NextStep Server RESTful API Reference
PowerAuth Web Flow communicates with the Next Step Server via a REST API to resolve the next step in the authentication process. This chapter defines the REST API published by Next Step Server and consumed by the Web Flow Server during user authentication. The Next Step REST API can be also used standalone.
The Next Step REST API has following main use cases:
- manage authentication methods and configure them (e.g. enable mobile token for a user, list enabled authentication methods, etc.)
- manage operations and configure them (e.g. create an operation, update an operation, configure operation parameters, etc.)
- configure Next Step organizations, applications, step definitions, and user roles
- configure credential policies, credential definitions, OTP policies, OTP policies, OTP definitions, and hashing configurations
- manage user identities (e.g. create user, update user, lookup users, manage user contacts, roles, and aliases, etc.)
- manage user credentials and OTP codes (e.g. create credentials and OTP codes, their listing and management)
- perform user authentication using credentials and/or OTP codes
Following topics are covered in this chapter:
- Status codes and error handling
- Service status
- Authentication methods API
- Operations API
- Operation form data
- Create an operation
- Update an operation
- Operation detail
- List pending operations
- Lookup operations by external transaction ID
- Update operation form data
- Update application context for an operation
- Update user for an operation
- Set chosen authentication method
- Update mobile token status for an operation
- Get mobile token configuration
- Store result of an AFS action
- List operation configurations
- Create an operation configuration
- Get operation configuration detail
- Delete an operation configuration
- Create an operation and authentication method configuration
- Get an operation and authentication method configuration detail
- Delete an operation and authentication method configuration detail
- Organizations API
- Step definitions API
- Applications API
- Roles API
- Credential policies API
- Credential definitions API
- OTP policies API
- OTP definitions API
- Hashing configurations API
- User identities API
- Create a user identity
- Get user identity detail
- Update a user identity
- Update multiple user identities
- Lookup a user identity
- Lookup user identities
- Block a user identity
- Unblock a user identity
- Delete a user identity
- Create a user contact
- List user contacts
- Update a user contact
- Delete a user contact
- Create a user alias
- List user aliases
- Update a user alias
- Delete a user alias
- Assign a role to user identity
- Remove a role from user identity
- Get user credential list
- Get user authentication list
- Credentials API
- Credential counters API
- OTP API
- Authentication API
You can access the generated REST API documentation in deployed Next Step application:
http[s]://[host]:[port]/powerauth-nextstep/swagger-ui.html
Status codes and error handling
PowerAuth Web Flow Server uses a unified format for error response body, accompanied with an appropriate HTTP status code. Besides the HTTP error codes that application server may return regardless of server application (such as 404 when resource is not found or 503 when server is down).
The list of error status codes:
Code | Description |
---|---|
200 | OK response - REST API call succeeded |
500 | Server error - details in the message |
All error responses that are produced by the Next Step Server have following body:
{
"status": "ERROR",
"responseObject": {
"code": "ERROR_CODE",
"message": "ERROR_MESSAGE_I18N_KEY"
}
}
Service API
get /api/service/status Service Status
Get a system status response, with basic information about the running application.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - system status successfully retrieved |
404 | Not found - application is not running |
500 | Server errors - unexpected server error |
Response
{
"status" : "OK",
"responseObject": {
"applicationName" : "powerauth-nextstep",
"applicationDisplayName" : "PowerAuth Next Step Server",
"applicationEnvironment" : "",
"version" : "0.22.0",
"buildTime" : "2019-06-11T09:34:52Z",
"timestamp" : "2019-06-14T14:54:14Z"
}
}
applicationName
- Application name.applicationDisplayName
- Application display name.applicationEnvironment
- Application environment.version
- Version of Next Step.buildTime
- Timestamp when powerauth-nextstep.war file was created.timestamp
- Response timestamp.
Authentication Methods API
post /auth-method Create an Authentication Method
Create an authentication method in Next Step server.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | AUTH_METHOD_ALREADY_EXISTS - authentication method already exists |
500 | Server errors - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"authMethod": "INIT",
"orderNumber": 1,
"checkUserPrefs": false,
"userPrefsColumn": 0,
"userPrefsDefault": false,
"checkAuthFails": false,
"maxAuthFails": 0,
"hasUserInterface": false,
"hasMobileToken": false,
"displayNameKey": null
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"authMethod": "INIT",
"orderNumber": 1,
"checkUserPrefs": false,
"userPrefsColumn": 0,
"userPrefsDefault": false,
"checkAuthFails": false,
"maxAuthFails": 0,
"hasUserInterface": false,
"hasMobileToken": false,
"displayNameKey": null
}
}
get /auth-method List Authentication Methods
List all authentication methods supported by the server.
This method has a POST /auth-method/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"authMethods": [
{
"authMethod": "INIT",
"hasUserInterface": false,
"displayNameKey": null,
"hasMobileToken": false
},
{
"authMethod": "USER_ID_ASSIGN",
"hasUserInterface": false,
"displayNameKey": null,
"hasMobileToken": false
},
{
"authMethod": "USERNAME_PASSWORD_AUTH",
"hasUserInterface": true,
"displayNameKey": "method.usernamePassword",
"hasMobileToken": false
},
{
"authMethod": "SHOW_OPERATION_DETAIL",
"hasUserInterface": true,
"displayNameKey": "method.showOperationDetail",
"hasMobileToken": false
},
{
"authMethod": "POWERAUTH_TOKEN",
"hasUserInterface": true,
"displayNameKey": "method.powerauthToken",
"hasMobileToken": true
},
{
"authMethod": "SMS_KEY",
"hasUserInterface": true,
"displayNameKey": "method.smsKey",
"hasMobileToken": false
},
{
"authMethod": "CONSENT",
"hasUserInterface": true,
"displayNameKey": "method.consent",
"hasMobileToken": false
},
{
"authMethod": "LOGIN_SCA",
"hasUserInterface": true,
"displayNameKey": "method.loginSca",
"hasMobileToken": true
},
{
"authMethod": "APPROVAL_SCA",
"hasUserInterface": true,
"displayNameKey": "method.approvalSca",
"hasMobileToken": true
}
]
}
}
get /user/auth-method/enabled List Authentication Methods Enabled for Given User
List enabled authentication methods for given user.
This method has a POST /user/auth-method/enabled/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "12345678",
"operationName": "auth_token_otp"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "12345678",
"userIdentityStatus": "ACTIVE",
"operationName": "auth_token_otp",
"enabledAuthMethods": [ "POWERAUTH_TOKEN", "SMS_KEY" ]
}
}
get /user/auth-method List Authentication Methods for Given User
List all authentication methods for given user.
This method has a POST /user/auth-method/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "12345678"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userAuthMethods": [
{
"userId": "12345678",
"authMethod": "INIT",
"hasUserInterface": false,
"displayNameKey": null,
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "USER_ID_ASSIGN",
"hasUserInterface": false,
"displayNameKey": null,
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "USERNAME_PASSWORD_AUTH",
"hasUserInterface": true,
"displayNameKey": "method.usernamePassword",
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "SHOW_OPERATION_DETAIL",
"hasUserInterface": true,
"displayNameKey": "method.showOperationDetail",
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "POWERAUTH_TOKEN",
"hasUserInterface": true,
"displayNameKey": "method.powerauthToken",
"hasMobileToken": true,
"config": {
"activationId": "1629d4c7-6b17-41e3-bce1-e184e94921d2"
}
},
{
"userId": "12345678",
"authMethod": "SMS_KEY",
"hasUserInterface": true,
"displayNameKey": "method.smsKey",
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "CONSENT",
"hasUserInterface": true,
"displayNameKey": "method.consent",
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "LOGIN_SCA",
"hasUserInterface": true,
"displayNameKey": "method.loginSca",
"hasMobileToken": true,
"config": null
},
{
"userId": "12345678",
"authMethod": "APPROVAL_SCA",
"hasUserInterface": true,
"displayNameKey": "method.approvalSca",
"hasMobileToken": true,
"config": null
}
]
}
}
post /user/auth-method Enable an Authentication Method for Given User
Enable an authentication method for given user and lists all authentication methods enabled for given user after the authentication method has been enabled.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
500 | Server error - unexpected error occurred |
Request
The request contains three parameters:
- userId - identification of the user
- authMethod - name of the authentication method
- config - configuration of the authentication method
Currently the only supported configuration is in the POWERAUTH_TOKEN method and it contains activationId, as seen on the sample request below.
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "12345678",
"authMethod": "POWERAUTH_TOKEN",
"config": {
"activationId": "26c94bf8-f594-4bd8-9c51-93449926b644"
}
}
}
For other authentication methods use the following configuration:
{
"requestObject": {
"userId": "12345678",
"authMethod": "SMS_KEY",
"config": null
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userAuthMethods": [
{
"userId": "12345678",
"authMethod": "INIT",
"hasUserInterface": false,
"displayNameKey": null,
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "USER_ID_ASSIGN",
"hasUserInterface": false,
"displayNameKey": null,
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "USERNAME_PASSWORD_AUTH",
"hasUserInterface": true,
"displayNameKey": "method.usernamePassword",
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "SHOW_OPERATION_DETAIL",
"hasUserInterface": true,
"displayNameKey": "method.showOperationDetail",
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "POWERAUTH_TOKEN",
"hasUserInterface": true,
"displayNameKey": "method.powerauthToken",
"hasMobileToken": true,
"config": {
"activationId": "26c94bf8-f594-4bd8-9c51-93449926b644"
}
},
{
"userId": "12345678",
"authMethod": "SMS_KEY",
"hasUserInterface": true,
"displayNameKey": "method.smsKey",
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "CONSENT",
"hasUserInterface": true,
"displayNameKey": "method.consent",
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "LOGIN_SCA",
"hasUserInterface": true,
"displayNameKey": "method.loginSca",
"hasMobileToken": true,
"config": null
},
{
"userId": "12345678",
"authMethod": "APPROVAL_SCA",
"hasUserInterface": true,
"displayNameKey": "method.approvalSca",
"hasMobileToken": true,
"config": null
}
]
}
}
post /user/auth-method/delete Disable an Authentication Method for Given User
Disable an authentication method for given user and lists all authentication methods enabled for given user after the authentication method has been disabled.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "12345678",
"authMethod": "POWERAUTH_TOKEN"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userAuthMethods": [
{
"userId": "12345678",
"authMethod": "INIT",
"hasUserInterface": false,
"displayNameKey": null,
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "USER_ID_ASSIGN",
"hasUserInterface": false,
"displayNameKey": null,
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "USERNAME_PASSWORD_AUTH",
"hasUserInterface": true,
"displayNameKey": "method.usernamePassword",
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "SHOW_OPERATION_DETAIL",
"hasUserInterface": true,
"displayNameKey": "method.showOperationDetail",
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "SMS_KEY",
"hasUserInterface": true,
"displayNameKey": "method.smsKey",
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "CONSENT",
"hasUserInterface": true,
"displayNameKey": "method.consent",
"hasMobileToken": false,
"config": null
},
{
"userId": "12345678",
"authMethod": "LOGIN_SCA",
"hasUserInterface": true,
"displayNameKey": "method.loginSca",
"hasMobileToken": true,
"config": null
},
{
"userId": "12345678",
"authMethod": "APPROVAL_SCA",
"hasUserInterface": true,
"displayNameKey": "method.approvalSca",
"hasMobileToken": true,
"config": null
}
]
}
}
post /auth-method/delete Delete an Authentication Method
Delete an authentication method. Use only when the authentication method which is to be deleted has no usages.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | AUTH_METHOD_NOT_FOUND - authentication method was not found |
400 | DELETE_NOT_ALLOWED - authentication method removal is not allowed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"authMethod": "OTP_CODE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"authMethod": "OTP_CODE"
}
}
Operations API
Operation detail contains following data:
- operationId - unique ID of the operation, it is either set while creating an operation or it is generated (field is required, value is optional, for generated operation use null as value)
- operationName - name of the operations based on the purpose of the operation - different steps are defined for each operation name (required)
- userId - ID of user in case the user has been already authorized (optional)
- organizationId - ID of organization in case the user has been already authorized (optional)
- result - result of the last authentication step: CONTINUE, FAILED or DONE (required)
- timestampCreated - timestamp when operation was created (required)
- timestampExpires - timestamp when operation expires (required)
- operationData - arbitrary string which contains data related to this operation, this data is not used during authorization and authentication (required). Since Web Flow version 0.20.0 the structure of operation data is specified for easier interpretation of data in Mobile token.
