "userIdentityStatus": "ACTIVE",
    "operationName": "auth_token_otp",
    "enabledAuthMethods": [ "POWERAUTH_TOKEN", "SMS_KEY" ]
  }
}

get /user/auth-method List Authentication Methods for Given User

List all authentication methods for given user.

This method has a POST /user/auth-method/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_CONFIGURATION - Next Step configuration is invalid
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "12345678"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userAuthMethods": [
      {
        "userId": "12345678",
        "authMethod": "INIT",
        "hasUserInterface": false,
        "displayNameKey": null,
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "USER_ID_ASSIGN",
        "hasUserInterface": false,
        "displayNameKey": null,
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "USERNAME_PASSWORD_AUTH",
        "hasUserInterface": true,
        "displayNameKey": "method.usernamePassword",
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "SHOW_OPERATION_DETAIL",
        "hasUserInterface": true,
        "displayNameKey": "method.showOperationDetail",
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "POWERAUTH_TOKEN",
        "hasUserInterface": true,
        "displayNameKey": "method.powerauthToken",
        "hasMobileToken": true,
        "config": {
          "activationId": "1629d4c7-6b17-41e3-bce1-e184e94921d2"
        }
      },
      {
        "userId": "12345678",
        "authMethod": "SMS_KEY",
        "hasUserInterface": true,
        "displayNameKey": "method.smsKey",
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "CONSENT",
        "hasUserInterface": true,
        "displayNameKey": "method.consent",
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "LOGIN_SCA",
        "hasUserInterface": true,
        "displayNameKey": "method.loginSca",
        "hasMobileToken": true,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "APPROVAL_SCA",
        "hasUserInterface": true,
        "displayNameKey": "method.approvalSca",
        "hasMobileToken": true,
        "config": null
      }
    ]
  }
}

post /user/auth-method Enable an Authentication Method for Given User

Enable an authentication method for given user and lists all authentication methods enabled for given user after the authentication method has been enabled.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 INVALID_CONFIGURATION - Next Step configuration is invalid
500 Server error - unexpected error occurred

Request

The request contains three parameters:

  • userId - identification of the user
  • authMethod - name of the authentication method
  • config - configuration of the authentication method

Currently the only supported configuration is in the POWERAUTH_TOKEN method and it contains activationId, as seen on the sample request below.

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "12345678",
    "authMethod": "POWERAUTH_TOKEN",
    "config": {
      "activationId": "26c94bf8-f594-4bd8-9c51-93449926b644"
    }
  }
}

For other authentication methods use the following configuration:

{
  "requestObject": {
    "userId": "12345678",
    "authMethod": "SMS_KEY",
    "config": null
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userAuthMethods": [
      {
        "userId": "12345678",
        "authMethod": "INIT",
        "hasUserInterface": false,
        "displayNameKey": null,
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "USER_ID_ASSIGN",
        "hasUserInterface": false,
        "displayNameKey": null,
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "USERNAME_PASSWORD_AUTH",
        "hasUserInterface": true,
        "displayNameKey": "method.usernamePassword",
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "SHOW_OPERATION_DETAIL",
        "hasUserInterface": true,
        "displayNameKey": "method.showOperationDetail",
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "POWERAUTH_TOKEN",
        "hasUserInterface": true,
        "displayNameKey": "method.powerauthToken",
        "hasMobileToken": true,
        "config": {
          "activationId": "26c94bf8-f594-4bd8-9c51-93449926b644"
        }
      },
      {
        "userId": "12345678",
        "authMethod": "SMS_KEY",
        "hasUserInterface": true,
        "displayNameKey": "method.smsKey",
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "CONSENT",
        "hasUserInterface": true,
        "displayNameKey": "method.consent",
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "LOGIN_SCA",
        "hasUserInterface": true,
        "displayNameKey": "method.loginSca",
        "hasMobileToken": true,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "APPROVAL_SCA",
        "hasUserInterface": true,
        "displayNameKey": "method.approvalSca",
        "hasMobileToken": true,
        "config": null
      }
    ]
  }
}

delete /user/auth-method Disable an Authentication Method for Given User

Disable an authentication method for given user and lists all authentication methods enabled for given user after the authentication method has been disabled.

This method has a POST /user/auth-method/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 INVALID_CONFIGURATION - Next Step configuration is invalid
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "12345678",
    "authMethod": "POWERAUTH_TOKEN"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userAuthMethods": [
      {
        "userId": "12345678",
        "authMethod": "INIT",
        "hasUserInterface": false,
        "displayNameKey": null,
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "USER_ID_ASSIGN",
        "hasUserInterface": false,
        "displayNameKey": null,
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "USERNAME_PASSWORD_AUTH",
        "hasUserInterface": true,
        "displayNameKey": "method.usernamePassword",
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "SHOW_OPERATION_DETAIL",
        "hasUserInterface": true,
        "displayNameKey": "method.showOperationDetail",
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "SMS_KEY",
        "hasUserInterface": true,
        "displayNameKey": "method.smsKey",
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "CONSENT",
        "hasUserInterface": true,
        "displayNameKey": "method.consent",
        "hasMobileToken": false,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "LOGIN_SCA",
        "hasUserInterface": true,
        "displayNameKey": "method.loginSca",
        "hasMobileToken": true,
        "config": null
      },
      {
        "userId": "12345678",
        "authMethod": "APPROVAL_SCA",
        "hasUserInterface": true,
        "displayNameKey": "method.approvalSca",
        "hasMobileToken": true,
        "config": null
      }
    ]
  }
}

delete /auth-method Delete an Authentication Method

Delete an authentication method. Use only when the authentication method which is to be deleted has no usages.

This method has a POST /auth-method/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 AUTH_METHOD_NOT_FOUND - authentication method was not found
400 DELETE_NOT_ALLOWED - authentication method removal is not allowed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "authMethod": "OTP_CODE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "authMethod": "OTP_CODE"
  }
}

Operations API

Operation detail contains following data:

  • operationId - unique ID of the operation, it is either set while creating an operation or it is generated (field is required, value is optional, for generated operation use null as value)
  • operationName - name of the operations based on the purpose of the operation - different steps are defined for each operation name (required)
  • userId - ID of user in case the user has been already authorized (optional)
  • organizationId - ID of organization in case the user has been already authorized (optional)
  • result - result of the last authentication step: CONTINUE, FAILED or DONE (required)
  • timestampCreated - timestamp when operation was created (required)
  • timestampExpires - timestamp when operation expires (required)
  • operationData - arbitrary string which contains data related to this operation, this data is not used during authorization and authentication (required). Since Web Flow version 0.20.0 the structure of operation data is specified for easier interpretation of data in Mobile token.
  • steps - next steps for the operation (required)
  • history - operation history with completed authentication steps (required)
  • afsActions - AFS actions executed for the operation (optional)
  • formData - data displayed by the UI as well as data gathered from the user responses (required, discussed in details below)
  • chosenAuthMethod - authentication method chosen in current authentication step (optional)
  • remainingAttempts - remaining attempts for current authentication step (optional)
  • applicationContext - application context with information about application which triggered the operation, used when generating the consent form (optional)
  • expired - whether operation was expired at the time of generating response (optional)

Example of complete operation detail:

{
  "status": "OK",
  "responseObject": {
    "operationId": "b7ecf869-2ebb-44bf-ae0e-0963e9d6d46f",
    "operationName": "authorize_payment_sca",
    "userId": "12345678",
    "organizationId": "RETAIL",
    "accountStatus": "ACTIVE",
    "result": "CONTINUE",
    "timestampCreated": "2019-11-01T15:35:37+0000",
    "timestampExpires": "2019-11-01T15:41:16+0000",
    "operationData": "A1*A100CZK*Q238400856/0300**D20190629*NUtility Bill Payment - 05/2019",
    "steps": [
      {
        "authMethod": "CONSENT",
        "params": []
      }
    ],
    "history": [
      {
        "authMethod": "INIT",
        "authResult": "CONTINUE",
        "requestAuthStepResult": "CONFIRMED"
      },
      {
        "authMethod": "LOGIN_SCA",
        "authResult": "CONTINUE",
        "requestAuthStepResult": "CONFIRMED"
      },
      {
        "authMethod": "APPROVAL_SCA",
        "authResult": "CONTINUE",
        "requestAuthStepResult": "CONFIRMED"
      }
    ],
    "afsActions": [
      {
        "action": "LOGIN_INIT",
        "stepIndex": 1,
        "afsLabel": "2FA",
        "afsResponseApplied": false,
        "requestExtras": {},
        "responseExtras": {}
      },
      {
        "action": "LOGIN_AUTH",
        "stepIndex": 1,
        "afsLabel": "2FA",
        "afsResponseApplied": false,
        "requestExtras": {},
        "responseExtras": {}
      },
      {
        "action": "APPROVAL_INIT",
        "stepIndex": 1,
        "afsLabel": "1FA",
        "afsResponseApplied": true,
        "requestExtras": {},
        "responseExtras": {}
      },
      {
        "action": "APPROVAL_AUTH",
        "stepIndex": 1,
        "afsLabel": "2FA",
        "afsResponseApplied": false,
        "requestExtras": {},
        "responseExtras": {}
      }
    ],
    "formData": {
      "title": {
        "id": "operation.title",
        "message": null
      },
      "greeting": {
        "id": "operation.greeting",
        "message": null
      },
      "summary": {
        "id": "operation.summary",
        "message": null
      },
      "config": [],
      "banners": [],
      "parameters": [
        {
          "type": "AMOUNT",
          "id": "operation.amount",
          "label": null,
          "valueFormatType": "AMOUNT",
          "formattedValues": {},
          "amount": 100,
          "currency": "CZK",
          "currencyId": "operation.currency"
        },
        {
          "type": "KEY_VALUE",
          "id": "operation.account",
          "label": null,
          "valueFormatType": "ACCOUNT",
          "formattedValues": {},
          "value": "238400856/0300"
        },
        {
          "type": "KEY_VALUE",
          "id": "operation.dueDate",
          "label": null,
          "valueFormatType": "DATE",
          "formattedValues": {},
          "value": "2019-06-29"
        },
        {
          "type": "NOTE",
          "id": "operation.note",
          "label": null,
          "valueFormatType": "TEXT",
          "formattedValues": {},
          "note": "Utility Bill Payment - 05/2019"
        }
      ],
      "dynamicDataLoaded": false,
      "userInput": {
        "smsFallback.enabled": "true",
        "operation.bankAccountChoice": "CZ4012340000000012345678",
        "operation.bankAccountChoice.disabled": "true"
      }
    },
    "chosenAuthMethod": "CONSENT",
    "remainingAttempts": 5,
    "applicationContext": {
      "id": "democlient",
      "name": "Demo application",
      "description": "Web Flow demo application",
      "originalScopes": [
        "pisp"
      ],
      "extras": {
        "applicationOwner": "Wultra"
      }
    },
    "expired": false
  }
}

Operation formData

Operations contain formData which is a generic structure for storing input and output data for the operation.