- steps - next steps for the operation (required)
- history - operation history with completed authentication steps (required)
- afsActions - AFS actions executed for the operation (optional)
- formData - data displayed by the UI as well as data gathered from the user responses (required, discussed in details below)
- chosenAuthMethod - authentication method chosen in current authentication step (optional)
- remainingAttempts - remaining attempts for current authentication step (optional)
- applicationContext - application context with information about application which triggered the operation, used when generating the consent form (optional)
- expired - whether operation was expired at the time of generating response (optional)
Example of complete operation detail:
{
"status": "OK",
"responseObject": {
"operationId": "b7ecf869-2ebb-44bf-ae0e-0963e9d6d46f",
"operationName": "authorize_payment_sca",
"userId": "12345678",
"organizationId": "RETAIL",
"accountStatus": "ACTIVE",
"result": "CONTINUE",
"timestampCreated": "2019-11-01T15:35:37+0000",
"timestampExpires": "2019-11-01T15:41:16+0000",
"operationData": "A1*A100CZK*Q238400856/0300**D20190629*NUtility Bill Payment - 05/2019",
"steps": [
{
"authMethod": "CONSENT",
"params": []
}
],
"history": [
{
"authMethod": "INIT",
"authResult": "CONTINUE",
"requestAuthStepResult": "CONFIRMED"
},
{
"authMethod": "LOGIN_SCA",
"authResult": "CONTINUE",
"requestAuthStepResult": "CONFIRMED"
},
{
"authMethod": "APPROVAL_SCA",
"authResult": "CONTINUE",
"requestAuthStepResult": "CONFIRMED"
}
],
"afsActions": [
{
"action": "LOGIN_INIT",
"stepIndex": 1,
"afsLabel": "2FA",
"afsResponseApplied": false,
"requestExtras": {},
"responseExtras": {}
},
{
"action": "LOGIN_AUTH",
"stepIndex": 1,
"afsLabel": "2FA",
"afsResponseApplied": false,
"requestExtras": {},
"responseExtras": {}
},
{
"action": "APPROVAL_INIT",
"stepIndex": 1,
"afsLabel": "1FA",
"afsResponseApplied": true,
"requestExtras": {},
"responseExtras": {}
},
{
"action": "APPROVAL_AUTH",
"stepIndex": 1,
"afsLabel": "2FA",
"afsResponseApplied": false,
"requestExtras": {},
"responseExtras": {}
}
],
"formData": {
"title": {
"id": "operation.title",
"message": null
},
"greeting": {
"id": "operation.greeting",
"message": null
},
"summary": {
"id": "operation.summary",
"message": null
},
"config": [],
"banners": [],
"parameters": [
{
"type": "AMOUNT",
"id": "operation.amount",
"label": null,
"valueFormatType": "AMOUNT",
"formattedValues": {},
"amount": 100,
"currency": "CZK",
"currencyId": "operation.currency"
},
{
"type": "KEY_VALUE",
"id": "operation.account",
"label": null,
"valueFormatType": "ACCOUNT",
"formattedValues": {},
"value": "238400856/0300"
},
{
"type": "KEY_VALUE",
"id": "operation.dueDate",
"label": null,
"valueFormatType": "DATE",
"formattedValues": {},
"value": "2019-06-29"
},
{
"type": "NOTE",
"id": "operation.note",
"label": null,
"valueFormatType": "TEXT",
"formattedValues": {},
"note": "Utility Bill Payment - 05/2019"
}
],
"dynamicDataLoaded": false,
"userInput": {
"smsFallback.enabled": "true",
"operation.bankAccountChoice": "CZ4012340000000012345678",
"operation.bankAccountChoice.disabled": "true"
}
},
"chosenAuthMethod": "CONSENT",
"remainingAttempts": 5,
"applicationContext": {
"id": "democlient",
"name": "Demo application",
"description": "Web Flow demo application",
"originalScopes": [
"pisp"
],
"extras": {
"applicationOwner": "Wultra"
}
},
"expired": false
}
}
Operation formData
Operations contain formData which is a generic structure for storing input and output data for the operation.
The formData contains following sections:
- static data - this data is set when the operation is created (required)
- dynamic data - this data is added as the operation progresses (optional)
- user input - this data contains gathered inputs from the user as the authentication and authorization progresses (optional)
The static part of formData contains data related to the operation known when operation is initiated. For instance in case of a payment, the static data contains information about the payment such as title, amount, currency, target account and message to display to the user in the following structure:
{
"formData": {
"title": {
"id": "operation.title",
"message": "Confirm Payment"
},
"greeting": {
"id": "operation.greeting",
"message": "Hello,\nplease confirm following payment:"
},
"summary": {
"id": "operation.summary",
"message": "Hello, please confirm payment 100 CZK to account 238400856/0300."
},
"config": [],
"banners": [],
"parameters": [
{
"type": "AMOUNT",
"id": "operation.amount",
"label": "Amount",
"valueFormatType": "AMOUNT",
"formattedValues": {
"amount": "100.00",
"currency": "CZK"
},
"amount": 100,
"currency": "CZK",
"currencyId": "operation.currency"
},
{
"type": "KEY_VALUE",
"id": "operation.account",
"label": "To Account",
"valueFormatType": "ACCOUNT",
"formattedValues": {
"value": "238400856/0300"
}
},
{
"type": "KEY_VALUE",
"id": "operation.dueDate",
"label": "Due Date",
"valueFormatType": "DATE",
"formattedValues": {
"value": "Jun 29, 2019"
},
"value": "2019-06-29"
},
{
"type": "NOTE",
"id": "operation.note",
"label": "Note",
"valueFormatType": "TEXT",
"formattedValues": {
"value": "Utility Bill Payment - 05/2019"
},
"note": "Utility Bill Payment - 05/2019"
},
{
"type": "HEADING",
"id": "operation.heading",
"label": null,
"valueFormatType": "LOCALIZED_TEXT",
"formattedValues": {
"value": "Confirm Payment"
},
"value": "operation.title"
}
],
"dynamicDataLoaded": false,
"userInput": {
}
}
}
The usage of static formData:
- title - displayed as title on the page with operation details
- field is required
- id is the localization key
- value is the localized text displayed on the page
- greeting - displayed as a greeting message in the web application without operation details
- field is required
- id is the localization key
- value is the localized text displayed on the page
- summary - displayed as a summary message in the push message sent to mobile device
- field is required
- id is the localization key
- value is the localized text displayed in the push message
- config - configures individual form fields (e.g. default values, enabled/disabled state, etc.)
- field is required, however the config list can be empty
- banners - banners which can be displayed above form
- parameters - operation parameters which are displayed on the page with operation details
- field is required, however the parameter list can be empty
Following parameter types are available:
- AMOUNT - contains information about amount in this operation including currency
- field is optional
- id is used both for field identification as well as the localization key
- label is the displayed localized text
- valueFormatType specifies the format type
- formattedValue is the formatted value based on format type
- amount is displayed next to the label
- currency is displayed next to the amount
- currencyId is used internally for localization
- NOTE - contains text message related to the operation
- field is optional
- id is used both for field identification as well as the localization key
- label is the displayed localized text
- valueFormatType specifies the format type
- formattedValue is the formatted value based on format type
- note is the text message displayed next to the label
- KEY_VALUE
- field is optional
- id is used both for field identification as well as the localization key
- label is the displayed localized text
- valueFormatType specifies the format type
- formattedValue is the formatted value based on format type
- value is the text displayed next to the label
- HEADING
- field is optional
- id is used both for field identification as well as the localization key
- label is ignored
- value contains heading text
- valueFormatType specifies the format type
- formattedValue is the formatted heading text based on format type
The dynamic part of formData contains additional data which is loaded once the user is authenticated. For instance in case of a payment, the dynamic data can contain choice of bank accounts available for the user with their balances:
{
"formData": {
"parameters": [
{
"type": "BANK_ACCOUNT_CHOICE",
"id": "operation.bankAccountChoice",
"label": "From Your Account",
"bankAccounts": [
{
"number": "12345678/1234",
"accountId": "CZ4012340000000012345678",
"name": "Běžný účet v CZK",
"balance": 24394.52,
"currency": "CZK",
"usableForPayment": false,
"unusableForPaymentReason": null
},
{
"number": "87654321/4321",
"accountId": "CZ4043210000000087654321",
"name": "Spořící účet v CZK",
"balance": 158121.1,
"currency": "CZK",
"usableForPayment": false,
"unusableForPaymentReason": null
},
{
"number": "44444444/1111",
"accountId": "CZ4011110000000044444444",
"name": "Spořící účet v EUR",
"balance": 1.9,
"currency": "EUR",
"usableForPayment": false,
"unusableForPaymentReason": "Low account balance"
}
],
"enabled": true,
"defaultValue": "CZ4012340000000012345678"
}
]
}
}
Following parameter types are available:
- BANK_ACCOUNT_CHOICE
- field is optional
- id is used both for field identification as well as the localization key
- label is the displayed localized text
- bankAccounts list is required when BANK_ACCOUNT_CHOICE parameter is specified, however it can be empty
Bank account details:
- number - required, account number in human readable format
- name - required, account name
- balance - required, account balance
- currency - required, account currency
- usableForPayment - required, whether account can be used for payment, in case value is false, unusableForPaymentReason is displayed
- unusableForPaymentReason - optional when usableForPayment = false, otherwise it is required, field explains reason why account is unusable for payment
When dynamic form data is loaded, the formData structure contains following data:
{
"formData": {
"dynamicDataLoaded": true
}
}
Dynamic formData may not be loaded because it is required only for specific steps such as operation review. In this case the value is:
{
"formData": {
"dynamicDataLoaded": false
}
}
The form fields can be configured in the config section as follows:
{
"formData": {
"config" : [ {
"id" : "operation.bankAccountChoice",
"enabled" : false,
"defaultValue" : "CZ4043210000000087654321"
} ]
}
}
Each configuration item contains following fields:
- id - id is used for field identification, same as id used in parameters
- enabled - whether the field is enabled or disabled (default value = true)
- defaultValue - default value of the field (default value = null)
The formData uses userInput JSON structure while gathering input from the user as the operation progresses:
{
"formData": {
"userInput": {
"operation.bankAccountChoice": "CZ4012340000000012345678",
"operation.bankAccountChoice.disabled": "true"
}
}
}
The userInput part of formData is optional - empty value of userInput is:
{
"formData": {
"userInput": {
}
}
}
Chosen authentication method for current step is stored in formData in case it is available:
{
"formData": {
"chosenAuthMethod": "POWERAUTH_TOKEN"
}
}
Null value is used when authentication method has not been chosen for current step:
{
"formData": {
"chosenAuthMethod": null
}
}
post /operation Create an Operation
Create an operation in Next Step server.
Documentation for operation data is available in a separate document.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OPERATION_ALREADY_EXISTS - operation with specified identifier already exists |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | ORGANIZATION_NOT_FOUND - organization specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
Sample request for creating a login operation (AISP)
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationName": "login",
"operationData": "A2",
"externalTransactionId": "1234567890",
"formData": {
"title": {
"id": "login.title"
},
"greeting": {
"id": "login.greeting"
},
"summary": {
"id": "login.summary"
}
},
"applicationContext": {
"id": "democlient",
"name": "Demo application",
"description": "Web Flow demo application",
"originalScopes": ["pisp"],
"extras": {
"applicationOwner": "Wultra"
}
}
}
}
Sample request for creating a payment operation (PISP)
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationName": "authorize_payment",
"operationId": null,
"organizationId": null,
"externalTransactionId": "1234567890",
"operationData": "A1*A100CZK*Q238400856/0300**D20190629*NUtility Bill Payment - 05/2019",
"params": [],
"formData": {
"title": {
"id": "operation.title",
"value": null
},
"greeting": {
"id": "operation.greeting",
"value": null
},
"summary": {
"id": "operation.summary",
"value": null
},
"config": [],
"parameters": [
{
"type": "AMOUNT",
"id": "operation.amount",
"label": null,
"valueFormatType": "AMOUNT",
"formattedValues": {},
"amount": 100,
"currency": "CZK",
"currencyId": "operation.currency"
},
{
"type": "KEY_VALUE",
"id": "operation.account",
"label": null,
"valueFormatType": "ACCOUNT",
"formattedValues": {},
"value": "238400856/0300"
},
{
"type": "KEY_VALUE",
"id": "operation.dueDate",
"label": null,
"valueFormatType": "DATE",
"formattedValues": {},
"value": "2019-06-29"
},
{
"type": "NOTE",
"id": "operation.note",
"label": null,
"valueFormatType": "TEXT",
"formattedValues": {},
"note": "Utility Bill Payment - 05/2019"
}
]
},
"applicationContext": {
"id": "democlient",
"name": "Demo application",
"description": "Web Flow demo application",
"originalScopes": ["pisp"],
"extras": {
"applicationOwner": "Wultra"
}
}
}
}
Response
Sample response for creating a login operation (AISP)
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"operationId": "ec039314-7560-470a-b226-116c712e8fb3",
"operationName": "login",
"organizationId": null,
"externalTransactionId": "1234567890",
"result": "CONTINUE",
"resultDescription": null,
"timestampCreated": "2019-07-30T12:51:28+0000",
"timestampExpires": "2019-07-30T12:56:28+0000",
"operationData": null,
"steps": [
{
"authMethod": "USER_ID_ASSIGN",
"params": []
},
{
"authMethod": "USERNAME_PASSWORD_AUTH",
"params": []
}
],
"formData": {
"title": {
"id": "login.title",
"message": null
},
"greeting": {
"id": "login.greeting",
"message": null
},
"summary": {
"id": "login.summary",
"message": null
},
"config": [],
"banners": [],
"parameters": [],
"dynamicDataLoaded": false,
"userInput": {}
},
"expired": false
}
}
Sample response for creating a payment operation (PISP)
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"operationId": "f415a617-f7c0-4800-8436-f85eb075eb6f",
"operationName": "authorize_payment",
"organizationId": null,
"externalTransactionId": "1234567890",
"result": "CONTINUE",
"resultDescription": null,
"timestampCreated": "2019-07-30T12:52:35+0000",
"timestampExpires": "2019-07-30T12:57:35+0000",
"operationData": null,
"steps": [
{
"authMethod": "USER_ID_ASSIGN",
"params": []
},
{
"authMethod": "USERNAME_PASSWORD_AUTH",
"params": []
}
],
"formData": {
"title": {
"id": "operation.title",
"message": null
},
"greeting": {
"id": "operation.greeting",
"message": null
},
"summary": {
"id": "operation.summary",
"message": null
},
"config": [],
"banners": [],
"parameters": [
{
"type": "AMOUNT",
"id": "operation.amount",
"label": null,
"valueFormatType": "AMOUNT",
"formattedValues": {},
"amount": 100,
"currency": "CZK",
"currencyId": "operation.currency"
},
{
"type": "KEY_VALUE",
"id": "operation.account",
"label": null,
"valueFormatType": "ACCOUNT",
"formattedValues": {},
"value": "238400856/0300"
},
{
"type": "KEY_VALUE",
"id": "operation.dueDate",
"label": null,
"valueFormatType": "DATE",
"formattedValues": {},
"value": "2019-06-29"
},
{
"type": "NOTE",
"id": "operation.note",
"label": null,
"valueFormatType": "TEXT",
"formattedValues": {},
"note": "Utility Bill Payment - 05/2019"
}
],
"dynamicDataLoaded": false,
"userInput": {}
},
"expired": false
}
}
put /operation Update an Operation
Update an operation in Next Step server.
This method has a POST /operation/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | AUTH_METHOD_NOT_FOUND - authentication method specified in request was not found |
400 | OPERATION_ALREADY_FINISHED - operation is already in DONE state |
400 | OPERATION_ALREADY_FAILED - operation is already in FAILED state |
400 | OPERATION_ALREADY_CANCELED - operation is already in FAILED/CANCELED state |
400 | OPERATION_NOT_VALID - operation which is being updated is not valid |
400 | OPERATION_NOT_FOUND - operation with specified identifier was not found |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | ORGANIZATION_NOT_FOUND - organization specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationId": "4e02b39b-1ecb-440a-a942-cc27bc07d203",
"userId": "12345678",
"organizationId": "RETAIL",
"authMethod": "USERNAME_PASSWORD_AUTH",
"authStepResult": "CONFIRMED",
"authStepResultDescription": null,
"params": []
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"operationId": "4e02b39b-1ecb-440a-a942-cc27bc07d203",
"operationName": "authorize_payment",
"userId": "12345678",
"organizationId": "RETAIL",
"externalTransactionId": "1234567890",
"result": "CONTINUE",
"resultDescription": null,
"timestampCreated": "2018-06-28T12:20:28+0000",
"timestampExpires": "2018-06-28T12:20:43+0000",
"operationData": "A1*A100CZK*Q238400856/0300**D20190629*NUtility Bill Payment - 05/2019",
"steps": [
{
"authMethod": "SMS_KEY",
"params": []
}
],
"formData": {
"title": {
"id": "operation.title",
"value": null
},
"greeting": {
"id": "operation.greeting",
"value": null
},
"summary": {
"id": "operation.summary",
"value": null
},
"config": [],
"parameters": [
{
"type": "AMOUNT",
"id": "operation.amount",
"label": null,
"valueFormatType": "AMOUNT",
"formattedValues": {},
"amount": 100,
"currency": "CZK",
"currencyId": "operation.currency"
},
{
"type": "KEY_VALUE",
"id": "operation.account",
"label": null,
"valueFormatType": "ACCOUNT",
"formattedValues": {},
"value": "238400856/0300"
},
{
"type": "KEY_VALUE",
"id": "operation.dueDate",
"label": null,
"valueFormatType": "DATE",
"formattedValues": {},
"value": "2019-06-29"
},
{
"type": "NOTE",
"id": "operation.note",
"label": null,
"valueFormatType": "TEXT",
"formattedValues": {},
"note": "Utility Bill Payment - 05/2019"
}
]
},
"expired": false
}
}
get /operation/detail Operation Detail
Retrieve detail of an operation in the Next Step server.
This method has a POST /operation/detail
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OPERATION_NOT_VALID - operation is not valid |
400 | OPERATION_NOT_FOUND - operation with specified identifier was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject" : {
"operationId" : "0861a423-ac06-4bcb-a426-2052872163d3"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"operationId": "0861a423-ac06-4bcb-a426-2052872163d3",
"operationName": "authorize_payment_sca",
"userId": "12345678",
"organizationId": "RETAIL",
"result": "CONTINUE",
"timestampCreated": "2019-07-30T12:36:19+0000",
"timestampExpires": "2019-07-30T12:41:40+0000",
"operationData": "A1*A100CZK*Q238400856/0300**D20190629*NUtility Bill Payment - 05/2019",
"steps": [
{
"authMethod": "LOGIN_SCA",
"params": []
}
],
"history": [
{
"authMethod": "INIT",
"authResult": "CONTINUE",
"requestAuthStepResult": "CONFIRMED"
}
],
"formData": {
"title": {
"id": "operation.title",
"message": null
},
"greeting": {
"id": "operation.greeting",
"message": null
},
"summary": {
"id": "operation.summary",
"message": null
},
"config": [],
"banners": [],
"parameters": [
{
"type": "AMOUNT",
"id": "operation.amount",
"label": null,
"valueFormatType": "AMOUNT",
"formattedValues": {},
"amount": 100,
"currency": "CZK",
"currencyId": "operation.currency"
},
{
"type": "KEY_VALUE",
"id": "operation.account",
"label": null,
"valueFormatType": "ACCOUNT",
"formattedValues": {},
"value": "238400856/0300"
},
{
"type": "KEY_VALUE",
"id": "operation.dueDate",
"label": null,
"valueFormatType": "DATE",
"formattedValues": {},
"value": "2019-06-29"
},
{
"type": "NOTE",
"id": "operation.note",
"label": null,
"valueFormatType": "TEXT",
"formattedValues": {},
"note": "Utility Bill Payment - 05/2019"
}
],
"dynamicDataLoaded": false,
"userInput": {
"smsFallback.enabled": "true"
}
},
"chosenAuthMethod": null,
"remainingAttempts": 3,
"applicationContext": {
"id": "democlient",
"name": "Demo application",
"description": "Web Flow demo application",
"originalScopes": ["pisp"],
"extras": {
"applicationOwner": "Wultra"
}
},
"expired": false
}
}
get /user/operation List Pending Operations
List pending operation for given user and authentication method.
This method has a POST /user/operation/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject" : {
"userId" : "12345678",
"mobileTokenOnly" : true
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": [
{
"operationId": "d7d9910e-b047-4352-b2b3-f1fa30d03f3a",
"operationName": "authorize_payment_sca",
"userId": "12345678",
"organizationId": "RETAIL",
"accountStatus": "ACTIVE",
"result": "CONTINUE",
"timestampCreated": "2019-07-30T12:57:28+0000",
"timestampExpires": "2019-07-30T13:02:28+0000",
"operationData": "A1*A100CZK*Q238400856/0300**D20190629*NUtility Bill Payment - 05/2019",
"steps": [],
"history": [
{
"authMethod": "INIT",
"authResult": "CONTINUE",
"requestAuthStepResult": "CONFIRMED"
}
],
"formData": {
"title": {
"id": "operation.title",
"message": null
},
"greeting": {
"id": "operation.greeting",
"message": null
},
"summary": {
"id": "operation.summary",
"message": null
},
"config": [],
"banners": [],
"parameters": [
{
"type": "AMOUNT",
"id": "operation.amount",
"label": null,
"valueFormatType": "AMOUNT",
"formattedValues": {},
"amount": 100,
"currency": "CZK",
"currencyId": "operation.currency"
},
{
"type": "KEY_VALUE",
"id": "operation.account",
"label": null,
"valueFormatType": "ACCOUNT",
"formattedValues": {},
"value": "238400856/0300"
},
{
"type": "KEY_VALUE",
"id": "operation.dueDate",
"label": null,
"valueFormatType": "DATE",
"formattedValues": {},
"value": "2019-06-29"
},
{
"type": "NOTE",
"id": "operation.note",
"label": null,
"valueFormatType": "TEXT",
"formattedValues": {},
"note": "Utility Bill Payment - 05/2019"
}
],
"dynamicDataLoaded": false,
"userInput": {}
},
"chosenAuthMethod": "LOGIN_SCA",
"remainingAttempts": null,
"applicationContext": {
"id": "democlient",
"name": "Demo application",
"description": "Web Flow demo application",
"originalScopes": ["pisp"],
"extras": {
"applicationOwner": "Wultra"
}
},
"expired": false
}
]
}
post /operation/lookup/external Lookup Operations by External Transaction ID
Find all operations with matching external transaction ID.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject" : {
"externalTransactionId" : "12345678"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"operations": [
{
"operationId": "e6d3a5e7-e291-42f7-bd46-49d9fbac4282",
"operationName": "authorize_payment",
"userId": null,
"organizationId": "RETAIL",
"accountStatus": "ACTIVE",
"externalTransactionId": "12345678",
"result": "CONTINUE",
"timestampCreated": "2020-01-28T15:58:11+0000",
"timestampExpires": "2020-01-28T16:03:11+0000",
"operationData": "A1*A100CZK*Q238400856/0300**D20170629*NUtility Bill Payment - 05/2017",
"steps": [],
"history": [
{
"authMethod": "INIT",
"authResult": "CONTINUE",
"requestAuthStepResult": "CONFIRMED"
}
],
"afsActions": [],
"formData": {
"title": {
"id": "operation.title",
"message": null
},
"greeting": {
"id": "operation.greeting",
"message": null
},
"summary": {
"id": "operation.summary",
"message": null
},
"config": [],
"banners": [],
"parameters": [
{
"type": "AMOUNT",
"id": "operation.amount",
"label": null,
"valueFormatType": "AMOUNT",
"formattedValues": {},
"amount": 100,
"currency": "CZK",
"currencyId": "operation.currency"
},
{
"type": "KEY_VALUE",
"id": "operation.account",
"label": null,
"valueFormatType": "ACCOUNT",
"formattedValues": {},
"value": "238400856/0300"
},
{
"type": "KEY_VALUE",
"id": "operation.dueDate",
"label": null,
"valueFormatType": "DATE",
"formattedValues": {},
"value": "2017-06-29"
},
{
"type": "NOTE",
"id": "operation.note",
"label": null,
"valueFormatType": "TEXT",
"formattedValues": {},
"note": "Utility Bill Payment - 05/2017"
}
],
"dynamicDataLoaded": false,
"userInput": {}
},
"chosenAuthMethod": null,
"remainingAttempts": null,
"applicationContext": {
"id": "democlient",
"name": "Demo application",
"description": "Web Flow demo application",
"originalScopes": ["pisp"],
"extras": {
"applicationOwner": "Wultra"
}
},
"expired": false
}
]
}
}
put /operation/formData Update Operation formData
Update operation formData for given operation. Only the userInput part of formData can be currently updated by the clients.