The formData contains following sections:

  • static data - this data is set when the operation is created (required)
  • dynamic data - this data is added as the operation progresses (optional)
  • user input - this data contains gathered inputs from the user as the authentication and authorization progresses (optional)

The static part of formData contains data related to the operation known when operation is initiated. For instance in case of a payment, the static data contains information about the payment such as title, amount, currency, target account and message to display to the user in the following structure:

{
  "formData": {
      "title": {
        "id": "operation.title",
        "message": "Confirm Payment"
      },
      "greeting": {
        "id": "operation.greeting",
        "message": "Hello,\nplease confirm following payment:"
      },
      "summary": {
        "id": "operation.summary",
        "message": "Hello, please confirm payment 100 CZK to account 238400856/0300."
      },
      "config": [],
      "banners": [],
      "parameters": [
        {
          "type": "AMOUNT",
          "id": "operation.amount",
          "label": "Amount",
          "valueFormatType": "AMOUNT",
          "formattedValues": {
            "amount": "100.00",
            "currency": "CZK"
          },
          "amount": 100,
          "currency": "CZK",
          "currencyId": "operation.currency"
        },
        {
          "type": "KEY_VALUE",
          "id": "operation.account",
          "label": "To Account",
          "valueFormatType": "ACCOUNT",
          "formattedValues": {
            "value": "238400856/0300"
          }
        },
        {
          "type": "KEY_VALUE",
          "id": "operation.dueDate",
          "label": "Due Date",
          "valueFormatType": "DATE",
          "formattedValues": {
            "value": "Jun 29, 2019"
          },
          "value": "2019-06-29"
        },
        {
          "type": "NOTE",
          "id": "operation.note",
          "label": "Note",
          "valueFormatType": "TEXT",
          "formattedValues": {
            "value": "Utility Bill Payment - 05/2019"
          },          
          "note": "Utility Bill Payment - 05/2019"
        },
        {
          "type": "HEADING",
          "id": "operation.heading",
          "label": null,
          "valueFormatType": "LOCALIZED_TEXT",
          "formattedValues": {
            "value": "Confirm Payment"
          },            
          "value": "operation.title"
        }
      ],
      "dynamicDataLoaded": false,
      "userInput": { 
      }
   }
}

The usage of static formData:

  • title - displayed as title on the page with operation details
    • field is required
    • id is the localization key
    • value is the localized text displayed on the page
  • greeting - displayed as a greeting message in the web application without operation details
    • field is required
    • id is the localization key
    • value is the localized text displayed on the page
  • summary - displayed as a summary message in the push message sent to mobile device
    • field is required
    • id is the localization key
    • value is the localized text displayed in the push message
  • config - configures individual form fields (e.g. default values, enabled/disabled state, etc.)
    • field is required, however the config list can be empty
  • banners - banners which can be displayed above form
  • parameters - operation parameters which are displayed on the page with operation details
    • field is required, however the parameter list can be empty

Following parameter types are available:

  • AMOUNT - contains information about amount in this operation including currency
    • field is optional
    • id is used both for field identification as well as the localization key
    • label is the displayed localized text
    • valueFormatType specifies the format type
    • formattedValue is the formatted value based on format type
    • amount is displayed next to the label
    • currency is displayed next to the amount
    • currencyId is used internally for localization
  • NOTE - contains text message related to the operation
    • field is optional
    • id is used both for field identification as well as the localization key
    • label is the displayed localized text
    • valueFormatType specifies the format type
    • formattedValue is the formatted value based on format type
    • note is the text message displayed next to the label
  • KEY_VALUE
    • field is optional
    • id is used both for field identification as well as the localization key
    • label is the displayed localized text
    • valueFormatType specifies the format type
    • formattedValue is the formatted value based on format type
    • value is the text displayed next to the label
  • HEADING
    • field is optional
    • id is used both for field identification as well as the localization key
    • label is ignored
    • value contains heading text
    • valueFormatType specifies the format type
    • formattedValue is the formatted heading text based on format type

The dynamic part of formData contains additional data which is loaded once the user is authenticated. For instance in case of a payment, the dynamic data can contain choice of bank accounts available for the user with their balances:

{
  "formData": {
    "parameters": [
      {
        "type": "BANK_ACCOUNT_CHOICE",
        "id": "operation.bankAccountChoice",
        "label": "From Your Account",
        "bankAccounts": [
          {
            "number": "12345678/1234",
            "accountId": "CZ4012340000000012345678",
            "name": "Běžný účet v CZK",
            "balance": 24394.52,
            "currency": "CZK",
            "usableForPayment": false,
            "unusableForPaymentReason": null
          },
          {
            "number": "87654321/4321",
            "accountId": "CZ4043210000000087654321",
            "name": "Spořící účet v CZK",
            "balance": 158121.1,
            "currency": "CZK",
            "usableForPayment": false,
            "unusableForPaymentReason": null
          },
          {
            "number": "44444444/1111",
            "accountId": "CZ4011110000000044444444",
            "name": "Spořící účet v EUR",
            "balance": 1.9,
            "currency": "EUR",
            "usableForPayment": false,
            "unusableForPaymentReason": "Low account balance"
          }
        ],
        "enabled": true,
        "defaultValue": "CZ4012340000000012345678"
      }
    ]
  }
}

Following parameter types are available:

  • BANK_ACCOUNT_CHOICE
    • field is optional
    • id is used both for field identification as well as the localization key
    • label is the displayed localized text
    • bankAccounts list is required when BANK_ACCOUNT_CHOICE parameter is specified, however it can be empty

Bank account details:

  • number - required, account number in human readable format
  • name - required, account name
  • balance - required, account balance
  • currency - required, account currency
  • usableForPayment - required, whether account can be used for payment, in case value is false, unusableForPaymentReason is displayed
  • unusableForPaymentReason - optional when usableForPayment = false, otherwise it is required, field explains reason why account is unusable for payment

When dynamic form data is loaded, the formData structure contains following data:

{
  "formData": {
    "dynamicDataLoaded": true
  }
}

Dynamic formData may not be loaded because it is required only for specific steps such as operation review. In this case the value is:

{
  "formData": {
    "dynamicDataLoaded": false
  }
}

The form fields can be configured in the config section as follows:

{
  "formData": {
    "config" : [ {
      "id" : "operation.bankAccountChoice",
      "enabled" : false,
      "defaultValue" : "CZ4043210000000087654321"
    } ]
  }
}

Each configuration item contains following fields:

  • id - id is used for field identification, same as id used in parameters
  • enabled - whether the field is enabled or disabled (default value = true)
  • defaultValue - default value of the field (default value = null)

The formData uses userInput JSON structure while gathering input from the user as the operation progresses:

{
  "formData": {
    "userInput": {
      "operation.bankAccountChoice": "CZ4012340000000012345678",
      "operation.bankAccountChoice.disabled": "true"
    }
  }
}

The userInput part of formData is optional - empty value of userInput is:

{
  "formData": {
    "userInput": {
    }
  }
}

Chosen authentication method for current step is stored in formData in case it is available:

{
  "formData": {
    "chosenAuthMethod": "POWERAUTH_TOKEN"
  }
}

Null value is used when authentication method has not been chosen for current step:

{
  "formData": {
    "chosenAuthMethod": null
  }
}

post /operation Create an Operation

Create an operation in Next Step server.

Documentation for operation data is available in a separate document.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OPERATION_ALREADY_EXISTS - operation with specified identifier already exists
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 ORGANIZATION_NOT_FOUND - organization specified in the request was not found
500 Server error - unexpected error occurred

Request

Sample request for creating a login operation (AISP)
  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationName": "login",
    "operationData": "A2",
    "externalTransactionId": "1234567890",
    "formData": {
      "title": {
        "id": "login.title"
      },
      "greeting": {
        "id": "login.greeting"
      },
      "summary": {
        "id": "login.summary"
      }
    },
    "applicationContext": {
      "id": "democlient",
      "name": "Demo application",
      "description": "Web Flow demo application",
      "originalScopes": ["pisp"],
      "extras": {
        "applicationOwner": "Wultra"
      }
    }
  }
}
Sample request for creating a payment operation (PISP)
  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationName": "authorize_payment",
    "operationId": null,
    "organizationId": null,
    "externalTransactionId": "1234567890",
    "operationData": "A1*A100CZK*Q238400856/0300**D20190629*NUtility Bill Payment - 05/2019",
    "params": [],
    "formData": {
      "title": {
        "id": "operation.title",
        "value": null
      },
      "greeting": {
        "id": "operation.greeting",
        "value": null
      },
      "summary": {
        "id": "operation.summary",
        "value": null
      },
      "config": [],
      "parameters": [
        {
          "type": "AMOUNT",
          "id": "operation.amount",
          "label": null,
          "valueFormatType": "AMOUNT",
          "formattedValues": {},
          "amount": 100,
          "currency": "CZK",
          "currencyId": "operation.currency"
        },
        {
          "type": "KEY_VALUE",
          "id": "operation.account",
          "label": null,
          "valueFormatType": "ACCOUNT",
          "formattedValues": {},
          "value": "238400856/0300"
        },
        {
          "type": "KEY_VALUE",
          "id": "operation.dueDate",
          "label": null,
          "valueFormatType": "DATE",
          "formattedValues": {},
          "value": "2019-06-29"
        },
        {
          "type": "NOTE",
          "id": "operation.note",
          "label": null,
          "valueFormatType": "TEXT",
          "formattedValues": {},
          "note": "Utility Bill Payment - 05/2019"
        }
      ]
    },
      "applicationContext": {
        "id": "democlient",
        "name": "Demo application",
        "description": "Web Flow demo application",
        "originalScopes": ["pisp"],
        "extras": {
          "applicationOwner": "Wultra"
        }
    }
  }
}

Response

Sample response for creating a login operation (AISP)
  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "operationId": "ec039314-7560-470a-b226-116c712e8fb3",
    "operationName": "login",
    "organizationId": null,
    "externalTransactionId": "1234567890",
    "result": "CONTINUE",
    "resultDescription": null,
    "timestampCreated": "2019-07-30T12:51:28+0000",
    "timestampExpires": "2019-07-30T12:56:28+0000",
    "operationData": null,
    "steps": [
      {
        "authMethod": "USER_ID_ASSIGN",
        "params": []
      },
      {
        "authMethod": "USERNAME_PASSWORD_AUTH",
        "params": []
      }
    ],
    "formData": {
      "title": {
        "id": "login.title",
        "message": null
      },
      "greeting": {
        "id": "login.greeting",
        "message": null
      },
      "summary": {
        "id": "login.summary",
        "message": null
      },
      "config": [],
      "banners": [],
      "parameters": [],
      "dynamicDataLoaded": false,
      "userInput": {}
    },
    "expired": false
  }
}
Sample response for creating a payment operation (PISP)
  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "operationId": "f415a617-f7c0-4800-8436-f85eb075eb6f",
    "operationName": "authorize_payment",
    "organizationId": null,
    "externalTransactionId": "1234567890",
    "result": "CONTINUE",
    "resultDescription": null,
    "timestampCreated": "2019-07-30T12:52:35+0000",
    "timestampExpires": "2019-07-30T12:57:35+0000",
    "operationData": null,
    "steps": [
      {
        "authMethod": "USER_ID_ASSIGN",
        "params": []
      },
      {
        "authMethod": "USERNAME_PASSWORD_AUTH",
        "params": []
      }
    ],
    "formData": {
      "title": {
        "id": "operation.title",
        "message": null
      },
      "greeting": {
        "id": "operation.greeting",
        "message": null
      },
      "summary": {
        "id": "operation.summary",
        "message": null
      },
      "config": [],
      "banners": [],
      "parameters": [
        {
          "type": "AMOUNT",
          "id": "operation.amount",
          "label": null,
          "valueFormatType": "AMOUNT",
          "formattedValues": {},
          "amount": 100,
          "currency": "CZK",
          "currencyId": "operation.currency"
        },
        {
          "type": "KEY_VALUE",
          "id": "operation.account",
          "label": null,
          "valueFormatType": "ACCOUNT",
          "formattedValues": {},
          "value": "238400856/0300"
        },
        {
          "type": "KEY_VALUE",
          "id": "operation.dueDate",
          "label": null,
          "valueFormatType": "DATE",
          "formattedValues": {},
          "value": "2019-06-29"
        },
        {
          "type": "NOTE",
          "id": "operation.note",
          "label": null,
          "valueFormatType": "TEXT",
          "formattedValues": {},
          "note": "Utility Bill Payment - 05/2019"
        }
      ],
      "dynamicDataLoaded": false,
      "userInput": {}
    },
    "expired": false
  }
}

put /operation Update an Operation

Update an operation in Next Step server.

This method has a POST /operation/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 AUTH_METHOD_NOT_FOUND - authentication method specified in request was not found
400 OPERATION_ALREADY_FINISHED - operation is already in DONE state
400 OPERATION_ALREADY_FAILED - operation is already in FAILED state
400 OPERATION_ALREADY_CANCELED - operation is already in FAILED/CANCELED state
400 OPERATION_NOT_VALID - operation which is being updated is not valid
400 OPERATION_NOT_FOUND - operation with specified identifier was not found
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 ORGANIZATION_NOT_FOUND - organization specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationId": "4e02b39b-1ecb-440a-a942-cc27bc07d203",
    "userId": "12345678",
    "organizationId": "RETAIL",
    "authMethod": "USERNAME_PASSWORD_AUTH",
    "authStepResult": "CONFIRMED",
    "authStepResultDescription": null,
    "params": []
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "operationId": "4e02b39b-1ecb-440a-a942-cc27bc07d203",
    "operationName": "authorize_payment",
    "userId": "12345678",
    "organizationId": "RETAIL",
    "externalTransactionId": "1234567890",
    "result": "CONTINUE",
    "resultDescription": null,
    "timestampCreated": "2018-06-28T12:20:28+0000",
    "timestampExpires": "2018-06-28T12:20:43+0000",
    "operationData": "A1*A100CZK*Q238400856/0300**D20190629*NUtility Bill Payment - 05/2019",
    "steps": [
      {
        "authMethod": "SMS_KEY",
        "params": []
      }
    ],
    "formData": {
      "title": {
        "id": "operation.title",
        "value": null
      },
      "greeting": {
        "id": "operation.greeting",
        "value": null
      },
      "summary": {
        "id": "operation.summary",
        "value": null
      },
      "config": [],
      "parameters": [
        {
          "type": "AMOUNT",
          "id": "operation.amount",
          "label": null,
          "valueFormatType": "AMOUNT",
          "formattedValues": {},
          "amount": 100,
          "currency": "CZK",
          "currencyId": "operation.currency"
        },
        {
          "type": "KEY_VALUE",
          "id": "operation.account",
          "label": null,
          "valueFormatType": "ACCOUNT",
          "formattedValues": {},
          "value": "238400856/0300"
        },
        {
          "type": "KEY_VALUE",
          "id": "operation.dueDate",
          "label": null,
          "valueFormatType": "DATE",
          "formattedValues": {},
          "value": "2019-06-29"
        },
        {
          "type": "NOTE",
          "id": "operation.note",
          "label": null,
          "valueFormatType": "TEXT",
          "formattedValues": {},
          "note": "Utility Bill Payment - 05/2019"
        }
      ]
    },
    "expired": false
  }
}

get /operation/detail Operation Detail

Retrieve detail of an operation in the Next Step server.