This method has a POST /operation/formData/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OPERATION_NOT_FOUND - operation with specified identifier was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"formData": {
"title": {
"id": "operation.title",
"message": "Confirm Payment"
},
"greeting": {
"id": "operation.greeting",
"message": "Hello,\nplease confirm following payment:"
},
"summary": {
"id": "operation.summary",
"message": "Hello, please confirm payment 100 CZK to account 238400856/0300."
},
"config": [],
"banners": [],
"parameters": [
{
"type": "AMOUNT",
"id": "operation.amount",
"label": "Amount",
"valueFormatType": "AMOUNT",
"formattedValue": "100.00 CZK",
"amount": 100,
"currency": "CZK",
"currencyId": "operation.currency"
},
{
"type": "KEY_VALUE",
"id": "operation.account",
"label": "To Account",
"valueFormatType": "ACCOUNT",
"formattedValue": "238400856/0300",
"value": "238400856/0300"
},
{
"type": "KEY_VALUE",
"id": "operation.dueDate",
"label": "Due Date",
"valueFormatType": "DATE",
"formattedValue": "Jun 29, 2019",
"value": "2019-06-29"
},
{
"type": "NOTE",
"id": "operation.note",
"label": "Note",
"valueFormatType": "TEXT",
"formattedValue": "Utility Bill Payment - 05/2019",
"note": "Utility Bill Payment - 05/2019"
},
{
"type": "BANK_ACCOUNT_CHOICE",
"id": "operation.bankAccountChoice",
"label": "From Your Account",
"bankAccounts": [
{
"number": "12345678/1234",
"accountId": "CZ4012340000000012345678",
"name": "Běžný účet v CZK",
"balance": 24394.52,
"currency": "CZK",
"usableForPayment": false,
"unusableForPaymentReason": null
},
{
"number": "87654321/4321",
"accountId": "CZ4043210000000087654321",
"name": "Spořící účet v CZK",
"balance": 158121.1,
"currency": "CZK",
"usableForPayment": false,
"unusableForPaymentReason": null
},
{
"number": "44444444/1111",
"accountId": "CZ4011110000000044444444",
"name": "Spořící účet v EUR",
"balance": 1.9,
"currency": "EUR",
"usableForPayment": false,
"unusableForPaymentReason": "Low account balance"
}
],
"enabled": true,
"defaultValue": "CZ4012340000000012345678"
}
],
"dynamicDataLoaded": true,
"userInput": {
"operation.bankAccountChoice": "CZ4012340000000012345678"
}
}
}
Response
- Headers:
Content-Type: application/json
{
"status" : "OK"
}
put /operation/application Update Application Context for an Operation
Update application context for an operation.
This method has a POST /operation/application/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OPERATION_NOT_FOUND - operation with specified identifier was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationId": "3e87f071-2f08-4341-9034-47cb5f8a3fb4",
"applicationContext": {
"id": "BANK_ABC_PROD",
"name": "Bank ABC",
"description": "Authorization for Bank ABC",
"originalScopes": ["SCOPE_1", "SCOPE_2", "SCOPE_3"],
"extras": {
"applicationOwner": "BANK_ABC"
}
}
}
}
Response
- Headers:
Content-Type: application/json
{
"status" : "OK"
}
put /operation/user Update User for an Operation
Update user ID, organization ID and account status for an operation.
This method has a POST /operation/user/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OPERATION_NOT_FOUND - operation with specified identifier was not found |
400 | ORGANIZATION_NOT_FOUND - organization specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationId": "0a044408-aea0-433a-80cf-6371dc2a76c0",
"userId": "12345678",
"organizationId": "RETAIL",
"accountStatus": "ACTIVE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status" : "OK"
}
put /operation/chosenAuthMethod Set Chosen Authentication Method
Set chosen authentication method for current operation step.
This method has a POST /operation/chosenAuthMethod/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | OPERATION_NOT_VALID - operation which is being updated is not valid |
400 | OPERATION_NOT_FOUND - operation with specified identifier was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationId": "3e87f071-2f08-4341-9034-47cb5f8a3fb4",
"chosenAuthMethod": "POWERAUTH_TOKEN"
}
}
Response
- Headers:
Content-Type: application/json
{
"status" : "OK"
}
put /operation/mobileToken/status Update Mobile Token Status for an Operation
Set whether mobile token is active for an operation.
This method has a POST /operation/mobileToken/status/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OPERATION_NOT_VALID - operation which is being updated is not valid |
400 | OPERATION_NOT_FOUND - operation with specified identifier was not found |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationId": "1ee2d165-1926-4a77-be5f-82ec26f12b97",
"mobileTokenActive": true
}
}
Response
- Headers:
Content-Type: application/json
{
"status" : "OK"
}
get /operation/mobileToken/config/detail Get Mobile Token Configuration
Get whether mobile token is enabled for given user ID, operation name and authentication method.
This method has a POST /operation/mobileToken/config/detail
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "12345678",
"operationName": "login",
"authMethod": "LOGIN_SCA"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"mobileTokenEnabled": true
}
}
post /operation/afs/action Store Result of an AFS Action
Store result of an AFS action for an operation.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationId": "47a74437-83f9-4567-8c9e-270bea98d9de",
"afsAction": "APPROVAL_INIT",
"stepIndex": 1,
"requestAfsExtras": "{}",
"afsResponseApplied": true,
"afsLabel": "1FA",
"responseAfsExtras": "{}",
"timestampCreated": 1572618429867
}
}
Response
- Headers:
Content-Type: application/json
{
"status" : "OK"
}
post /operation/config/list List Operation Configurations
Retrieve list of operation configurations.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"operationConfigs": [
{
"operationName": "authorize_payment",
"templateVersion": "A",
"templateId": 1,
"mobileTokenMode": "{\"type\":\"2FA\",\"variants\":[\"possession_knowledge\",\"possession_biometry\"]}"
},
{
"operationName": "authorize_payment_sca",
"templateVersion": "A",
"templateId": 1,
"mobileTokenMode": "{\"type\":\"2FA\",\"variants\":[\"possession_knowledge\",\"possession_biometry\"]}"
},
{
"operationName": "login",
"templateVersion": "A",
"templateId": 2,
"mobileTokenMode": "{\"type\":\"2FA\",\"variants\":[\"possession_knowledge\",\"possession_biometry\"]}"
},
{
"operationName": "login_sca",
"templateVersion": "A",
"templateId": 2,
"mobileTokenMode": "{\"type\":\"2FA\",\"variants\":[\"possession_knowledge\",\"possession_biometry\"]}"
}
]
}
}
post /operation/config Create an Operation Configuration
Create an operation configuration.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OPERATION_CONFIG_ALREADY_EXISTS - operation configuration already exists |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationName": "login_other",
"templateVersion": "A",
"templateId": 2,
"mobileTokenEnabled": false,
"mobileTokenMode": "{}",
"afsEnabled": false,
"afsConfigId": null,
"expirationTime": 300000
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"operationName": "login_other",
"templateVersion": "A",
"templateId": 2,
"mobileTokenEnabled": false,
"mobileTokenMode": "{}",
"afsEnabled": false,
"afsConfigId": null,
"expirationTime": 300000
}
}
get /operation/config/detail Get Operation Configuration Detail
Get operation configuration detail.
This method has a POST /operation/config/detail
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OPERATION_CONFIG_NOT_FOUND - operation configuration was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationName": "login"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"operationName": "login",
"templateVersion": "A",
"templateId": 2,
"mobileTokenMode": "{\"type\":\"2FA\",\"variants\":[\"possession_knowledge\",\"possession_biometry\"]}"
}
}
post /operation/config/delete Delete an Operation Configuration
Delete an operation configuration.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OPERATION_CONFIG_NOT_FOUND - operation configuration was not found |
400 | DELETE_NOT_ALLOWED - operation configuration removal is not allowed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationName": "login",
"authMethod": "POWERAUTH_TOKEN"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"operationName": "login"
}
}
post /operation/auth-method/config Create an Operation and Authentication Method Configuration
Create a configuration for an operation and an authentication method.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OPERATION_METHOD_CONFIG_ALREADY_EXISTS - operation and authentication method configuration already exists |
400 | OPERATION_CONFIG_NOT_FOUND - operation configuration was not found |
400 | AUTH_METHOD_NOT_FOUND - authentication method was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationName": "login_other",
"authMethod": "LOGIN_SCA",
"maxAuthFails": 3
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"operationName": "login_other",
"authMethod": "LOGIN_SCA",
"maxAuthFails": 3
}
}
get /operation/auth-method/config/detail Get an Operation and Authentication Method Configuration Detail
Get configuration for an operation and an authentication method.
This method has a POST /operation/auth-method/config/detail
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OPERATION_METHOD_CONFIG_NOT_FOUND - operation and authentication method configuration was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationName": "login_other",
"authMethod": "LOGIN_SCA"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"operationName": "login_other",
"authMethod": "LOGIN_SCA",
"maxAuthFails": 3
}
}
post /operation/auth-method/config/delete Delete an Operation and Authentication Method Configuration
Delete a configuration for an operation and an authentication method.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OPERATION_METHOD_CONFIG_NOT_FOUND - operation and authentication method configuration was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationName": "login_other",
"authMethod": "LOGIN_SCA"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"operationName": "login_other",
"authMethod": "LOGIN_SCA"
}
}
Organizations API
post /organization Create an Organization
Create an organization.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | ORGANIZATION_ALREADY_EXISTS - organization with identifier specified in the request already exists |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"organizationId": "CORPORATE",
"displayNameKey": "organization.corp",
"orderNumber": 3,
"default": false,
"defaultCredentialName": "CRED_CORP",
"defaultOtpName": "OTP_CORP"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"organizationId": "CORPORATE",
"displayNameKey": "organization.corp",
"orderNumber": 3,
"default": false,
"defaultCredentialName": "CRED_CORP",
"defaultOtpName": "OTP_CORP"
}
}
get /organization List Organizations
List all organizations configured on the server.
This method has a POST /organization/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"organizations": [
{
"organizationId": "RETAIL",
"displayNameKey": "organization.retail",
"orderNumber": 1,
"default": true,
"defaultCredentialName": "CRED_RETAIL",
"defaultOtpName": "OTP_RETAIL"
},
{
"organizationId": "SME",
"displayNameKey": "organization.sme",
"orderNumber": 2,
"default": false,
"defaultCredentialName": "CRED_SME",
"defaultOtpName": "OTP_SME"
}
]
}
}
get /organization/detail Organization Detail
Get detail of an organization configured on the server.
This method has a POST /organization/detail
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | ORGANIZATION_NOT_FOUND - organization specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"organizationId": "RETAIL"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"organizationId": "RETAIL",
"displayNameKey": "organization.retail",
"orderNumber": 1,
"default": true,
"defaultCredentialName": "CRED_RETAIL",
"defaultOtpName": "OTP_RETAIL"
}
}
post /organization/delete Delete an Organization
Delete an organization.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | ORGANIZATION_NOT_FOUND - organization specified in the request was not found |
400 | DELETE_NOT_ALLOWED - organization removal is not allowed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"organizationId": "CORPORATE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"organizationId": "CORPORATE"
}
}
Step Definitions API
post /step/definition Create a Step definition
Create a step definition.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | STEP_DEFINITION_ALREADY_EXISTS - step definition with identifier specified in the request already exists |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"stepDefinitionId": 1,
"operationName": "login",
"operationType": "CREATE",
"requestAuthMethod": null,
"requestAuthStepResult": null,
"responsePriority": 1,
"responseAuthMethod": "USER_ID_ASSIGN",
"responseResult": "CONTINUE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"stepDefinitionId": 1,
"operationName": "login",
"operationType": "CREATE",
"requestAuthMethod": null,
"requestAuthStepResult": null,
"responsePriority": 1,
"responseAuthMethod": "USER_ID_ASSIGN",
"responseResult": "CONTINUE"
}
}
post /step/definition/delete Delete a Step Definition
Delete a step definition.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | STEP_DEFINITION_NOT_FOUND - step definition with identifier specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"stepDefinitionId": 1
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"stepDefinitionId": 1
}
}
Applications API
post /application Create an Application
Create a Next Step application.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | APPLICATION_ALREADY_EXISTS - application with name specified in the request already exists |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"applicationName": "APP_1",
"description": "Test application"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"applicationName": "APP_1",
"description": "Test application",
"applicationStatus": "ACTIVE"
}
}
get /application List Applications
List all applications configured on the server.
This method has a POST /application/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"includeRemoved": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"applications": [
{
"applicationName": "APP",
"applicationStatus": "ACTIVE",
"description": "Sample application",
"timestampCreated": "2021-06-07T11:42:54+0000",
"timestampLastUpdated": null
}
]
}
}
put /application Update an Application
Update an application configured on the server.
This method has a POST /application/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | APPLICATION_NOT_FOUND - application with name specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"applicationName": "APP_1",
"description": "Test application updated",
"applicationStatus": "ACTIVE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"applicationName": "APP_1",
"description": "Test application updated",
"applicationStatus": "ACTIVE"
}
}
post /application/delete Delete an Application
Delete an application.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | APPLICATION_NOT_FOUND - application with name specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"applicationName": "APP_1"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"applicationName": "APP_1",
"applicationStatus": "REMOVED"
}
}
Roles API
post /role Create a Role
Create a user role.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | ROLE_ALREADY_EXISTS - role with name specified in the request already exists |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"roleName": "TEST_ROLE",
"description": "Test role"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"roleName": "TEST_ROLE",
"description": "Test role"
}
}
get /role List Roles
List all user roles.
This method has a POST /role/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"roles": [
{
"roleName": "TEST_ROLE",
"description": "Test role",
"timestampCreated": "2021-06-07T11:42:54+0000",
"timestampLastUpdated": null
}
]
}
}
post /role/delete Delete a Role
Delete a user role.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | ROLE_NOT_FOUND - role with name specified in the request was not found |
400 | DELETE_NOT_ALLOWED - role removal is not allowed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"roleName": "TEST_ROLE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"roleName": "TEST_ROLE"
}
}
Credential Policies API
post /credential/policy Create a Credential Policy
Create a credential policy.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | CREDENTIAL_POLICY_ALREADY_EXISTS - credential policy with name specified in the request already exists |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"credentialPolicyName": "TEST_CREDENTIAL_POLICY",
"description": "Test policy",
"usernameLengthMin": 8,
"usernameLengthMax": 32,
"usernameAllowedChars": "[a-zA-Z0-9]+",
"credentialLengthMin": 8,
"credentialLengthMax": 32,
"limitSoft": 3,
"limitHard": 5,
"checkHistoryCount": 3,
"rotationEnabled": false,
"rotationDays": null,
"temporaryCredentialExpirationTime": null,
"usernameGenAlgorithm": "RANDOM_DIGITS",
"usernameGenParam": {
"length": 8
},
"credentialGenAlgorithm": "RANDOM_PASSWORD",
"credentialGenParam": {
"length": 12,
"includeSmallLetters": true,
"smallLettersCount": null,
"includeCapitalLetters": true,
"capitalLettersCount": null,
"includeDigits": true,
"digitsCount": null,
"includeSpecialChars": true,
"specialCharsCount": null
},
"credentialValParam": {
"includeWhitespaceRule": true,
"includeUsernameRule": true,
"includeAllowedCharacterRule": false,
"allowedChars": "",
"includeAllowedRegexRule": false,
"allowedRegex": ".*",
"includeIllegalCharacterRule": false,
"illegalChars": "",
"includeIllegalRegexRule": false,
"illegalRegex": "",
"includeCharacterRule": true,
"includeSmallLetters": true,
"smallLettersMin": 1,
"includeCapitalLetters": true,
"capitalLettersMin": 1,
"includeAlphabeticalLetters": true,
"alphabeticalLettersMin": 2,
"includeDigits": true,
"digitsMin": 1,
"includeSpecialChars": true,
"specialCharsMin": 1
}
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"credentialPolicyName": "TEST_CREDENTIAL_POLICY",
"description": "Test policy",
"credentialPolicyStatus": "ACTIVE",
"usernameLengthMin": 8,
"usernameLengthMax": 32,
"usernameAllowedPattern": null,
"credentialLengthMin": 8,
"credentialLengthMax": 32,
"limitSoft": 3,
"limitHard": 5,
"checkHistoryCount": 3,
"rotationEnabled": false,
"rotationDays": null,
"temporaryCredentialExpirationTime": null,
"usernameGenAlgorithm": "RANDOM_DIGITS",
"usernameGenParam": {
"length": 8
},
"credentialGenAlgorithm": "RANDOM_PASSWORD",
"credentialGenParam": {
"length": 12,
"includeSmallLetters": true,
"smallLettersCount": null,
"includeCapitalLetters": true,
"capitalLettersCount": null,
"includeDigits": true,
"digitsCount": null,
"includeSpecialChars": true,
"specialCharsCount": null
},
"credentialValParam": {
"includeWhitespaceRule": true,
"includeUsernameRule": true,
"includeAllowedCharacterRule": false,
"allowedChars": "",
"includeAllowedRegexRule": false,
"allowedRegex": ".*",
"includeIllegalCharacterRule": false,
"illegalChars": "",
"includeIllegalRegexRule": false,
"illegalRegex": "",
"includeCharacterRule": true,
"includeSmallLetters": true,
"smallLettersMin": 1,
"includeCapitalLetters": true,
"capitalLettersMin": 1,
"includeAlphabeticalLetters": true,
"alphabeticalLettersMin": 2,
"includeDigits": true,
"digitsMin": 1,
"includeSpecialChars": true,
"specialCharsMin": 1
}
}
}
get /credential/policy List Credential Policies
List all credential policies configured on the server.
This method has a POST /credential/policy/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"includeRemoved": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"credentialPolicies": [
{
"credentialPolicyName": "TEST_CREDENTIAL_POLICY",
"description": "Test policy",
"usernameLengthMin": 8,
"usernameLengthMax": 32,
"usernameAllowedPattern": null,
"credentialLengthMin": 8,
"credentialLengthMax": 32,
"limitSoft": 3,
"limitHard": 5,
"checkHistoryCount": 3,
"rotationEnabled": false,
"rotationDays": null,
"temporaryCredentialExpirationTime": null,
"usernameGenAlgorithm": "RANDOM_DIGITS",
"usernameGenParam": {
"length": 8
},
"credentialGenAlgorithm": "RANDOM_PASSWORD",
"credentialGenParam": {
"length": 12,
"includeSmallLetters": true,
"smallLettersCount": null,
"includeCapitalLetters": true,
"capitalLettersCount": null,
"includeDigits": true,
"digitsCount": null,
"includeSpecialChars": true,
"specialCharsCount": null
},
"credentialValParam": {
"includeWhitespaceRule": true,
"includeUsernameRule": true,
"includeAllowedCharacterRule": false,
"allowedChars": "",
"includeAllowedRegexRule": false,
"allowedRegex": ".*",
"includeIllegalCharacterRule": false,
"illegalChars": "",
"includeIllegalRegexRule": false,
"illegalRegex": "",
"includeCharacterRule": true,
"includeSmallLetters": true,
"smallLettersMin": 1,
"includeCapitalLetters": true,
"capitalLettersMin": 1,
"includeAlphabeticalLetters": true,
"alphabeticalLettersMin": 2,
"includeDigits": true,
"digitsMin": 1,
"includeSpecialChars": true,
"specialCharsMin": 1
},
"credentialPolicyStatus": "ACTIVE",
"timestampCreated": "2021-07-01T19:50:11+0000",
"timestampLastUpdated": null
}
]
}
}
put /credential/policy Update a Credential Policy
Update a credential policy configured on the server.