This method has a POST /operation/detail alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OPERATION_NOT_VALID - operation is not valid
400 OPERATION_NOT_FOUND - operation with specified identifier was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject" : {
    "operationId" : "0861a423-ac06-4bcb-a426-2052872163d3"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "operationId": "0861a423-ac06-4bcb-a426-2052872163d3",
    "operationName": "authorize_payment_sca",
    "userId": "12345678",
    "organizationId": "RETAIL",
    "result": "CONTINUE",
    "timestampCreated": "2019-07-30T12:36:19+0000",
    "timestampExpires": "2019-07-30T12:41:40+0000",
    "operationData": "A1*A100CZK*Q238400856/0300**D20190629*NUtility Bill Payment - 05/2019",
    "steps": [
      {
        "authMethod": "LOGIN_SCA",
        "params": []
      }
    ],
    "history": [
      {
        "authMethod": "INIT",
        "authResult": "CONTINUE",
        "requestAuthStepResult": "CONFIRMED"
      }
    ],
    "formData": {
      "title": {
        "id": "operation.title",
        "message": null
      },
      "greeting": {
        "id": "operation.greeting",
        "message": null
      },
      "summary": {
        "id": "operation.summary",
        "message": null
      },
      "config": [],
      "banners": [],
      "parameters": [
        {
          "type": "AMOUNT",
          "id": "operation.amount",
          "label": null,
          "valueFormatType": "AMOUNT",
          "formattedValues": {},
          "amount": 100,
          "currency": "CZK",
          "currencyId": "operation.currency"
        },
        {
          "type": "KEY_VALUE",
          "id": "operation.account",
          "label": null,
          "valueFormatType": "ACCOUNT",
          "formattedValues": {},
          "value": "238400856/0300"
        },
        {
          "type": "KEY_VALUE",
          "id": "operation.dueDate",
          "label": null,
          "valueFormatType": "DATE",
          "formattedValues": {},
          "value": "2019-06-29"
        },
        {
          "type": "NOTE",
          "id": "operation.note",
          "label": null,
          "valueFormatType": "TEXT",
          "formattedValues": {},
          "note": "Utility Bill Payment - 05/2019"
        }
      ],
      "dynamicDataLoaded": false,
      "userInput": {
        "smsFallback.enabled": "true"
      }
    },
    "chosenAuthMethod": null,
    "remainingAttempts": 3,
    "applicationContext": {
      "id": "democlient",
      "name": "Demo application",
      "description": "Web Flow demo application",
      "originalScopes": ["pisp"],
      "extras": {
        "applicationOwner": "Wultra"
      }
    },
    "expired": false
  }
}

get /user/operation List Pending Operations

List pending operation for given user and authentication method.

This method has a POST /user/operation/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject" : {
    "userId" : "12345678",
    "mobileTokenOnly" : true
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": [
    {
      "operationId": "d7d9910e-b047-4352-b2b3-f1fa30d03f3a",
      "operationName": "authorize_payment_sca",
      "userId": "12345678",
      "organizationId": "RETAIL",
      "accountStatus": "ACTIVE",
      "result": "CONTINUE",
      "timestampCreated": "2019-07-30T12:57:28+0000",
      "timestampExpires": "2019-07-30T13:02:28+0000",
      "operationData": "A1*A100CZK*Q238400856/0300**D20190629*NUtility Bill Payment - 05/2019",
      "steps": [],
      "history": [
        {
          "authMethod": "INIT",
          "authResult": "CONTINUE",
          "requestAuthStepResult": "CONFIRMED"
        }
      ],
      "formData": {
        "title": {
          "id": "operation.title",
          "message": null
        },
        "greeting": {
          "id": "operation.greeting",
          "message": null
        },
        "summary": {
          "id": "operation.summary",
          "message": null
        },
        "config": [],
        "banners": [],
        "parameters": [
          {
            "type": "AMOUNT",
            "id": "operation.amount",
            "label": null,
            "valueFormatType": "AMOUNT",
            "formattedValues": {},
            "amount": 100,
            "currency": "CZK",
            "currencyId": "operation.currency"
          },
          {
            "type": "KEY_VALUE",
            "id": "operation.account",
            "label": null,
            "valueFormatType": "ACCOUNT",
            "formattedValues": {},
            "value": "238400856/0300"
          },
          {
            "type": "KEY_VALUE",
            "id": "operation.dueDate",
            "label": null,
            "valueFormatType": "DATE",
            "formattedValues": {},
            "value": "2019-06-29"
          },
          {
            "type": "NOTE",
            "id": "operation.note",
            "label": null,
            "valueFormatType": "TEXT",
            "formattedValues": {},
            "note": "Utility Bill Payment - 05/2019"
          }
        ],
        "dynamicDataLoaded": false,
        "userInput": {}
      },
      "chosenAuthMethod": "LOGIN_SCA",
      "remainingAttempts": null,
      "applicationContext": {
        "id": "democlient",
        "name": "Demo application",
        "description": "Web Flow demo application",
        "originalScopes": ["pisp"],
        "extras": {
          "applicationOwner": "Wultra"
        }
      },
      "expired": false
    }
  ]
}

post /operation/lookup/external Lookup Operations by External Transaction ID

Find all operations with matching external transaction ID.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject" : {
    "externalTransactionId" : "12345678"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "operations": [
      {
        "operationId": "e6d3a5e7-e291-42f7-bd46-49d9fbac4282",
        "operationName": "authorize_payment",
        "userId": null,
        "organizationId": "RETAIL",
        "accountStatus": "ACTIVE",
        "externalTransactionId": "12345678",
        "result": "CONTINUE",
        "timestampCreated": "2020-01-28T15:58:11+0000",
        "timestampExpires": "2020-01-28T16:03:11+0000",
        "operationData": "A1*A100CZK*Q238400856/0300**D20170629*NUtility Bill Payment - 05/2017",
        "steps": [],
        "history": [
          {
            "authMethod": "INIT",
            "authResult": "CONTINUE",
            "requestAuthStepResult": "CONFIRMED"
          }
        ],
        "afsActions": [],
        "formData": {
          "title": {
            "id": "operation.title",
            "message": null
          },
          "greeting": {
            "id": "operation.greeting",
            "message": null
          },
          "summary": {
            "id": "operation.summary",
            "message": null
          },
          "config": [],
          "banners": [],
          "parameters": [
            {
              "type": "AMOUNT",
              "id": "operation.amount",
              "label": null,
              "valueFormatType": "AMOUNT",
              "formattedValues": {},
              "amount": 100,
              "currency": "CZK",
              "currencyId": "operation.currency"
            },
            {
              "type": "KEY_VALUE",
              "id": "operation.account",
              "label": null,
              "valueFormatType": "ACCOUNT",
              "formattedValues": {},
              "value": "238400856/0300"
            },
            {
              "type": "KEY_VALUE",
              "id": "operation.dueDate",
              "label": null,
              "valueFormatType": "DATE",
              "formattedValues": {},
              "value": "2017-06-29"
            },
            {
              "type": "NOTE",
              "id": "operation.note",
              "label": null,
              "valueFormatType": "TEXT",
              "formattedValues": {},
              "note": "Utility Bill Payment - 05/2017"
            }
          ],
          "dynamicDataLoaded": false,
          "userInput": {}
        },
        "chosenAuthMethod": null,
        "remainingAttempts": null,
        "applicationContext": {
          "id": "democlient",
          "name": "Demo application",
          "description": "Web Flow demo application",
          "originalScopes": ["pisp"],
          "extras": {
            "applicationOwner": "Wultra"
          }
        },
        "expired": false
      }
    ]
  }
}

put /operation/formData Update Operation formData

Update operation formData for given operation. Only the userInput part of formData can be currently updated by the clients.

This method has a POST /operation/formData/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OPERATION_NOT_FOUND - operation with specified identifier was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "formData": {
    "title": {
      "id": "operation.title",
      "message": "Confirm Payment"
    },
    "greeting": {
      "id": "operation.greeting",
      "message": "Hello,\nplease confirm following payment:"
    },
    "summary": {
      "id": "operation.summary",
      "message": "Hello, please confirm payment 100 CZK to account 238400856/0300."
    },
    "config": [],
    "banners": [],
    "parameters": [
      {
        "type": "AMOUNT",
        "id": "operation.amount",
        "label": "Amount",
        "valueFormatType": "AMOUNT",
        "formattedValue": "100.00 CZK",
        "amount": 100,
        "currency": "CZK",
        "currencyId": "operation.currency"
      },
      {
        "type": "KEY_VALUE",
        "id": "operation.account",
        "label": "To Account",
        "valueFormatType": "ACCOUNT",
        "formattedValue": "238400856/0300",
        "value": "238400856/0300"
      },
      {
        "type": "KEY_VALUE",
        "id": "operation.dueDate",
        "label": "Due Date",
        "valueFormatType": "DATE",
        "formattedValue": "Jun 29, 2019",
        "value": "2019-06-29"
      },
      {
        "type": "NOTE",
        "id": "operation.note",
        "label": "Note",
        "valueFormatType": "TEXT",
        "formattedValue": "Utility Bill Payment - 05/2019",
        "note": "Utility Bill Payment - 05/2019"
      },
      {
        "type": "BANK_ACCOUNT_CHOICE",
        "id": "operation.bankAccountChoice",
        "label": "From Your Account",
        "bankAccounts": [
          {
            "number": "12345678/1234",
            "accountId": "CZ4012340000000012345678",
            "name": "Běžný účet v CZK",
            "balance": 24394.52,
            "currency": "CZK",
            "usableForPayment": false,
            "unusableForPaymentReason": null
          },
          {
            "number": "87654321/4321",
            "accountId": "CZ4043210000000087654321",
            "name": "Spořící účet v CZK",
            "balance": 158121.1,
            "currency": "CZK",
            "usableForPayment": false,
            "unusableForPaymentReason": null
          },
          {
            "number": "44444444/1111",
            "accountId": "CZ4011110000000044444444",
            "name": "Spořící účet v EUR",
            "balance": 1.9,
            "currency": "EUR",
            "usableForPayment": false,
            "unusableForPaymentReason": "Low account balance"
          }
        ],
        "enabled": true,
        "defaultValue": "CZ4012340000000012345678"
      }
    ],
    "dynamicDataLoaded": true,
    "userInput": {
      "operation.bankAccountChoice": "CZ4012340000000012345678"
    }
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status" : "OK"
}

put /operation/application Update Application Context for an Operation

Update application context for an operation.

This method has a POST /operation/application/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OPERATION_NOT_FOUND - operation with specified identifier was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationId": "3e87f071-2f08-4341-9034-47cb5f8a3fb4",
    "applicationContext": {
      "id": "BANK_ABC_PROD",
      "name": "Bank ABC",
      "description": "Authorization for Bank ABC",
      "originalScopes": ["SCOPE_1", "SCOPE_2", "SCOPE_3"],
      "extras": {
        "applicationOwner": "BANK_ABC"
      }
    }
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status" : "OK"
}

put /operation/user Update User for an Operation

Update user ID, organization ID and account status for an operation.