This method has a POST /credential/policy/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | CREDENTIAL_POLICY_NOT_FOUND - credential policy with name specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"credentialPolicyName": "CREDENTIAL_POLICY",
"description": "Sample credential policy",
"usernameLengthMin": 5,
"usernameLengthMax": 20,
"usernameAllowedPattern": "[0-9a-z]+",
"credentialLengthMin": 8,
"credentialLengthMax": 40,
"limitSoft": 3,
"limitHard": 5,
"checkHistoryCount": 3,
"rotationEnabled": false,
"rotationDays": null,
"temporaryCredentialExpirationTime": 345600,
"usernameGenAlgorithm": "RANDOM_DIGITS",
"usernameGenParam": {
"length": 8
},
"credentialGenAlgorithm": "RANDOM_PASSWORD",
"credentialGenParam": {
"length": 12,
"includeSmallLetters": true,
"smallLettersCount": 5,
"includeCapitalLetters": true,
"capitalLettersCount": 5,
"includeDigits": true,
"digitsCount": 1,
"includeSpecialChars": true,
"specialCharsCount": 1
},
"credentialValParam": {
"includeWhitespaceRule": true,
"includeUsernameRule": true,
"includeAllowedCharacterRule": false,
"allowedChars": "",
"includeAllowedRegexRule": false,
"allowedRegex": ".*",
"includeIllegalCharacterRule": false,
"illegalChars": "",
"includeIllegalRegexRule": false,
"illegalRegex": "",
"includeCharacterRule": true,
"includeSmallLetters": true,
"smallLettersMin": 1,
"includeCapitalLetters": true,
"capitalLettersMin": 1,
"includeAlphabeticalLetters": true,
"alphabeticalLettersMin": 2,
"includeDigits": true,
"digitsMin": 1,
"includeSpecialChars": true,
"specialCharsMin": 1
},
"credentialPolicyStatus": "ACTIVE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"credentialPolicyName": "CREDENTIAL_POLICY",
"description": "Sample credential policy",
"usernameLengthMin": 5,
"usernameLengthMax": 20,
"usernameAllowedPattern": "[0-9a-z]+",
"credentialLengthMin": 8,
"credentialLengthMax": 40,
"limitSoft": 3,
"limitHard": 5,
"checkHistoryCount": 3,
"rotationEnabled": false,
"rotationDays": null,
"temporaryCredentialExpirationTime": 345600,
"usernameGenAlgorithm": "RANDOM_DIGITS",
"usernameGenParam": {
"length": 8
},
"credentialGenAlgorithm": "RANDOM_PASSWORD",
"credentialGenParam": {
"length": 12,
"includeSmallLetters": true,
"smallLettersCount": 5,
"includeCapitalLetters": true,
"capitalLettersCount": 5,
"includeDigits": true,
"digitsCount": 1,
"includeSpecialChars": true,
"specialCharsCount": 1
},
"credentialValParam": {
"includeWhitespaceRule": true,
"includeUsernameRule": true,
"includeAllowedCharacterRule": false,
"allowedChars": "",
"includeAllowedRegexRule": false,
"allowedRegex": ".*",
"includeIllegalCharacterRule": false,
"illegalChars": "",
"includeIllegalRegexRule": false,
"illegalRegex": "",
"includeCharacterRule": true,
"includeSmallLetters": true,
"smallLettersMin": 1,
"includeCapitalLetters": true,
"capitalLettersMin": 1,
"includeAlphabeticalLetters": true,
"alphabeticalLettersMin": 2,
"includeDigits": true,
"digitsMin": 1,
"includeSpecialChars": true,
"specialCharsMin": 1
},
"credentialPolicyStatus": "ACTIVE"
}
}
post /credential/policy/delete Delete a credential policy
Delete a credential policy.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | CREDENTIAL_POLICY_NOT_FOUND - credential policy with name specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"credentialPolicyName": "TEST_CREDENTIAL_POLICY"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"credentialPolicyName": "TEST_CREDENTIAL_POLICY",
"credentialPolicyStatus": "REMOVED"
}
}
Credential Definitions API
post /credential/definition Create a Credential Definition
Create a credential definition.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | CREDENTIAL_DEFINITION_ALREADY_EXISTS - credential definition with name specified in the request already exists |
400 | APPLICATION_NOT_FOUND - application with name specified in the request was not found |
400 | HASHING_CONFIG_NOT_FOUND - hashing configuration with name specified in the request was not found |
400 | CREDENTIAL_POLICY_NOT_FOUND - credential policy with name specified in the request was not found |
400 | ORGANIZATION_NOT_FOUND - organization with name specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"credentialDefinitionName": "TEST_CREDENTIAL_DEFINITION",
"applicationName": "APP",
"organizationId": "RETAIL",
"credentialPolicyName": "CREDENTIAL_POLICY",
"category": "PASSWORD",
"encryptionEnabled": true,
"encryptionAlgorithm": "AES_HMAC",
"hashingEnabled": true,
"hashConfigName": "ARGON_2021",
"e2eEncryptionEnabled": true,
"dataAdapterProxyEnabled": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"credentialDefinitionName": "TEST_CREDENTIAL_DEFINITION",
"applicationName": "APP",
"credentialPolicyName": "CREDENTIAL_POLICY",
"description": null,
"category": "PASSWORD",
"encryptionEnabled": true,
"encryptionAlgorithm": "AES_HMAC",
"hashingEnabled": true,
"hashConfigName": "ARGON_2021",
"e2eEncryptionEnabled": true,
"e2eEncryptionAlgorithm": null,
"e2eEncryptionCipherTransformation": null,
"e2eEncryptionForTemporaryCredentialEnabled": false,
"credentialDefinitionStatus": "ACTIVE",
"dataAdapterProxyEnabled": false
}
}
get /credential/definition List Credential Definitions
List all credential definitions configured on the server.
This method has a POST /credential/definition/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"includeRemoved": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"credentialDefinitions": [
{
"credentialDefinitionName": "TEST_CREDENTIAL_DEFINITION",
"applicationName": "APP",
"organizationId": "RETAIL",
"credentialPolicyName": "CREDENTIAL_POLICY",
"description": null,
"category": "PASSWORD",
"encryptionEnabled": true,
"encryptionAlgorithm": "AES_HMAC",
"hashingEnabled": true,
"hashConfigName": "ARGON_2021",
"e2eEncryptionEnabled": true,
"e2eEncryptionAlgorithm": null,
"e2eEncryptionCipherTransformation": null,
"e2eEncryptionForTemporaryCredentialEnabled": false,
"credentialDefinitionStatus": "ACTIVE",
"dataAdapterProxyEnabled": false,
"timestampCreated": "2021-07-01T20:03:25+0000",
"timestampLastUpdated": null
}
]
}
}
put /credential/definition Update a Credential Definition
Update a credential definition configured on the server.
This method has a POST /credential/definition/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found |
400 | APPLICATION_NOT_FOUND - application with name specified in the request was not found |
400 | HASHING_CONFIG_NOT_FOUND - hashing configuration with name specified in the request was not found |
400 | CREDENTIAL_POLICY_NOT_FOUND - credential policy with name specified in the request was not found |
400 | ORGANIZATION_NOT_FOUND - organization with name specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"credentialDefinitionName": "RETAIL_CREDENTIAL",
"applicationName": "APP",
"organizationId": "RETAIL",
"credentialPolicyName": "CREDENTIAL_POLICY",
"description": "Sample credential definition for retail",
"category": "PASSWORD",
"encryptionEnabled": true,
"encryptionAlgorithm": "AES_HMAC",
"hashingEnabled": true,
"hashConfigName": "ARGON_2021",
"e2eEncryptionEnabled": false,
"e2eEncryptionAlgorithm": "AES",
"e2eEncryptionCipherTransformation": "AES/CBC/PKCS7Padding",
"credentialDefinitionStatus": "ACTIVE",
"dataAdapterProxyEnabled": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"credentialDefinitionName": "RETAIL_CREDENTIAL",
"applicationName": "APP",
"organizationId": "RETAIL",
"credentialPolicyName": "CREDENTIAL_POLICY",
"description": "Sample credential definition for retail",
"category": "PASSWORD",
"encryptionEnabled": true,
"encryptionAlgorithm": "AES_HMAC",
"hashingEnabled": true,
"hashConfigName": "ARGON_2021",
"e2eEncryptionEnabled": false,
"e2eEncryptionAlgorithm": "AES",
"e2eEncryptionCipherTransformation": "AES/CBC/PKCS7Padding",
"e2eEncryptionForTemporaryCredentialEnabled": false,
"credentialDefinitionStatus": "ACTIVE",
"dataAdapterProxyEnabled": false
}
}
post /credential/definition/delete Delete a credential definition
Delete a credential definition.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"credentialDefinitionName": "TEST_CREDENTIAL_DEFINITION"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"credentialDefinitionName": "TEST_CREDENTIAL_DEFINITION",
"credentialDefinitionStatus": "REMOVED"
}
}
OTP Policies API
post /otp/policy Create an OTP Policy
Create an OTP policy.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | OTP_POLICY_ALREADY_EXISTS - OTP policy with name specified in the request already exists |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"otpPolicyName": "TEST_OTP_POLICY",
"description": "Test OTP policy",
"length": 8,
"attemptLimit": 3,
"expirationTime": null,
"genAlgorithm": "OTP_DATA_DIGEST"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"otpPolicyName": "TEST_OTP_POLICY",
"description": "Test OTP policy",
"length": 8,
"attemptLimit": 3,
"expirationTime": null,
"genAlgorithm": "OTP_DATA_DIGEST",
"genParam": {
"groupSize": null
},
"otpPolicyStatus": "ACTIVE"
}
}
get /otp/policy List OTP Policies
List all OTP policies configured on the server.
THis method has a POST /otp/policy/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"includeRemoved": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"otpPolicies": [
{
"otpPolicyName": "TEST_OTP_POLICY",
"description": "Test OTP policy",
"length": 8,
"attemptLimit": 3,
"expirationTime": null,
"genAlgorithm": "OTP_DATA_DIGEST",
"genParam": {
"groupSize": null
},
"otpPolicyStatus": "ACTIVE",
"timestampCreated": "2021-07-01T20:13:48+0000",
"timestampLastUpdated": null
}
]
}
}
put /otp/policy Update an OTP Policy
Update an OTP policy configured on the server.
This method has a POST /otp/policy/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | OTP_POLICY_NOT_FOUND - OTP policy with name specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"otpPolicyName": "OTP_POLICY",
"description": "Sample OTP policy",
"length": 8,
"attemptLimit": 3,
"expirationTime": 300,
"genAlgorithm": "OTP_DATA_DIGEST",
"genParam": {
"groupSize": null
},
"otpPolicyStatus": "ACTIVE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"otpPolicyName": "OTP_POLICY",
"description": "Sample OTP policy",
"length": 8,
"attemptLimit": 3,
"expirationTime": 300,
"genAlgorithm": "OTP_DATA_DIGEST",
"genParam": {
"groupSize": null
},
"otpPolicyStatus": "ACTIVE"
}
}
post /otp/policy/delete Delete an OTP policy
Delete an OTP policy.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OTP_POLICY_NOT_FOUND - OTP policy with name specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"otpPolicyName": "TEST_OTP_POLICY"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"otpPolicyName": "TEST_OTP_POLICY",
"otpPolicyStatus": "REMOVED"
}
}
OTP Definitions API
post /otp/definition Create an OTP Definition
Create an OTP definition.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OTP_DEFINITION_ALREADY_EXISTS - OTP definition with name specified in the request already exists |
400 | APPLICATION_NOT_FOUND - application with name specified in the request was not found |
400 | OTP_POLICY_NOT_FOUND - OTP policy with name specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"otpDefinitionName": "RETAIL_OTP",
"applicationName": "RETAIL_APP",
"otpPolicyName": "OTP_POLICY",
"description": "Sample OTP definition for retail",
"encryptionEnabled": false,
"encryptionAlgorithm": null,
"dataAdapterProxyEnabled": false,
"otpDefinitionStatus": "ACTIVE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"otpDefinitionName": "RETAIL_OTP",
"applicationName": "APP",
"otpPolicyName": "OTP_POLICY",
"description": null,
"encryptionEnabled": false,
"encryptionAlgorithm": null,
"otpDefinitionStatus": "ACTIVE",
"dataAdapterProxyEnabled": false
}
}
get /otp/definition List OTP definitions
List all OTP definitions configured on the server.
This method has a POST /otp/definition/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"includeRemoved": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"otpDefinitions": [
{
"otpDefinitionName": "RETAIL_OTP",
"applicationName": "APP",
"otpPolicyName": "OTP_POLICY",
"description": "Sample OTP definition for retail",
"encryptionEnabled": false,
"encryptionAlgorithm": null,
"otpDefinitionStatus": "ACTIVE",
"dataAdapterProxyEnabled": true,
"timestampCreated": "2021-06-07T11:42:54+0000",
"timestampLastUpdated": null
}
]
}
}
put /otp/definition Update an OTP Definition
Update an OTP definition configured on the server.
This method has a POST /otp/definition/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OTP_DEFINITION_NOT_FOUND - OTP definition with name specified in the request was not found |
400 | APPLICATION_NOT_FOUND - application with name specified in the request was not found |
400 | OTP_POLICY_NOT_FOUND - OTP policy with name specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"otpDefinitionName": "RETAIL_OTP",
"applicationName": "APP",
"otpPolicyName": "OTP_POLICY",
"description": null,
"encryptionEnabled": false,
"encryptionAlgorithm": "AES_HMAC",
"otpDefinitionStatus": "ACTIVE",
"dataAdapterProxyEnabled": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"otpDefinitionName": "RETAIL_OTP",
"applicationName": "APP",
"otpPolicyName": "OTP_POLICY",
"description": null,
"encryptionEnabled": false,
"encryptionAlgorithm": "AES_HMAC",
"otpDefinitionStatus": "ACTIVE",
"dataAdapterProxyEnabled": false
}
}
post /otp/definition/delete Delete an OTP definition
Delete an OTP definition.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OTP_DEFINITION_NOT_FOUND - OTP definition with name specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"otpDefinitionName": "RETAIL_OTP"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"otpDefinitionName": "RETAIL_OTP",
"otpDefinitionStatus": "REMOVED"
}
}
Hashing Configurations API
post /hashconfig Create a Hashing Configuration
Create a hashing configuration.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | HASHING_CONFIG_ALREADY_EXISTS - hashing configuration with name specified in the request already exists |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"hashConfigName": "ARGON_2021",
"algorithm": "ARGON_2ID",
"parameters": {
"version": "16",
"iterations": "3",
"memory": "15",
"parallelism": "16",
"outputLength": "32"
}
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"hashConfigName": "ARGON_2021",
"algorithm": "ARGON_2ID",
"parameters": {
"version": "16",
"iterations": "3",
"memory": "15",
"parallelism": "16",
"outputLength": "32"
},
"hashConfigStatus": "ACTIVE"
}
}
get /hashconfig List Hashing Configurations
List all hashing configurations configured on the server.
This method has a POST /hashconfig/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_CONFIGURATION - Next Step server configuration is invalid |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"includeRemoved": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"hashConfigs": [
{
"hashConfigName": "ARGON_2021",
"algorithm": "ARGON_2ID",
"hashConfigStatus": "ACTIVE",
"parameters": {
"version": "16",
"iterations": "3",
"memory": "15",
"parallelism": "16",
"outputLength": "32"
},
"timestampCreated": "2021-07-01T20:03:20+0000"
}
]
}
}
put /hashconfig Update a Hashing Configuration
Update a hashing configuration configured on the server.
This method has a POST /hashconfig/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | HASHING_CONFIG_NOT_FOUND - hashing configuration with name specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"hashConfigName": "ARGON_2021",
"algorithm": "ARGON_2ID",
"parameters": {
"version": "16",
"iterations": "3",
"memory": "15",
"parallelism": "16",
"outputLength": "32"
},
"hashConfigStatus": "ACTIVE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"hashConfigName": "ARGON_2021",
"algorithm": "ARGON_2ID",
"parameters": {
"version": "16",
"iterations": "3",
"memory": "15",
"parallelism": "16",
"outputLength": "32"
},
"hashConfigStatus": "ACTIVE"
}
}
post /hashconfig/delete Delete a Hashing Configuration
Delete a hashing configuration.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | HASHING_CONFIG_NOT_FOUND - hashing configuration with name specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"hashConfigName": "ARGON_2021"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"hashConfigName": "ARGON_2021",
"hashConfigStatus": "REMOVED"
}
}
User Identities API
post /user Create a User Identity
Create a user identity.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_ALREADY_EXISTS - user identity with identifier specified in the request already exist |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | CREDENTIAL_VALIDATION_FAILED - credential validation failed |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"extras": {
"key1": "value1"
},
"roles": [],
"contacts": [
{
"contactName": "TEST_CONTACT",
"contactType": "PHONE",
"contactValue": "+420123456",
"primary": true
}
],
"credentials": [
{
"credentialName": "RETAIL_CREDENTIAL",
"credentialType": "PERMANENT",
"username": "testuser"
}
]
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"userIdentityStatus": "ACTIVE",
"extras": {
"key1": "value1"
},
"roles": [],
"contacts": [
{
"contactName": "TEST_CONTACT",
"contactType": "PHONE",
"contactValue": "+420123456",
"primary": true,
"timestampCreated": "2021-07-02T09:47:36+0000",
"timestampLastUpdated": null
}
],
"credentials": [
{
"credentialName": "RETAIL_CREDENTIAL",
"credentialType": "PERMANENT",
"credentialStatus": "ACTIVE",
"username": "testuser",
"credentialValue": "buCH<JpTw1mA",
"credentialChangeRequired": false,
"timestampCreated": "2021-07-02T09:47:35+0000",
"timestampLastUpdated": null,
"timestampBlocked": null,
"timestampExpires": null,
"timestampLastCredentialChange": "2021-07-02T09:47:35+0000",
"timestampLastUsernameChange": "2021-07-02T09:47:35+0000"
}
]
}
}
get /user/detail Get User Identity Detail
Get user identity detail.
This method has a POST /user/detail
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition was not found |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"userIdentityStatus": "ACTIVE",
"extras": {
"key1": "value1"
},
"roles": [],
"contacts": [
{
"contactName": "TEST_CONTACT",
"contactType": "PHONE",
"contactValue": "+420123456",
"primary": true,
"timestampCreated": "2021-07-02T09:47:36+0000",
"timestampLastUpdated": null
}
],
"credentials": [
{
"credentialName": "RETAIL_CREDENTIAL",
"credentialType": "PERMANENT",
"credentialStatus": "ACTIVE",
"username": "testuser2",
"credentialChangeRequired": false,
"timestampCreated": "2021-07-02T09:47:36+0000",
"timestampExpires": null,
"timestampBlocked": null,
"timestampLastUpdated": null,
"timestampLastCredentialChange": "2021-07-02T09:47:36+0000",
"timestampLastUsernameChange": "2021-07-02T09:47:36+0000"
}
],
"timestampCreated": "2021-07-02T09:47:36+0000",
"timestampLastUpdated": null
}
}
put /user Update a User Identity
Update a user identity.
This method has a POST /user/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition was not found |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | CREDENTIAL_VALIDATION_FAILED - credential validation failed |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"userIdentityStatus": "ACTIVE",
"extras": {
"key1": "value1"
},
"roles": [
"TEST_ROLE"
],
"contacts": [
{
"contactName": "TEST_CONTACT",
"contactType": "PHONE",
"contactValue": "+4201234567",
"primary": true
}
],
"credentials": [
{
"credentialName": "RETAIL_CREDENTIAL",
"credentialType": "PERMANENT",
"username": "test1234",
"credentialValue": "S3cret.1234"
}
]
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "test2",
"userIdentityStatus": "ACTIVE",
"extras": {
"key1": "value1"
},
"roles": [
"TEST_ROLE"
],
"contacts": [
{
"contactName": "TEST_CONTACT",
"contactType": "PHONE",
"contactValue": "+4201234567",
"primary": true,
"timestampCreated": "2021-07-02T09:47:36+0000",
"timestampLastUpdated": "2021-07-02T10:17:03+0000"
}
],
"credentials": [
{
"credentialName": "RETAIL_CREDENTIAL",
"credentialType": "PERMANENT",
"credentialStatus": "ACTIVE",
"username": "test1234",
"credentialValue": null,
"credentialChangeRequired": false,
"timestampCreated": "2021-07-02T09:47:36+0000",
"timestampLastUpdated": "2021-07-02T10:17:03+0000",
"timestampBlocked": null,
"timestampExpires": null,
"timestampLastCredentialChange": "2021-07-02T10:17:03+0000",
"timestampLastUsernameChange": "2021-07-02T10:17:03+0000"
}
]
}
}
put /user/multi Update Multiple User Identities
Update multiple user identities.
This method has a POST /user/update/multi
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userIds": [
"user1234",
"user5678"
],
"userIdentityStatus": "ACTIVE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userIds": [
"user1234",
"user5678"
],
"userIdentityStatus": "ACTIVE"
}
}
post /user/lookup/single Lookup a User Identity
Lookup a user identity.
The operation ID parameter is required in case Data Adapter proxy is enabled.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"username": "77002401",
"credentialName": "RETAIL_CREDENTIAL",
"operationId": null
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"user": {
"userId": "user9876",
"userIdentityStatus": "ACTIVE",
"extras": {
"key1": "value1"
},
"roles": [
"TEST_ROLE"
],
"contacts": [
{
"contactName": "TEST_CONTACT",
"contactType": "PHONE",
"contactValue": "+4201234567",
"primary": true,
"timestampCreated": "2021-07-02T09:47:36+0000",
"timestampLastUpdated": "2021-07-02T10:17:04+0000"
}
],
"credentials": [
{
"credentialName": "RETAIL_CREDENTIAL",
"credentialType": "PERMANENT",
"credentialStatus": "ACTIVE",
"username": "77002401",
"credentialChangeRequired": false,
"timestampCreated": "2021-07-02T09:47:36+0000",
"timestampExpires": null,
"timestampBlocked": null,
"timestampLastUpdated": "2021-07-02T10:17:03+0000",
"timestampLastCredentialChange": "2021-07-02T10:17:03+0000",
"timestampLastUsernameChange": "2021-07-02T10:17:03+0000"
}
],
"timestampCreated": "2021-07-02T09:47:36+0000",
"timestampLastUpdated": "2021-07-02T10:17:03+0000"
}
}
}
post /user/lookup Lookup User Identities
Lookup user identities.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userIdentityStatus": null,
"createdStartDate": null,
"createdEndDate": null,
"roles": null,
"username": "14655327",
"credentialName": "RETAIL_CREDENTIAL",
"credentialStatus" : null
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"users": [
{
"userId": "user4321",
"userIdentityStatus": "ACTIVE",
"extras": {
"key1": "value1"
},
"roles": [
"TEST_ROLE"
],
"contacts": [
{
"contactName": "TEST_CONTACT",
"contactType": "PHONE",
"contactValue": "+4201234567",
"primary": true,
"timestampCreated": "2021-07-02T09:47:36+0000",
"timestampLastUpdated": "2021-07-02T10:17:04+0000"
}
],
"credentials": [
{
"credentialName": "RETAIL_CREDENTIAL",
"credentialType": "PERMANENT",
"credentialStatus": "ACTIVE",
"username": "14655327",
"credentialChangeRequired": false,
"timestampCreated": "2021-07-02T09:47:36+0000",
"timestampExpires": null,
"timestampBlocked": null,
"timestampLastUpdated": "2021-07-02T10:17:03+0000",
"timestampLastCredentialChange": "2021-07-02T10:17:03+0000",
"timestampLastUsernameChange": "2021-07-02T10:17:03+0000"
}
],
"timestampCreated": "2021-07-02T09:47:36+0000",
"timestampLastUpdated": "2021-07-02T10:17:03+0000"
}
]
}
}
post /user/block Block a User Identity
Block a user identity.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | USER_IDENTITY_NOT_ACTIVE - user identity with identifier specified in the request is not in ACTIVE state |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"userIdentityStatus": "BLOCKED"
}
}
post /user/unblock Unblock a User Identity
Unblock a user identity.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | USER_IDENTITY_NOT_BLOCKED - user identity with identifier specified in the request is not in BLOCKED state |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"userIdentityStatus": "ACTIVE"
}
}
post /user/delete Delete a User Identity
Delete a user identity.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"userIdentityStatus": "REMOVED"
}
}
post /user/contact Create a User Contact
Create a user contact.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | USER_CONTACT_ALREADY_EXISTS - user contact already exists |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"contactName": "TEST_CONTACT",
"contactType": "PHONE",
"contactValue": "+420602123456",
"primary": true
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"contactName": "TEST_CONTACT",
"contactType": "PHONE",
"contactValue": "+420602123456",
"primary": true
}
}
get /user/contact List User Contacts
List all user contacts.
This method has a POST /user/contact/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"contacts": [
{
"contactName": "TEST_CONTACT",
"contactType": "PHONE",
"contactValue": "+4201234567",
"primary": false,
"timestampCreated": "2021-07-02T09:47:36+0000",
"timestampLastUpdated": "2021-07-02T11:27:30+0000"
}
]
}
}
put /user/contact Update a User Contact
Update a user contact.
This method has a POST /user/contact/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | USER_CONTACT_NOT_FOUND - user contact was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"contactName": "TEST_CONTACT",
"contactType": "PHONE",
"contactValue": "+420605789651",
"primary": true
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"contactName": "TEST_CONTACT",
"contactType": "PHONE",
"contactValue": "+420605789651",
"primary": true
}
}
post /user/contact/delete Delete a User Contact
Delete a user contact.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | USER_CONTACT_NOT_FOUND - user contact was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "test1234",
"contactName": "TEST_CONTACT",
"contactType": "PHONE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "test1234",
"contactName": "TEST_CONTACT",
"contactType": "PHONE"
}
}
post /user/alias Create a User Alias
Create a user alias.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | USER_ALIAS_ALREADY_EXISTS - user alias already exists |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"aliasName": "TEST_ALIAS",
"aliasValue": "SOME_ALIAS_VALUE",
"extras": {
"key1": "value1"
}
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"aliasName": "TEST_ALIAS",
"aliasValue": "SOME_ALIAS_VALUE",
"extras": {
"key1": "value1"
},
"userAliasStatus": "ACTIVE"
}
}
get /user/alias List User Aliases
List all user aliases.