This method has a POST /operation/user/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OPERATION_NOT_FOUND - operation with specified identifier was not found
400 ORGANIZATION_NOT_FOUND - organization specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationId": "0a044408-aea0-433a-80cf-6371dc2a76c0",
    "userId": "12345678",
    "organizationId": "RETAIL",
    "accountStatus": "ACTIVE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status" : "OK"
}

put /operation/chosenAuthMethod Set Chosen Authentication Method

Set chosen authentication method for current operation step.

This method has a POST /operation/chosenAuthMethod/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 OPERATION_NOT_VALID - operation which is being updated is not valid
400 OPERATION_NOT_FOUND - operation with specified identifier was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationId": "3e87f071-2f08-4341-9034-47cb5f8a3fb4",
    "chosenAuthMethod": "POWERAUTH_TOKEN"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status" : "OK"
}

put /operation/mobileToken/status Update Mobile Token Status for an Operation

Set whether mobile token is active for an operation.

This method has a POST /operation/mobileToken/status/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OPERATION_NOT_VALID - operation which is being updated is not valid
400 OPERATION_NOT_FOUND - operation with specified identifier was not found
400 INVALID_CONFIGURATION - Next Step configuration is invalid
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationId": "1ee2d165-1926-4a77-be5f-82ec26f12b97",
    "mobileTokenActive": true
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status" : "OK"
}

get /operation/mobileToken/config/detail Get Mobile Token Configuration

Get whether mobile token is enabled for given user ID, operation name and authentication method.

This method has a POST /operation/mobileToken/config/detail alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_CONFIGURATION - Next Step configuration is invalid
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "12345678",
    "operationName": "login",
    "authMethod": "LOGIN_SCA"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "mobileTokenEnabled": true
  }
}

post /operation/afs/action Store Result of an AFS Action

Store result of an AFS action for an operation.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationId": "47a74437-83f9-4567-8c9e-270bea98d9de",
    "afsAction": "APPROVAL_INIT",
    "stepIndex": 1,
    "requestAfsExtras": "{}",
    "afsResponseApplied": true,
    "afsLabel": "1FA",
    "responseAfsExtras": "{}",
    "timestampCreated": 1572618429867
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status" : "OK"
}

post /operation/config/list List Operation Configurations

Retrieve list of operation configurations.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "operationConfigs": [
      {
        "operationName": "authorize_payment",
        "templateVersion": "A",
        "templateId": 1,
        "mobileTokenMode": "{\"type\":\"2FA\",\"variants\":[\"possession_knowledge\",\"possession_biometry\"]}"
      },
      {
        "operationName": "authorize_payment_sca",
        "templateVersion": "A",
        "templateId": 1,
        "mobileTokenMode": "{\"type\":\"2FA\",\"variants\":[\"possession_knowledge\",\"possession_biometry\"]}"
      },
      {
        "operationName": "login",
        "templateVersion": "A",
        "templateId": 2,
        "mobileTokenMode": "{\"type\":\"2FA\",\"variants\":[\"possession_knowledge\",\"possession_biometry\"]}"
      },
      {
        "operationName": "login_sca",
        "templateVersion": "A",
        "templateId": 2,
        "mobileTokenMode": "{\"type\":\"2FA\",\"variants\":[\"possession_knowledge\",\"possession_biometry\"]}"
      }
    ]
  }
}

post /operation/config Create an Operation Configuration

Create an operation configuration.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OPERATION_CONFIG_ALREADY_EXISTS - operation configuration already exists
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationName": "login_other",
    "templateVersion": "A",
    "templateId": 2,
    "mobileTokenEnabled": false,
    "mobileTokenMode": "{}",
    "afsEnabled": false,
    "afsConfigId": null,
    "expirationTime": 300000
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "operationName": "login_other",
    "templateVersion": "A",
    "templateId": 2,
    "mobileTokenEnabled": false,
    "mobileTokenMode": "{}",
    "afsEnabled": false,
    "afsConfigId": null,
    "expirationTime": 300000
  }
}

get /operation/config/detail Get Operation Configuration Detail

Get operation configuration detail.

This method has a POST /operation/config/detail alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OPERATION_CONFIG_NOT_FOUND - operation configuration was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationName": "login"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "operationName": "login",
    "templateVersion": "A",
    "templateId": 2,
    "mobileTokenMode": "{\"type\":\"2FA\",\"variants\":[\"possession_knowledge\",\"possession_biometry\"]}"
  }
}

delete /operation/config Delete an Operation Configuration

Delete an operation configuration.

This method has a POST /operation/config/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OPERATION_CONFIG_NOT_FOUND - operation configuration was not found
400 DELETE_NOT_ALLOWED - operation configuration removal is not allowed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationName": "login",
    "authMethod": "POWERAUTH_TOKEN"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "operationName": "login"
  }
}

post /operation/auth-method/config Create an Operation and Authentication Method Configuration

Create a configuration for an operation and an authentication method.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OPERATION_METHOD_CONFIG_ALREADY_EXISTS - operation and authentication method configuration already exists
400 OPERATION_CONFIG_NOT_FOUND - operation configuration was not found
400 AUTH_METHOD_NOT_FOUND - authentication method was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationName": "login_other",
    "authMethod": "LOGIN_SCA",
    "maxAuthFails": 3
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "operationName": "login_other",
    "authMethod": "LOGIN_SCA",
    "maxAuthFails": 3
  }
}

get /operation/auth-method/config/detail Get an Operation and Authentication Method Configuration Detail

Get configuration for an operation and an authentication method.

This method has a POST /operation/auth-method/config/detail alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OPERATION_METHOD_CONFIG_NOT_FOUND - operation and authentication method configuration was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationName": "login_other",
    "authMethod": "LOGIN_SCA"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "operationName": "login_other",
    "authMethod": "LOGIN_SCA",
    "maxAuthFails": 3
  }
}

delete /operation/auth-method/config Delete an Operation and Authentication Method Configuration

Delete a configuration for an operation and an authentication method.

This method has a POST /operation/auth-method/config/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OPERATION_METHOD_CONFIG_NOT_FOUND - operation and authentication method configuration was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationName": "login_other",
    "authMethod": "LOGIN_SCA"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "operationName": "login_other",
    "authMethod": "LOGIN_SCA"
  }
}

Organizations API

post /organization Create an Organization

Create an organization.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 ORGANIZATION_ALREADY_EXISTS - organization with identifier specified in the request already exists
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "organizationId": "CORPORATE",
    "displayNameKey": "organization.corp",
    "orderNumber": 3,
    "default": false,
    "defaultCredentialName": "CRED_CORP",
    "defaultOtpName": "OTP_CORP"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "organizationId": "CORPORATE",
    "displayNameKey": "organization.corp",
    "orderNumber": 3,
    "default": false,
    "defaultCredentialName": "CRED_CORP",
    "defaultOtpName": "OTP_CORP"   
  }
}

get /organization List Organizations

List all organizations configured on the server.

This method has a POST /organization/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "organizations": [
      {
        "organizationId": "RETAIL",
        "displayNameKey": "organization.retail",
        "orderNumber": 1,
        "default": true,
        "defaultCredentialName": "CRED_RETAIL",
        "defaultOtpName": "OTP_RETAIL"        
      },
      {
        "organizationId": "SME",
        "displayNameKey": "organization.sme",
        "orderNumber": 2,
        "default": false,
        "defaultCredentialName": "CRED_SME",
        "defaultOtpName": "OTP_SME"
      }
    ]
  }
}

get /organization/detail Organization Detail

Get detail of an organization configured on the server.

This method has a POST /organization/detail alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 ORGANIZATION_NOT_FOUND - organization specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
	"requestObject": {
		"organizationId": "RETAIL"
	}
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "organizationId": "RETAIL",
    "displayNameKey": "organization.retail",
    "orderNumber": 1,
    "default": true,
    "defaultCredentialName": "CRED_RETAIL",
    "defaultOtpName": "OTP_RETAIL"
  }
}

delete /organization Delete an Organization

Delete an organization.

This method has a POST /organization/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 ORGANIZATION_NOT_FOUND - organization specified in the request was not found
400 DELETE_NOT_ALLOWED - organization removal is not allowed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "organizationId": "CORPORATE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "organizationId": "CORPORATE"
  }
}

Step Definitions API

post /step/definition Create a Step definition

Create a step definition.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 STEP_DEFINITION_ALREADY_EXISTS - step definition with identifier specified in the request already exists
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "stepDefinitionId": 1,
    "operationName": "login",
    "operationType": "CREATE",
    "requestAuthMethod": null,
    "requestAuthStepResult": null,
    "responsePriority": 1,
    "responseAuthMethod": "USER_ID_ASSIGN",
    "responseResult": "CONTINUE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "stepDefinitionId": 1,
    "operationName": "login",
    "operationType": "CREATE",
    "requestAuthMethod": null,
    "requestAuthStepResult": null,
    "responsePriority": 1,
    "responseAuthMethod": "USER_ID_ASSIGN",
    "responseResult": "CONTINUE"
  }
}

delete /step/definition Delete a Step Definition

Delete a step definition.

This method has a POST /step/definition/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 STEP_DEFINITION_NOT_FOUND - step definition with identifier specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "stepDefinitionId": 1
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "stepDefinitionId": 1
  }
}

Applications API

post /application Create an Application

Create a Next Step application.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 APPLICATION_ALREADY_EXISTS - application with name specified in the request already exists
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "applicationName": "APP_1",
    "description": "Test application"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "applicationName": "APP_1",
    "description": "Test application",
    "applicationStatus": "ACTIVE"
  }
}

get /application List Applications

List all applications configured on the server.

This method has a POST /application/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "includeRemoved": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "applications": [
      {
        "applicationName": "APP",
        "applicationStatus": "ACTIVE",
        "description": "Sample application",
        "timestampCreated": "2021-06-07T11:42:54+0000",
        "timestampLastUpdated": null
      }
    ]
  }
}

put /application Update an Application

Update an application configured on the server.

This method has a POST /application/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 APPLICATION_NOT_FOUND - application with name specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "applicationName": "APP_1",
    "description": "Test application updated",
    "applicationStatus": "ACTIVE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "applicationName": "APP_1",
    "description": "Test application updated",
    "applicationStatus": "ACTIVE"
  }
}

delete /application Delete an Application

Delete an application.

This method has a POST /application/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 APPLICATION_NOT_FOUND - application with name specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "applicationName": "APP_1"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "applicationName": "APP_1",
    "applicationStatus": "REMOVED"
  }
}

Roles API

post /role Create a Role

Create a user role.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 ROLE_ALREADY_EXISTS - role with name specified in the request already exists
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "roleName": "TEST_ROLE",
    "description": "Test role"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "roleName": "TEST_ROLE",
    "description": "Test role"
  }
}

get /role List Roles

List all user roles.

This method has a POST /role/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "roles": [
      {
        "roleName": "TEST_ROLE",
        "description": "Test role",
        "timestampCreated": "2021-06-07T11:42:54+0000",
        "timestampLastUpdated": null
      }
    ]
  }
}

delete /role Delete a Role

Delete a user role.

This method has a POST /role/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 ROLE_NOT_FOUND - role with name specified in the request was not found
400 DELETE_NOT_ALLOWED - role removal is not allowed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "roleName": "TEST_ROLE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "roleName": "TEST_ROLE"
  }
}

Credential Policies API

post /credential/policy Create a Credential Policy

Create a credential policy.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 CREDENTIAL_POLICY_ALREADY_EXISTS - credential policy with name specified in the request already exists
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "credentialPolicyName": "TEST_CREDENTIAL_POLICY",
    "description": "Test policy",
    "usernameLengthMin": 8,
    "usernameLengthMax": 32,
    "usernameAllowedChars": "[a-zA-Z0-9]+",
    "credentialLengthMin": 8,
    "credentialLengthMax": 32,
    "limitSoft": 3,
    "limitHard": 5,
    "checkHistoryCount": 3,
    "rotationEnabled": false,
    "rotationDays": null,
    "temporaryCredentialExpirationTime": null,
    "usernameGenAlgorithm": "RANDOM_DIGITS",
    "usernameGenParam": {
      "length": 8
    },
    "credentialGenAlgorithm": "RANDOM_PASSWORD",
    "credentialGenParam": {
      "length": 12,
      "includeSmallLetters": true,
      "smallLettersCount": null,
      "includeCapitalLetters": true,
      "capitalLettersCount": null,
      "includeDigits": true,
      "digitsCount": null,
      "includeSpecialChars": true,
      "specialCharsCount": null
    },
    "credentialValParam": {
      "includeWhitespaceRule": true,
      "includeUsernameRule": true,
      "includeAllowedCharacterRule": false,
      "allowedChars": "",
      "includeAllowedRegexRule": false,
      "allowedRegex": ".*",
      "includeIllegalCharacterRule": false,
      "illegalChars": "",
      "includeIllegalRegexRule": false,
      "illegalRegex": "",
      "includeCharacterRule": true,
      "includeSmallLetters": true,
      "smallLettersMin": 1,
      "includeCapitalLetters": true,
      "capitalLettersMin": 1,
      "includeAlphabeticalLetters": true,
      "alphabeticalLettersMin": 2,
      "includeDigits": true,
      "digitsMin": 1,
      "includeSpecialChars": true,
      "specialCharsMin": 1
    }
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "credentialPolicyName": "TEST_CREDENTIAL_POLICY",
    "description": "Test policy",
    "credentialPolicyStatus": "ACTIVE",
    "usernameLengthMin": 8,
    "usernameLengthMax": 32,
    "usernameAllowedPattern": null,
    "credentialLengthMin": 8,
    "credentialLengthMax": 32,
    "limitSoft": 3,
    "limitHard": 5,
    "checkHistoryCount": 3,
    "rotationEnabled": false,
    "rotationDays": null,
    "temporaryCredentialExpirationTime": null,
    "usernameGenAlgorithm": "RANDOM_DIGITS",
    "usernameGenParam": {
      "length": 8
    },
    "credentialGenAlgorithm": "RANDOM_PASSWORD",
    "credentialGenParam": {
      "length": 12,
      "includeSmallLetters": true,
      "smallLettersCount": null,
      "includeCapitalLetters": true,
      "capitalLettersCount": null,
      "includeDigits": true,
      "digitsCount": null,
      "includeSpecialChars": true,
      "specialCharsCount": null
    },
    "credentialValParam": {
      "includeWhitespaceRule": true,
      "includeUsernameRule": true,
      "includeAllowedCharacterRule": false,
      "allowedChars": "",
      "includeAllowedRegexRule": false,
      "allowedRegex": ".*",
      "includeIllegalCharacterRule": false,
      "illegalChars": "",
      "includeIllegalRegexRule": false,
      "illegalRegex": "",
      "includeCharacterRule": true,
      "includeSmallLetters": true,
      "smallLettersMin": 1,
      "includeCapitalLetters": true,
      "capitalLettersMin": 1,
      "includeAlphabeticalLetters": true,
      "alphabeticalLettersMin": 2,
      "includeDigits": true,
      "digitsMin": 1,
      "includeSpecialChars": true,
      "specialCharsMin": 1
    }
  }
}

get /credential/policy List Credential Policies

List all credential policies configured on the server.

This method has a POST /credential/policy/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 INVALID_CONFIGURATION - Next Step configuration is invalid
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "includeRemoved": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "credentialPolicies": [
      {
        "credentialPolicyName": "TEST_CREDENTIAL_POLICY",
        "description": "Test policy",
        "usernameLengthMin": 8,
        "usernameLengthMax": 32,
        "usernameAllowedPattern": null,
        "credentialLengthMin": 8,
        "credentialLengthMax": 32,
        "limitSoft": 3,
        "limitHard": 5,
        "checkHistoryCount": 3,
        "rotationEnabled": false,
        "rotationDays": null,
        "temporaryCredentialExpirationTime": null,
        "usernameGenAlgorithm": "RANDOM_DIGITS",
        "usernameGenParam": {
          "length": 8
        },
        "credentialGenAlgorithm": "RANDOM_PASSWORD",
        "credentialGenParam": {
          "length": 12,
          "includeSmallLetters": true,
          "smallLettersCount": null,
          "includeCapitalLetters": true,
          "capitalLettersCount": null,
          "includeDigits": true,
          "digitsCount": null,
          "includeSpecialChars": true,
          "specialCharsCount": null
        },
        "credentialValParam": {
          "includeWhitespaceRule": true,
          "includeUsernameRule": true,
          "includeAllowedCharacterRule": false,
          "allowedChars": "",
          "includeAllowedRegexRule": false,
          "allowedRegex": ".*",
          "includeIllegalCharacterRule": false,
          "illegalChars": "",
          "includeIllegalRegexRule": false,
          "illegalRegex": "",
          "includeCharacterRule": true,
          "includeSmallLetters": true,
          "smallLettersMin": 1,
          "includeCapitalLetters": true,
          "capitalLettersMin": 1,
          "includeAlphabeticalLetters": true,
          "alphabeticalLettersMin": 2,
          "includeDigits": true,
          "digitsMin": 1,
          "includeSpecialChars": true,
          "specialCharsMin": 1
        },
        "credentialPolicyStatus": "ACTIVE",
        "timestampCreated": "2021-07-01T19:50:11+0000",
        "timestampLastUpdated": null
      }
    ]
  }
}

put /credential/policy Update a Credential Policy

Update a credential policy configured on the server.

This method has a POST /credential/policy/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 CREDENTIAL_POLICY_NOT_FOUND - credential policy with name specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "credentialPolicyName": "CREDENTIAL_POLICY",
    "description": "Sample credential policy",
    "usernameLengthMin": 5,
    "usernameLengthMax": 20,
    "usernameAllowedPattern": "[0-9a-z]+",
    "credentialLengthMin": 8,
    "credentialLengthMax": 40,
    "limitSoft": 3,
    "limitHard": 5,
    "checkHistoryCount": 3,
    "rotationEnabled": false,
    "rotationDays": null,
    "temporaryCredentialExpirationTime": 345600,
    "usernameGenAlgorithm": "RANDOM_DIGITS",
    "usernameGenParam": {
      "length": 8
    },
    "credentialGenAlgorithm": "RANDOM_PASSWORD",
    "credentialGenParam": {
      "length": 12,
      "includeSmallLetters": true,
      "smallLettersCount": 5,
      "includeCapitalLetters": true,
      "capitalLettersCount": 5,
      "includeDigits": true,
      "digitsCount": 1,
      "includeSpecialChars": true,
      "specialCharsCount": 1
    },
    "credentialValParam": {
      "includeWhitespaceRule": true,
      "includeUsernameRule": true,
      "includeAllowedCharacterRule": false,
      "allowedChars": "",
      "includeAllowedRegexRule": false,
      "allowedRegex": ".*",
      "includeIllegalCharacterRule": false,
      "illegalChars": "",
      "includeIllegalRegexRule": false,
      "illegalRegex": "",
      "includeCharacterRule": true,
      "includeSmallLetters": true,
      "smallLettersMin": 1,
      "includeCapitalLetters": true,
      "capitalLettersMin": 1,
      "includeAlphabeticalLetters": true,
      "alphabeticalLettersMin": 2,
      "includeDigits": true,
      "digitsMin": 1,
      "includeSpecialChars": true,
      "specialCharsMin": 1
    },
    "credentialPolicyStatus": "ACTIVE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "credentialPolicyName": "CREDENTIAL_POLICY",
    "description": "Sample credential policy",
    "usernameLengthMin": 5,
    "usernameLengthMax": 20,
    "usernameAllowedPattern": "[0-9a-z]+",
    "credentialLengthMin": 8,
    "credentialLengthMax": 40,
    "limitSoft": 3,
    "limitHard": 5,
    "checkHistoryCount": 3,
    "rotationEnabled": false,
    "rotationDays": null,
    "temporaryCredentialExpirationTime": 345600,
    "usernameGenAlgorithm": "RANDOM_DIGITS",
    "usernameGenParam": {
      "length": 8
    },
    "credentialGenAlgorithm": "RANDOM_PASSWORD",
    "credentialGenParam": {
      "length": 12,
      "includeSmallLetters": true,
      "smallLettersCount": 5,
      "includeCapitalLetters": true,
      "capitalLettersCount": 5,
      "includeDigits": true,
      "digitsCount": 1,
      "includeSpecialChars": true,
      "specialCharsCount": 1
    },
    "credentialValParam": {
      "includeWhitespaceRule": true,
      "includeUsernameRule": true,
      "includeAllowedCharacterRule": false,
      "allowedChars": "",
      "includeAllowedRegexRule": false,
      "allowedRegex": ".*",
      "includeIllegalCharacterRule": false,
      "illegalChars": "",
      "includeIllegalRegexRule": false,
      "illegalRegex": "",
      "includeCharacterRule": true,
      "includeSmallLetters": true,
      "smallLettersMin": 1,
      "includeCapitalLetters": true,
      "capitalLettersMin": 1,
      "includeAlphabeticalLetters": true,
      "alphabeticalLettersMin": 2,
      "includeDigits": true,
      "digitsMin": 1,
      "includeSpecialChars": true,
      "specialCharsMin": 1
    },
    "credentialPolicyStatus": "ACTIVE"
  }
}

delete /credential/policy Delete a credential policy

Delete a credential policy.

This method has a POST /credential/policy/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 CREDENTIAL_POLICY_NOT_FOUND - credential policy with name specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "credentialPolicyName": "TEST_CREDENTIAL_POLICY"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "credentialPolicyName": "TEST_CREDENTIAL_POLICY",
    "credentialPolicyStatus": "REMOVED"
  }
}

Credential Definitions API

post /credential/definition Create a Credential Definition

Create a credential definition.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 CREDENTIAL_DEFINITION_ALREADY_EXISTS - credential definition with name specified in the request already exists
400 APPLICATION_NOT_FOUND - application with name specified in the request was not found
400 HASHING_CONFIG_NOT_FOUND - hashing configuration with name specified in the request was not found
400 CREDENTIAL_POLICY_NOT_FOUND - credential policy with name specified in the request was not found
400 ORGANIZATION_NOT_FOUND - organization with name specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "credentialDefinitionName": "TEST_CREDENTIAL_DEFINITION",
    "applicationName": "APP",
    "organizationId": "RETAIL",
    "credentialPolicyName": "CREDENTIAL_POLICY",
    "category": "PASSWORD",
    "encryptionEnabled": true,
    "encryptionAlgorithm": "AES_HMAC",
    "hashingEnabled": true,
    "hashConfigName": "ARGON_2021",
    "e2eEncryptionEnabled": true,
    "dataAdapterProxyEnabled": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "credentialDefinitionName": "TEST_CREDENTIAL_DEFINITION",
    "applicationName": "APP",
    "credentialPolicyName": "CREDENTIAL_POLICY",
    "description": null,
    "category": "PASSWORD",
    "encryptionEnabled": true,
    "encryptionAlgorithm": "AES_HMAC",
    "hashingEnabled": true,
    "hashConfigName": "ARGON_2021",
    "e2eEncryptionEnabled": true,
    "e2eEncryptionAlgorithm": null,
    "e2eEncryptionCipherTransformation": null,
    "e2eEncryptionForTemporaryCredentialEnabled": false,
    "credentialDefinitionStatus": "ACTIVE",
    "dataAdapterProxyEnabled": false
  }
}

get /credential/definition List Credential Definitions

List all credential definitions configured on the server.

This method has a POST /credential/definition/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "includeRemoved": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "credentialDefinitions": [
      {
        "credentialDefinitionName": "TEST_CREDENTIAL_DEFINITION",
        "applicationName": "APP",
        "organizationId": "RETAIL",
        "credentialPolicyName": "CREDENTIAL_POLICY",
        "description": null,
        "category": "PASSWORD",
        "encryptionEnabled": true,
        "encryptionAlgorithm": "AES_HMAC",
        "hashingEnabled": true,
        "hashConfigName": "ARGON_2021",
        "e2eEncryptionEnabled": true,
        "e2eEncryptionAlgorithm": null,
        "e2eEncryptionCipherTransformation": null,
        "e2eEncryptionForTemporaryCredentialEnabled": false,
        "credentialDefinitionStatus": "ACTIVE",
        "dataAdapterProxyEnabled": false,
        "timestampCreated": "2021-07-01T20:03:25+0000",
        "timestampLastUpdated": null
      }
    ]
  }
}

put /credential/definition Update a Credential Definition

Update a credential definition configured on the server.

This method has a POST /credential/definition/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found
400 APPLICATION_NOT_FOUND - application with name specified in the request was not found
400 HASHING_CONFIG_NOT_FOUND - hashing configuration with name specified in the request was not found
400 CREDENTIAL_POLICY_NOT_FOUND - credential policy with name specified in the request was not found
400 ORGANIZATION_NOT_FOUND - organization with name specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "credentialDefinitionName": "RETAIL_CREDENTIAL",
    "applicationName": "APP",
    "organizationId": "RETAIL",
    "credentialPolicyName": "CREDENTIAL_POLICY",
    "description": "Sample credential definition for retail",
    "category": "PASSWORD",
    "encryptionEnabled": true,
    "encryptionAlgorithm": "AES_HMAC",
    "hashingEnabled": true,
    "hashConfigName": "ARGON_2021",
    "e2eEncryptionEnabled": false,
    "e2eEncryptionAlgorithm": "AES",
    "e2eEncryptionCipherTransformation": "AES/CBC/PKCS7Padding",
    "credentialDefinitionStatus": "ACTIVE",
    "dataAdapterProxyEnabled": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "credentialDefinitionName": "RETAIL_CREDENTIAL",
    "applicationName": "APP",
    "organizationId": "RETAIL",
    "credentialPolicyName": "CREDENTIAL_POLICY",
    "description": "Sample credential definition for retail",
    "category": "PASSWORD",
    "encryptionEnabled": true,
    "encryptionAlgorithm": "AES_HMAC",
    "hashingEnabled": true,
    "hashConfigName": "ARGON_2021",
    "e2eEncryptionEnabled": false,
    "e2eEncryptionAlgorithm": "AES",
    "e2eEncryptionCipherTransformation": "AES/CBC/PKCS7Padding",
    "e2eEncryptionForTemporaryCredentialEnabled": false,
    "credentialDefinitionStatus": "ACTIVE",
    "dataAdapterProxyEnabled": false
  }
}

delete /credential/definition Delete a credential definition

Delete a credential definition.

This method has a POST /credential/definition/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "credentialDefinitionName": "TEST_CREDENTIAL_DEFINITION"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "credentialDefinitionName": "TEST_CREDENTIAL_DEFINITION",
    "credentialDefinitionStatus": "REMOVED"
  }
}

OTP Policies API

post /otp/policy Create an OTP Policy

Create an OTP policy.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 OTP_POLICY_ALREADY_EXISTS - OTP policy with name specified in the request already exists
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "otpPolicyName": "TEST_OTP_POLICY",
    "description": "Test OTP policy",
    "length": 8,
    "attemptLimit": 3,
    "expirationTime": null,
    "genAlgorithm": "OTP_DATA_DIGEST"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "otpPolicyName": "TEST_OTP_POLICY",
    "description": "Test OTP policy",
    "length": 8,
    "attemptLimit": 3,
    "expirationTime": null,
    "genAlgorithm": "OTP_DATA_DIGEST",
    "genParam": {
      "groupSize": null
    },
    "otpPolicyStatus": "ACTIVE"
  }
}

get /otp/policy List OTP Policies

List all OTP policies configured on the server.

THis method has a POST /otp/policy/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_CONFIGURATION - Next Step configuration is invalid
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "includeRemoved": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "otpPolicies": [
      {
        "otpPolicyName": "TEST_OTP_POLICY",
        "description": "Test OTP policy",
        "length": 8,
        "attemptLimit": 3,
        "expirationTime": null,
        "genAlgorithm": "OTP_DATA_DIGEST",
        "genParam": {
          "groupSize": null
        },
        "otpPolicyStatus": "ACTIVE",
        "timestampCreated": "2021-07-01T20:13:48+0000",
        "timestampLastUpdated": null
      }
    ]
  }
}

put /otp/policy Update an OTP Policy

Update an OTP policy configured on the server.

This method has a POST /otp/policy/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 OTP_POLICY_NOT_FOUND - OTP policy with name specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "otpPolicyName": "OTP_POLICY",
    "description": "Sample OTP policy",
    "length": 8,
    "attemptLimit": 3,
    "expirationTime": 300,
    "genAlgorithm": "OTP_DATA_DIGEST",
    "genParam": {
      "groupSize": null
    },
    "otpPolicyStatus": "ACTIVE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "otpPolicyName": "OTP_POLICY",
    "description": "Sample OTP policy",
    "length": 8,
    "attemptLimit": 3,
    "expirationTime": 300,
    "genAlgorithm": "OTP_DATA_DIGEST",
    "genParam": {
      "groupSize": null
    },
    "otpPolicyStatus": "ACTIVE"
  }
}

delete /otp/policy Delete an OTP policy

Delete an OTP policy.

This method has a POST /otp/policy/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OTP_POLICY_NOT_FOUND - OTP policy with name specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "otpPolicyName": "TEST_OTP_POLICY"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "otpPolicyName": "TEST_OTP_POLICY",
    "otpPolicyStatus": "REMOVED"
  }
}

OTP Definitions API

post /otp/definition Create an OTP Definition

Create an OTP definition.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OTP_DEFINITION_ALREADY_EXISTS - OTP definition with name specified in the request already exists
400 APPLICATION_NOT_FOUND - application with name specified in the request was not found
400 OTP_POLICY_NOT_FOUND - OTP policy with name specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "otpDefinitionName": "RETAIL_OTP",
    "applicationName": "RETAIL_APP",
    "otpPolicyName": "OTP_POLICY",
    "description": "Sample OTP definition for retail",
    "encryptionEnabled": false,
    "encryptionAlgorithm": null,
    "dataAdapterProxyEnabled": false,
    "otpDefinitionStatus": "ACTIVE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "otpDefinitionName": "RETAIL_OTP",
    "applicationName": "APP",
    "otpPolicyName": "OTP_POLICY",
    "description": null,
    "encryptionEnabled": false,
    "encryptionAlgorithm": null,
    "otpDefinitionStatus": "ACTIVE",
    "dataAdapterProxyEnabled": false
  }
}

get /otp/definition List OTP definitions

List all OTP definitions configured on the server.

This method has a POST /otp/definition/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "includeRemoved": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "otpDefinitions": [
      {
        "otpDefinitionName": "RETAIL_OTP",
        "applicationName": "APP",
        "otpPolicyName": "OTP_POLICY",
        "description": "Sample OTP definition for retail",
        "encryptionEnabled": false,
        "encryptionAlgorithm": null,
        "otpDefinitionStatus": "ACTIVE",
        "dataAdapterProxyEnabled": true,
        "timestampCreated": "2021-06-07T11:42:54+0000",
        "timestampLastUpdated": null
      }
    ]
  }
}

put /otp/definition Update an OTP Definition

Update an OTP definition configured on the server.

This method has a POST /otp/definition/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OTP_DEFINITION_NOT_FOUND - OTP definition with name specified in the request was not found
400 APPLICATION_NOT_FOUND - application with name specified in the request was not found
400 OTP_POLICY_NOT_FOUND - OTP policy with name specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "otpDefinitionName": "RETAIL_OTP",
    "applicationName": "APP",
    "otpPolicyName": "OTP_POLICY",
    "description": null,
    "encryptionEnabled": false,
    "encryptionAlgorithm": "AES_HMAC",
    "otpDefinitionStatus": "ACTIVE",
    "dataAdapterProxyEnabled": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "otpDefinitionName": "RETAIL_OTP",
    "applicationName": "APP",
    "otpPolicyName": "OTP_POLICY",
    "description": null,
    "encryptionEnabled": false,
    "encryptionAlgorithm": "AES_HMAC",
    "otpDefinitionStatus": "ACTIVE",
    "dataAdapterProxyEnabled": false
  }
}

delete /otp/definition Delete an OTP definition

Delete an OTP definition.

This method has a POST /otp/definition/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OTP_DEFINITION_NOT_FOUND - OTP definition with name specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "otpDefinitionName": "RETAIL_OTP"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "otpDefinitionName": "RETAIL_OTP",
    "otpDefinitionStatus": "REMOVED"
  }
}

Hashing Configurations API

post /hashconfig Create a Hashing Configuration

Create a hashing configuration.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 HASHING_CONFIG_ALREADY_EXISTS - hashing configuration with name specified in the request already exists
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "hashConfigName": "ARGON_2021",
    "algorithm": "ARGON_2ID",
    "parameters": {
      "version": "16",
      "iterations": "3",
      "memory": "15",
      "parallelism": "16",
      "outputLength": "32"
    }
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "hashConfigName": "ARGON_2021",
    "algorithm": "ARGON_2ID",
    "parameters": {
      "version": "16",
      "iterations": "3",
      "memory": "15",
      "parallelism": "16",
      "outputLength": "32"
    },
    "hashConfigStatus": "ACTIVE"
  }
}

get /hashconfig List Hashing Configurations

List all hashing configurations configured on the server.

This method has a POST /hashconfig/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_CONFIGURATION - Next Step server configuration is invalid
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "includeRemoved": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "hashConfigs": [
      {
        "hashConfigName": "ARGON_2021",
        "algorithm": "ARGON_2ID",
        "hashConfigStatus": "ACTIVE",
        "parameters": {
          "version": "16",
          "iterations": "3",
          "memory": "15",
          "parallelism": "16",
          "outputLength": "32"
        },
        "timestampCreated": "2021-07-01T20:03:20+0000"
      }
    ]
  }
}

put /hashconfig Update a Hashing Configuration

Update a hashing configuration configured on the server.

This method has a POST /hashconfig/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 HASHING_CONFIG_NOT_FOUND - hashing configuration with name specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "hashConfigName": "ARGON_2021",
    "algorithm": "ARGON_2ID",
    "parameters": {
      "version": "16",
      "iterations": "3",
      "memory": "15",
      "parallelism": "16",
      "outputLength": "32"
    },
    "hashConfigStatus": "ACTIVE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "hashConfigName": "ARGON_2021",
    "algorithm": "ARGON_2ID",
    "parameters": {
      "version": "16",
      "iterations": "3",
      "memory": "15",
      "parallelism": "16",
      "outputLength": "32"
    },
    "hashConfigStatus": "ACTIVE"
  }
}

delete /hashconfig Delete a Hashing Configuration

Delete a hashing configuration.

This method has a POST /hashconfig/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 HASHING_CONFIG_NOT_FOUND - hashing configuration with name specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "hashConfigName": "ARGON_2021"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "hashConfigName": "ARGON_2021",
    "hashConfigStatus": "REMOVED"
  }
}

User Identities API

post /user Create a User Identity

Create a user identity.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_ALREADY_EXISTS - user identity with identifier specified in the request already exist
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 CREDENTIAL_VALIDATION_FAILED - credential validation failed
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "extras": {
      "key1": "value1"
    },
    "roles": [],
    "contacts": [
      {
        "contactName": "TEST_CONTACT",
        "contactType": "PHONE",
        "contactValue": "+420123456",
        "primary": true
      }
    ],
    "credentials": [
      {
        "credentialName": "RETAIL_CREDENTIAL",
        "credentialType": "PERMANENT",
        "username": "testuser"
      }
    ]
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "userIdentityStatus": "ACTIVE",
    "extras": {
      "key1": "value1"
    },
    "roles": [],
    "contacts": [
      {
        "contactName": "TEST_CONTACT",
        "contactType": "PHONE",
        "contactValue": "+420123456",
        "primary": true,
        "timestampCreated": "2021-07-02T09:47:36+0000",
        "timestampLastUpdated": null
      }
    ],
    "credentials": [
      {
        "credentialName": "RETAIL_CREDENTIAL",
        "credentialType": "PERMANENT",
        "credentialStatus": "ACTIVE",
        "username": "testuser",
        "credentialValue": "buCH<JpTw1mA",
        "credentialChangeRequired": false,
        "timestampCreated": "2021-07-02T09:47:35+0000",
        "timestampLastUpdated": null,
        "timestampBlocked": null,
        "timestampExpires": null,
        "timestampLastCredentialChange": "2021-07-02T09:47:35+0000",
        "timestampLastUsernameChange": "2021-07-02T09:47:35+0000"
      }
    ]
  }
}

get /user/detail Get User Identity Detail

Get user identity detail.

This method has a POST /user/detail alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition was not found
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "userIdentityStatus": "ACTIVE",
    "extras": {
      "key1": "value1"
    },
    "roles": [],
    "contacts": [
      {
        "contactName": "TEST_CONTACT",
        "contactType": "PHONE",
        "contactValue": "+420123456",
        "primary": true,
        "timestampCreated": "2021-07-02T09:47:36+0000",
        "timestampLastUpdated": null
      }
    ],
    "credentials": [
      {
        "credentialName": "RETAIL_CREDENTIAL",
        "credentialType": "PERMANENT",
        "credentialStatus": "ACTIVE",
        "username": "testuser2",
        "credentialChangeRequired": false,
        "timestampCreated": "2021-07-02T09:47:36+0000",
        "timestampExpires": null,
        "timestampBlocked": null,
        "timestampLastUpdated": null,
        "timestampLastCredentialChange": "2021-07-02T09:47:36+0000",
        "timestampLastUsernameChange": "2021-07-02T09:47:36+0000"
      }
    ],
    "timestampCreated": "2021-07-02T09:47:36+0000",
    "timestampLastUpdated": null
  }
}

put /user Update a User Identity

Update a user identity.

This method has a POST /user/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition was not found
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 CREDENTIAL_VALIDATION_FAILED - credential validation failed
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "userIdentityStatus": "ACTIVE",
    "extras": {
      "key1": "value1"
    },
    "roles": [
      "TEST_ROLE"
    ],
    "contacts": [
      {
        "contactName": "TEST_CONTACT",
        "contactType": "PHONE",
        "contactValue": "+4201234567",
        "primary": true
      }
    ],
    "credentials": [
      {
        "credentialName": "RETAIL_CREDENTIAL",
        "credentialType": "PERMANENT",
        "username": "test1234",
        "credentialValue": "S3cret.1234"
      }
    ]
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "test2",
    "userIdentityStatus": "ACTIVE",
    "extras": {
      "key1": "value1"
    },
    "roles": [
      "TEST_ROLE"
    ],
    "contacts": [
      {
        "contactName": "TEST_CONTACT",
        "contactType": "PHONE",
        "contactValue": "+4201234567",
        "primary": true,
        "timestampCreated": "2021-07-02T09:47:36+0000",
        "timestampLastUpdated": "2021-07-02T10:17:03+0000"
      }
    ],
    "credentials": [
      {
        "credentialName": "RETAIL_CREDENTIAL",
        "credentialType": "PERMANENT",
        "credentialStatus": "ACTIVE",
        "username": "test1234",
        "credentialValue": null,
        "credentialChangeRequired": false,
        "timestampCreated": "2021-07-02T09:47:36+0000",
        "timestampLastUpdated": "2021-07-02T10:17:03+0000",
        "timestampBlocked": null,
        "timestampExpires": null,
        "timestampLastCredentialChange": "2021-07-02T10:17:03+0000",
        "timestampLastUsernameChange": "2021-07-02T10:17:03+0000"
      }
    ]
  }
}

put /user/multi Update Multiple User Identities

Update multiple user identities.

This method has a POST /user/update/multi alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userIds": [
      "user1234",
      "user5678"
    ],
    "userIdentityStatus": "ACTIVE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userIds": [
      "user1234",
      "user5678"
    ],
    "userIdentityStatus": "ACTIVE"
  }
}

post /user/lookup/single Lookup a User Identity

Lookup a user identity.

The operation ID parameter is required in case Data Adapter proxy is enabled.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "username": "77002401",
    "credentialName": "RETAIL_CREDENTIAL",
    "operationId": null
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "user": {
      "userId": "user9876",
      "userIdentityStatus": "ACTIVE",
      "extras": {
        "key1": "value1"
      },
      "roles": [
        "TEST_ROLE"
      ],
      "contacts": [
        {
          "contactName": "TEST_CONTACT",
          "contactType": "PHONE",
          "contactValue": "+4201234567",
          "primary": true,
          "timestampCreated": "2021-07-02T09:47:36+0000",
          "timestampLastUpdated": "2021-07-02T10:17:04+0000"
        }
      ],
      "credentials": [
        {
          "credentialName": "RETAIL_CREDENTIAL",
          "credentialType": "PERMANENT",
          "credentialStatus": "ACTIVE",
          "username": "77002401",
          "credentialChangeRequired": false,
          "timestampCreated": "2021-07-02T09:47:36+0000",
          "timestampExpires": null,
          "timestampBlocked": null,
          "timestampLastUpdated": "2021-07-02T10:17:03+0000",
          "timestampLastCredentialChange": "2021-07-02T10:17:03+0000",
          "timestampLastUsernameChange": "2021-07-02T10:17:03+0000"
        }
      ],
      "timestampCreated": "2021-07-02T09:47:36+0000",
      "timestampLastUpdated": "2021-07-02T10:17:03+0000"
    }
  }
}

post /user/lookup Lookup User Identities

Lookup user identities.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userIdentityStatus": null,
    "createdStartDate": null,
    "createdEndDate": null,
    "roles": null,
    "username": "14655327",
    "credentialName": "RETAIL_CREDENTIAL",
    "credentialStatus" : null
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "users": [
      {
        "userId": "user4321",
        "userIdentityStatus": "ACTIVE",
        "extras": {
          "key1": "value1"
        },
        "roles": [
          "TEST_ROLE"
        ],
        "contacts": [
          {
            "contactName": "TEST_CONTACT",
            "contactType": "PHONE",
            "contactValue": "+4201234567",
            "primary": true,
            "timestampCreated": "2021-07-02T09:47:36+0000",
            "timestampLastUpdated": "2021-07-02T10:17:04+0000"
          }
        ],
        "credentials": [
          {
            "credentialName": "RETAIL_CREDENTIAL",
            "credentialType": "PERMANENT",
            "credentialStatus": "ACTIVE",
            "username": "14655327",
            "credentialChangeRequired": false,
            "timestampCreated": "2021-07-02T09:47:36+0000",
            "timestampExpires": null,
            "timestampBlocked": null,
            "timestampLastUpdated": "2021-07-02T10:17:03+0000",
            "timestampLastCredentialChange": "2021-07-02T10:17:03+0000",
            "timestampLastUsernameChange": "2021-07-02T10:17:03+0000"
          }
        ],
        "timestampCreated": "2021-07-02T09:47:36+0000",
        "timestampLastUpdated": "2021-07-02T10:17:03+0000"
      }
    ]
  }
}

post /user/block Block a User Identity

Block a user identity.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 USER_IDENTITY_NOT_ACTIVE - user identity with identifier specified in the request is not in ACTIVE state
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "userIdentityStatus": "BLOCKED"
  }
}

post /user/unblock Unblock a User Identity

Unblock a user identity.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 USER_IDENTITY_NOT_BLOCKED - user identity with identifier specified in the request is not in BLOCKED state
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "userIdentityStatus": "ACTIVE"
  }
}

delete /user Delete a User Identity

Delete a user identity.

This method has a POST /otp/policy/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "userIdentityStatus": "REMOVED"
  }
}

post /user/contact Create a User Contact

Create a user contact.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 USER_CONTACT_ALREADY_EXISTS - user contact already exists
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "contactName": "TEST_CONTACT",
    "contactType": "PHONE",
    "contactValue": "+420602123456",
    "primary": true
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "contactName": "TEST_CONTACT",
    "contactType": "PHONE",
    "contactValue": "+420602123456",
    "primary": true
  }
}

get /user/contact List User Contacts

List all user contacts.

This method has a POST /user/contact/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "contacts": [
      {
        "contactName": "TEST_CONTACT",
        "contactType": "PHONE",
        "contactValue": "+4201234567",
        "primary": false,
        "timestampCreated": "2021-07-02T09:47:36+0000",
        "timestampLastUpdated": "2021-07-02T11:27:30+0000"
      }
    ]
  }
}

put /user/contact Update a User Contact

Update a user contact.

This method has a POST /user/contact/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 USER_CONTACT_NOT_FOUND - user contact was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "contactName": "TEST_CONTACT",
    "contactType": "PHONE",
    "contactValue": "+420605789651",
    "primary": true
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "contactName": "TEST_CONTACT",
    "contactType": "PHONE",
    "contactValue": "+420605789651",
    "primary": true
  }
}

delete /user/contact Delete a User Contact

Delete a user contact.

This method has a POST /user/contact/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 USER_CONTACT_NOT_FOUND - user contact was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "test1234",
    "contactName": "TEST_CONTACT",
    "contactType": "PHONE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "test1234",
    "contactName": "TEST_CONTACT",
    "contactType": "PHONE"
  }
}

post /user/alias Create a User Alias

Create a user alias.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 USER_ALIAS_ALREADY_EXISTS - user alias already exists
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "aliasName": "TEST_ALIAS",
    "aliasValue": "SOME_ALIAS_VALUE",
    "extras": {
      "key1": "value1"
    }
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "aliasName": "TEST_ALIAS",
    "aliasValue": "SOME_ALIAS_VALUE",
    "extras": {
      "key1": "value1"
    },
    "userAliasStatus": "ACTIVE"
  }
}

get /user/alias List User Aliases

List all user aliases.

This method has a POST /user/alias/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "includeRemoved": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "aliases": [
      {
        "aliasName": "TEST_ALIAS",
        "aliasValue": "SOME_ALIAS_VALUE",
        "userAliasStatus": "ACTIVE",
        "extras": {
          "key1": "value1"
        },
        "timestampCreated": "2021-07-02T11:37:54+0000",
        "timestampLastUpdated": null
      }
    ]
  }
}

put /user/alias Update a User Alias

Update a user alias.

This method has a POST /user/alias/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 USER_ALIAS_NOT_FOUND - user alias was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "aliasName": "TEST_ALIAS",
    "aliasValue": "SOME_ALIAS_VALUE",
    "extras": {
      "key1": "value"
    },
    "userAliasStatus": "ACTIVE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "aliasName": "TEST_ALIAS",
    "aliasValue": "SOME_ALIAS_VALUE",
    "extras": {
      "key1": "value"
    },
    "userAliasStatus": "ACTIVE"
  }
}

delete /user/alias Delete a User Alias

Delete a user alias.

This method has a POST /user/alias/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 USER_ALIAS_NOT_FOUND - user alias was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "aliasName": "TEST_ALIAS"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "aliasName": "TEST_ALIAS",
    "userAliasStatus": "REMOVED"
  }
}

post /user/role Assign a Role to User Identity

Assign a role to user identity.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 USER_ROLE_ALREADY_ASSIGNED - user role is already assigned
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "roleName": "TEST_ROLE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "roleName": "TEST_ROLE",
    "userRoleStatus": "ACTIVE"
  }
}

delete /user/role Remove a Role from User Identity

Remove a user role from user identity.

This method has a POST /user/role/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 USER_ROLE_NOT_ASSIGNED - user role is not assigned
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "roleName": "TEST_ROLE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "roleName": "TEST_ROLE",
    "userRoleStatus": "REMOVED"
  }
}

get /user/credential Get User Credential List

Get user credential list.

This method has a POST /user/credential/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "includeRemoved": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "credentials": [
      {
        "credentialName": "RETAIL_CREDENTIAL",
        "credentialType": "PERMANENT",
        "credentialStatus": "ACTIVE",
        "username": "test1234",
        "credentialChangeRequired": false,
        "timestampCreated": "2021-07-02T09:47:36+0000",
        "timestampExpires": null,
        "timestampBlocked": null,
        "timestampLastUpdated": "2021-07-02T11:27:30+0000",
        "timestampLastCredentialChange": "2021-07-02T11:27:30+0000",
        "timestampLastUsernameChange": "2021-07-02T11:27:30+0000"
      }
    ]
  }
}

get /user/authentication Get User Authentication List

Get user credential list.

This method has a POST /user/authentication/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "createdStartDate": "2021-06-24T10:24:09+0000",
    "createdEndDate": "2021-07-24T17:24:09+0000"    
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "authentications": [
      {
        "authenticationType": "CREDENTIAL",
        "credentialName": "RETAIL_CREDENTIAL",
        "otpName": null,
        "authenticationResult": "FAILED",
        "credentialAuthenticationResult": "FAILED",
        "otpAuthenticationResult": null,
        "timestampCreated": "2021-07-02T11:56:03+0000"
      }
    ]
  }
}

Credentials API

post /credential Create a Credential

Create a credential.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 CREDENTIAL_VALIDATION_FAILED - credential validation failed
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "credentialName": "RETAIL_CREDENTIAL",
    "credentialType": "PERMANENT",
    "username": "username1234",
    "credentialValue": null,
    "validationMode": "VALIDATE_USERNAME_AND_CREDENTIAL",
    "credentialHistory": []
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "credentialName": "RETAIL_CREDENTIAL",
    "credentialType": "PERMANENT",
    "credentialStatus": "ACTIVE",
    "username": "username1234",
    "credentialValue": "JeM1vr%GyJFh",
    "credentialChangeRequired": false
  }
}

put /credential Update a Credential

Update a credential.

This method has a POST /credential/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found
400 CREDENTIAL_NOT_FOUND - credential was not found
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 CREDENTIAL_VALIDATION_FAILED - credential validation failed
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "credentialName": "RETAIL_CREDENTIAL",
    "credentialType": "PERMANENT",
    "username": "username1234",
    "credentialStatus": "ACTIVE"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "credentialName": "RETAIL_CREDENTIAL",
    "credentialType": "PERMANENT",
    "credentialStatus": "ACTIVE",
    "username": "username1234",
    "credentialChangeRequired": false
  }
}

post /credential/validate Validate a Credential

Validate a credential.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "credentialName": "RETAIL_CREDENTIAL",
    "username": "user",
    "credentialValue": "rrnVHhN2YGw",
    "validationMode": "VALIDATE_USERNAME_AND_CREDENTIAL",
    "userId": "user1234"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "validationResult": "FAILED",
    "validationErrors": [
      "USERNAME_TOO_SHORT",
      "CREDENTIAL_INSUFFICIENT_SPECIAL"
    ]
  }
}

post /credential/reset Reset a Credential

Reset a credential.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found
400 CREDENTIAL_NOT_FOUND - credential was not found
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "credentialName": "RETAIL_CREDENTIAL",
    "credentialType": "PERMANENT"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "credentialName": "RETAIL_CREDENTIAL",
    "username": "username1234",
    "credentialValue": "N4DuitRp:HUx",
    "credentialStatus": "ACTIVE"
  }
}

post /credential/block Block a Credential

Block a credential.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found
400 CREDENTIAL_NOT_FOUND - credential was not found
400 CREDENTIAL_NOT_ACTIVE - credential is not in ACTIVE state
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "credentialName": "RETAIL_CREDENTIAL"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "credentialName": "RETAIL_CREDENTIAL",
    "credentialStatus": "BLOCKED_PERMANENT"
  }
}

post /credential/unblock Unblock a Credential

Block a credential.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found
400 CREDENTIAL_NOT_FOUND - credential was not found
400 CREDENTIAL_NOT_BLOCKED - credential is not in BLOCKED_PERMANENT or BLOCKED_TEMPORARY state
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "credentialName": "RETAIL_CREDENTIAL"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "credentialName": "RETAIL_CREDENTIAL",
    "credentialStatus": "ACTIVE"
  }
}

delete /credential Delete a Credential

Delete a credential.

This method has a POST /credential/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found
400 CREDENTIAL_NOT_FOUND - credential was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "credentialName": "RETAIL_CREDENTIAL"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "credentialName": "RETAIL_CREDENTIAL",
    "credentialStatus": "REMOVED"
  }
}

Credential Counters API

put /credential/counter Update a Credential Counter

Update a credential counter.

This method has a POST /credential/counter/update alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found
400 CREDENTIAL_NOT_FOUND - credential was not found
400 CREDENTIAL_NOT_ACTIVE - credential is not in ACTIVE state
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "user1234",
    "credentialName": "RETAIL_CREDENTIAL",
    "authenticationResult": "FAILED"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "user1234",
    "credentialName": "RETAIL_CREDENTIAL",
    "credentialStatus": "ACTIVE"
  }
}

post /credential/counter/reset-all Reset All Soft Failed Attempt Counters

Reset all soft failed counters.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "resetMode": "RESET_ACTIVE_AND_BLOCKED_TEMPORARY"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "resetCounterCount": 1
  }
}

OTP API

post /otp Create an OTP

Create an OTP.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 OTP_DEFINITION_NOT_FOUND - OTP definition with name specified in the request was not found
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found
400 OPERATION_NOT_FOUND - operation was not found
400 OTP_GEN_ALGORITHM_NOT_SUPPORTED - OTP generation algorithm is not supported
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 OPERATION_ALREADY_FINISHED - operation is already in DONE state
400 OPERATION_ALREADY_FAILED - operation is already in FAILED state
400 USER_IDENTITY_NOT_ACTIVE - user identity is not active
400 CREDENTIAL_NOT_FOUND - credential was not found
400 CREDENTIAL_NOT_ACTIVE - credential is not in ACTIVE state
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "test1234",
    "otpName": "RETAIL_OTP",
    "credentialName": "RETAIL_CREDENTIAL",
    "otpData": "TEST_DATA",
    "operationId": null
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "otpName": "RETAIL_OTP",
    "userId": "test1234",
    "otpId": "b498adb3-84aa-4235-8ffb-d8e9daa54145",
    "otpValue": "85092023",
    "otpStatus": "ACTIVE"
  }
}

post /otp/send Create And Send an OTP

Create and send an OTP via Data Adapter.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 OTP_DEFINITION_NOT_FOUND - OTP definition with name specified in the request was not found
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found
400 OPERATION_NOT_FOUND - operation was not found
400 OTP_GEN_ALGORITHM_NOT_SUPPORTED - OTP generation algorithm is not supported
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 OPERATION_ALREADY_FINISHED - operation is already in DONE state
400 OPERATION_ALREADY_FAILED - operation is already in FAILED state
400 USER_IDENTITY_NOT_ACTIVE - user identity is not active
400 CREDENTIAL_NOT_FOUND - credential was not found
400 CREDENTIAL_NOT_ACTIVE - credential is not in ACTIVE state
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "userId": "test1234",
    "otpName": "RETAIL_OTP",
    "credentialName": "RETAIL_CREDENTIAL",
    "otpData": "TEST_DATA",
    "operationId": null,
    "language": "en"
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "otpName": "RETAIL_OTP",
    "userId": "test1234",
    "otpId": "b498adb3-84aa-4235-8ffb-d8e9daa54145",
    "otpStatus": "ACTIVE",
    "delivered": true,
    "errorMessage": null
  }
}

get /otp Get OTP list

Get OTP list for an operation.

This method has a POST /otp/list alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 OPERATION_NOT_FOUND - operation was not found
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "operationId": "login_1234567",
    "includeRemoved": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "operationId": "login_1234567",
    "otpDetails": [
      {
        "otpName": "RETAIL_OTP",
        "userId": "user1234",
        "otpId": "6bc3c99a-63fb-446a-a187-4c6a0bf0a63a",
        "operationId": "login_1234567",
        "otpData": "TEST_DATA",
        "otpValue": "82310309",
        "credentialName": "RETAIL_CREDENTIAL",
        "attemptCounter": 0,
        "failedAttemptCounter": 0,
        "remainingAttempts": 3,
        "otpStatus": "ACTIVE",
        "timestampCreated": "2021-07-02T13:02:55+0000",
        "timestampVerified": null,
        "timestampBlocked": null,
        "timestampExpires": "2021-07-02T13:07:55+0000"
      }
    ]
  }
}

get /otp/detail Get OTP detail

Get OTP detail.

This method has a POST /otp/detail alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 OTP_NOT_FOUND - OTP with identifier specified in the request was not found
400 OPERATION_NOT_FOUND - operation was not found
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "otpId": "6bc3c99a-63fb-446a-a187-4c6a0bf0a63a",
    "operationId": null
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "operationId": null,
    "otpDetail": {
      "otpName": "RETAIL_OTP",
      "userId": "user1234",
      "otpId": "6bc3c99a-63fb-446a-a187-4c6a0bf0a63a",
      "operationId": "login_1234567",
      "otpData": "TEST_DATA",
      "otpValue": "82310309",
      "credentialName": "RETAIL_CREDENTIAL",
      "attemptCounter": 0,
      "failedAttemptCounter": 0,
      "remainingAttempts": 3,
      "otpStatus": "ACTIVE",
      "timestampCreated": "2021-07-02T13:02:55+0000",
      "timestampVerified": null,
      "timestampBlocked": null,
      "timestampExpires": "2021-07-02T13:07:55+0000"
    }
  }
}

delete /otp Delete an OTP.

Delete an OTP.

This method has a POST /otp/delete alternative.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 OTP_NOT_FOUND - OTP with identifier specified in the request was not found
400 OPERATION_NOT_FOUND - operation was not found
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "otpId": "6bc3c99a-63fb-446a-a187-4c6a0bf0a63a",
    "operationId": null
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "otpId": "6bc3c99a-63fb-446a-a187-4c6a0bf0a63a",
    "operationId": "login_1234567",
    "otpStatus": "REMOVED"
  }
}

Authentication API

post /auth/otp Authenticate Using an OTP

Authenticate using a one time password.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 AUTH_METHOD_NOT_FOUND - authentication method was not found
400 OPERATION_ALREADY_FINISHED - operation is already in DONE state
400 OPERATION_ALREADY_FAILED - operation is already in FAILED state
400 OPERATION_ALREADY_CANCELED - operation is already in FAILED/CANCELED state
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 CREDENTIAL_NOT_FOUND - credential was not found
400 OPERATION_NOT_FOUND - operation was not found
400 OTP_NOT_FOUND - OTP with identifier specified in the request was not found
400 OPERATION_NOT_VALID - operation is not valid
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "otpId": "b498adb3-84aa-4235-8ffb-d8e9daa54145",
    "operationId": null,
    "otpValue": "37325969",
    "authMethod": null,
    "updateOperation": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "test1234",
    "userIdentityStatus": "ACTIVE",
    "credentialStatus": "ACTIVE",
    "timestampBlocked": null,
    "otpStatus": "ACTIVE",
    "authenticationResult": "FAILED",
    "remainingAttempts": 2,
    "showRemainingAttempts": false,
    "errorMessage": null,
    "operationFailed": false
  }
}

post /auth/credential Authenticate Using a Credential

Authenticate using a credential.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity was not found
400 AUTH_METHOD_NOT_FOUND - authentication method was not found
400 OPERATION_ALREADY_FINISHED - operation is already in DONE state
400 OPERATION_ALREADY_FAILED - operation is already in FAILED state
400 OPERATION_ALREADY_CANCELED - operation is already in FAILED/CANCELED state
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 OPERATION_NOT_FOUND - operation was not found
400 CREDENTIAL_NOT_FOUND - credential was not found
400 CREDENTIAL_DEFINITION_NOT_FOUND - credential definition was not found
400 OPERATION_NOT_VALID - operation is not valid
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "credentialName": "RETAIL_CREDENTIAL",
    "userId": "test1234",
    "credentialValue": "OTuGEsf<n8Ue",
    "authenticationMode": "MATCH_EXACT",
    "credentialPositionsToVerify": [],
    "operationId": null,
    "authMethod": null,
    "updateOperation": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "test1234",
    "userIdentityStatus": "ACTIVE",
    "timestampBlocked": null,
    "credentialStatus": "ACTIVE",
    "credentialChangeRequired": false,
    "authenticationResult": "FAILED",
    "remainingAttempts": 2,
    "showRemainingAttempts": false,
    "errorMessage": null,
    "operationFailed": false
  }
}

post /auth/combined Authenticate Using a Credential and OTP

Authenticate using a credential and one time password.

The list of expected status codes:

Code Description
200 OK response - request succeeded
400 REQUEST_VALIDATION_FAILED - request validation failed
400 INVALID_REQUEST - invalid request received
400 USER_IDENTITY_NOT_FOUND - user identity was not found
400 AUTH_METHOD_NOT_FOUND - authentication method was not found
400 OPERATION_ALREADY_FINISHED - operation is already in DONE state
400 OPERATION_ALREADY_FAILED - operation is already in FAILED state
400 OPERATION_ALREADY_CANCELED - operation is already in FAILED/CANCELED state
400 INVALID_CONFIGURATION - Next Step configuration is invalid
400 CREDENTIAL_NOT_FOUND - credential was not found
400 OPERATION_NOT_FOUND - operation was not found
400 OTP_NOT_FOUND - OTP with identifier specified in the request was not found
400 OPERATION_NOT_VALID - operation is not valid
400 ENCRYPTION_FAILED - encryption failed
500 Server error - unexpected error occurred

Request

  • Headers:
    • Content-Type: application/json
{
  "requestObject": {
    "credentialName": "RETAIL_CREDENTIAL",
    "userId": "test1234",
    "credentialValue": ")wOI6ijUkwYI",
    "authenticationMode": "MATCH_EXACT",
    "credentialPositionsToVerify": [],
    "otpId": "b498adb3-84aa-4235-8ffb-d8e9daa54145",
    "operationId": null,
    "otpValue": "29092692",
    "authMethod": null,
    "updateOperation": false
  }
}

Response

  • Headers:
    • Content-Type: application/json
{
  "status": "OK",
  "responseObject": {
    "userId": "test1234",
    "userIdentityStatus": "ACTIVE",
    "timestampBlocked": null,
    "credentialStatus": "ACTIVE",
    "credentialChangeRequired": false,
    "otpStatus": "ACTIVE",
    "authenticationResult": "FAILED",
    "credentialAuthenticationResult": "FAILED",
    "otpAuthenticationResult": "FAILED",
    "remainingAttempts": 1,
    "showRemainingAttempts": false,
    "errorMessage": null,
    "operationFailed": false
  }
}
Last updated on Aug 18, 2021 (15:48) Edit on Github Send Feedback
Search

1.1.x

PowerAuth Web Flow