This method has a POST /user/alias/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"includeRemoved": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"aliases": [
{
"aliasName": "TEST_ALIAS",
"aliasValue": "SOME_ALIAS_VALUE",
"userAliasStatus": "ACTIVE",
"extras": {
"key1": "value1"
},
"timestampCreated": "2021-07-02T11:37:54+0000",
"timestampLastUpdated": null
}
]
}
}
put /user/alias Update a User Alias
Update a user alias.
This method has a POST /user/alias/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | USER_ALIAS_NOT_FOUND - user alias was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"aliasName": "TEST_ALIAS",
"aliasValue": "SOME_ALIAS_VALUE",
"extras": {
"key1": "value"
},
"userAliasStatus": "ACTIVE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"aliasName": "TEST_ALIAS",
"aliasValue": "SOME_ALIAS_VALUE",
"extras": {
"key1": "value"
},
"userAliasStatus": "ACTIVE"
}
}
post /user/alias/delete Delete a User Alias
Delete a user alias.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | USER_ALIAS_NOT_FOUND - user alias was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"aliasName": "TEST_ALIAS"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"aliasName": "TEST_ALIAS",
"userAliasStatus": "REMOVED"
}
}
post /user/role Assign a Role to User Identity
Assign a role to user identity.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | USER_ROLE_ALREADY_ASSIGNED - user role is already assigned |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"roleName": "TEST_ROLE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"roleName": "TEST_ROLE",
"userRoleStatus": "ACTIVE"
}
}
post /user/role/delete Remove a Role from User Identity
Remove a user role from user identity.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | USER_ROLE_NOT_ASSIGNED - user role is not assigned |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"roleName": "TEST_ROLE"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"roleName": "TEST_ROLE",
"userRoleStatus": "REMOVED"
}
}
get /user/credential Get User Credential List
Get user credential list.
This method has a POST /user/credential/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"includeRemoved": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"credentials": [
{
"credentialName": "RETAIL_CREDENTIAL",
"credentialType": "PERMANENT",
"credentialStatus": "ACTIVE",
"username": "test1234",
"credentialChangeRequired": false,
"timestampCreated": "2021-07-02T09:47:36+0000",
"timestampExpires": null,
"timestampBlocked": null,
"timestampLastUpdated": "2021-07-02T11:27:30+0000",
"timestampLastCredentialChange": "2021-07-02T11:27:30+0000",
"timestampLastUsernameChange": "2021-07-02T11:27:30+0000"
}
]
}
}
get /user/authentication Get User Authentication List
Get user credential list.
This method has a POST /user/authentication/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"createdStartDate": "2021-06-24T10:24:09+0000",
"createdEndDate": "2021-07-24T17:24:09+0000"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"authentications": [
{
"authenticationType": "CREDENTIAL",
"credentialName": "RETAIL_CREDENTIAL",
"otpName": null,
"authenticationResult": "FAILED",
"credentialAuthenticationResult": "FAILED",
"otpAuthenticationResult": null,
"timestampCreated": "2021-07-02T11:56:03+0000"
}
]
}
}
Credentials API
post /credential Create a Credential
Create a credential.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | CREDENTIAL_VALIDATION_FAILED - credential validation failed |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"credentialName": "RETAIL_CREDENTIAL",
"credentialType": "PERMANENT",
"username": "username1234",
"credentialValue": null,
"validationMode": "VALIDATE_USERNAME_AND_CREDENTIAL",
"credentialHistory": []
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"credentialName": "RETAIL_CREDENTIAL",
"credentialType": "PERMANENT",
"credentialStatus": "ACTIVE",
"username": "username1234",
"credentialValue": "JeM1vr%GyJFh",
"credentialChangeRequired": false
}
}
put /credential Update a Credential
Update a credential.
This method has a POST /credential/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found |
400 | CREDENTIAL_NOT_FOUND - credential was not found |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | CREDENTIAL_VALIDATION_FAILED - credential validation failed |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"credentialName": "RETAIL_CREDENTIAL",
"credentialType": "PERMANENT",
"username": "username1234",
"credentialValue": "JeM1vr%GyJFh",
"credentialStatus": "ACTIVE",
"timestampExpires": "2021-07-02T13:07:55+0000"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"credentialName": "RETAIL_CREDENTIAL",
"credentialType": "PERMANENT",
"credentialStatus": "ACTIVE",
"username": "username1234",
"credentialChangeRequired": false
}
}
post /credential/validate Validate a Credential
Validate a credential.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"credentialName": "RETAIL_CREDENTIAL",
"username": "user",
"credentialValue": "rrnVHhN2YGw",
"validationMode": "VALIDATE_USERNAME_AND_CREDENTIAL",
"userId": "user1234"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"validationResult": "FAILED",
"validationErrors": [
"USERNAME_TOO_SHORT",
"CREDENTIAL_INSUFFICIENT_SPECIAL"
]
}
}
post /credential/reset Reset a Credential
Reset a credential.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found |
400 | CREDENTIAL_NOT_FOUND - credential was not found |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"credentialName": "RETAIL_CREDENTIAL",
"credentialType": "PERMANENT"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"credentialName": "RETAIL_CREDENTIAL",
"username": "username1234",
"credentialValue": "N4DuitRp:HUx",
"credentialStatus": "ACTIVE"
}
}
post /credential/block Block a Credential
Block a credential.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found |
400 | CREDENTIAL_NOT_FOUND - credential was not found |
400 | CREDENTIAL_NOT_ACTIVE - credential is not in ACTIVE state |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"credentialName": "RETAIL_CREDENTIAL"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"credentialName": "RETAIL_CREDENTIAL",
"credentialStatus": "BLOCKED_PERMANENT"
}
}
post /credential/unblock Unblock a Credential
Block a credential.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found |
400 | CREDENTIAL_NOT_FOUND - credential was not found |
400 | CREDENTIAL_NOT_BLOCKED - credential is not in BLOCKED_PERMANENT or BLOCKED_TEMPORARY state |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"credentialName": "RETAIL_CREDENTIAL"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"credentialName": "RETAIL_CREDENTIAL",
"credentialStatus": "ACTIVE"
}
}
post /credential/delete Delete a Credential
Delete a credential.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found |
400 | CREDENTIAL_NOT_FOUND - credential was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"credentialName": "RETAIL_CREDENTIAL"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"credentialName": "RETAIL_CREDENTIAL",
"credentialStatus": "REMOVED"
}
}
Credential Counters API
put /credential/counter Update a Credential Counter
Update a credential counter.
This method has a POST /credential/counter/update
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity with identifier specified in the request was not found |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found |
400 | CREDENTIAL_NOT_FOUND - credential was not found |
400 | CREDENTIAL_NOT_ACTIVE - credential is not in ACTIVE state |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "user1234",
"credentialName": "RETAIL_CREDENTIAL",
"authenticationResult": "FAILED"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "user1234",
"credentialName": "RETAIL_CREDENTIAL",
"credentialStatus": "ACTIVE"
}
}
post /credential/counter/reset-all Reset All Soft Failed Attempt Counters
Reset all soft failed counters.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"resetMode": "RESET_ACTIVE_AND_BLOCKED_TEMPORARY"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"resetCounterCount": 1
}
}
OTP API
post /otp Create an OTP
Create an OTP.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | OTP_DEFINITION_NOT_FOUND - OTP definition with name specified in the request was not found |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found |
400 | OPERATION_NOT_FOUND - operation was not found |
400 | OTP_GEN_ALGORITHM_NOT_SUPPORTED - OTP generation algorithm is not supported |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | OPERATION_ALREADY_FINISHED - operation is already in DONE state |
400 | OPERATION_ALREADY_FAILED - operation is already in FAILED state |
400 | USER_IDENTITY_NOT_ACTIVE - user identity is not active |
400 | CREDENTIAL_NOT_FOUND - credential was not found |
400 | CREDENTIAL_NOT_ACTIVE - credential is not in ACTIVE state |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "test1234",
"otpName": "RETAIL_OTP",
"credentialName": "RETAIL_CREDENTIAL",
"otpData": "TEST_DATA",
"operationId": null
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"otpName": "RETAIL_OTP",
"userId": "test1234",
"otpId": "b498adb3-84aa-4235-8ffb-d8e9daa54145",
"otpValue": "85092023",
"otpStatus": "ACTIVE"
}
}
post /otp/send Create And Send an OTP
Create and send an OTP via Data Adapter.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | OTP_DEFINITION_NOT_FOUND - OTP definition with name specified in the request was not found |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition with name specified in the request was not found |
400 | OPERATION_NOT_FOUND - operation was not found |
400 | OTP_GEN_ALGORITHM_NOT_SUPPORTED - OTP generation algorithm is not supported |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | OPERATION_ALREADY_FINISHED - operation is already in DONE state |
400 | OPERATION_ALREADY_FAILED - operation is already in FAILED state |
400 | USER_IDENTITY_NOT_ACTIVE - user identity is not active |
400 | CREDENTIAL_NOT_FOUND - credential was not found |
400 | CREDENTIAL_NOT_ACTIVE - credential is not in ACTIVE state |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "test1234",
"otpName": "RETAIL_OTP",
"credentialName": "RETAIL_CREDENTIAL",
"otpData": "TEST_DATA",
"operationId": null,
"language": "en"
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"otpName": "RETAIL_OTP",
"userId": "test1234",
"otpId": "b498adb3-84aa-4235-8ffb-d8e9daa54145",
"otpStatus": "ACTIVE",
"delivered": true,
"errorMessage": null
}
}
get /otp Get OTP list
Get OTP list for an operation.
This method has a POST /otp/list
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | OPERATION_NOT_FOUND - operation was not found |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"operationId": "login_1234567",
"includeRemoved": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"operationId": "login_1234567",
"otpDetails": [
{
"otpName": "RETAIL_OTP",
"userId": "user1234",
"otpId": "6bc3c99a-63fb-446a-a187-4c6a0bf0a63a",
"operationId": "login_1234567",
"otpData": "TEST_DATA",
"otpValue": "82310309",
"credentialName": "RETAIL_CREDENTIAL",
"attemptCounter": 0,
"failedAttemptCounter": 0,
"remainingAttempts": 3,
"otpStatus": "ACTIVE",
"timestampCreated": "2021-07-02T13:02:55+0000",
"timestampVerified": null,
"timestampBlocked": null,
"timestampExpires": "2021-07-02T13:07:55+0000"
}
]
}
}
get /otp/detail Get OTP detail
Get OTP detail.
This method has a POST /otp/detail
alternative.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | OTP_NOT_FOUND - OTP with identifier specified in the request was not found |
400 | OPERATION_NOT_FOUND - operation was not found |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"otpId": "6bc3c99a-63fb-446a-a187-4c6a0bf0a63a",
"operationId": null
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"operationId": null,
"otpDetail": {
"otpName": "RETAIL_OTP",
"userId": "user1234",
"otpId": "6bc3c99a-63fb-446a-a187-4c6a0bf0a63a",
"operationId": "login_1234567",
"otpData": "TEST_DATA",
"otpValue": "82310309",
"credentialName": "RETAIL_CREDENTIAL",
"attemptCounter": 0,
"failedAttemptCounter": 0,
"remainingAttempts": 3,
"otpStatus": "ACTIVE",
"timestampCreated": "2021-07-02T13:02:55+0000",
"timestampVerified": null,
"timestampBlocked": null,
"timestampExpires": "2021-07-02T13:07:55+0000"
}
}
}
post /otp/delete Delete an OTP.
Delete an OTP.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | OTP_NOT_FOUND - OTP with identifier specified in the request was not found |
400 | OPERATION_NOT_FOUND - operation was not found |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"otpId": "6bc3c99a-63fb-446a-a187-4c6a0bf0a63a",
"operationId": null
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"otpId": "6bc3c99a-63fb-446a-a187-4c6a0bf0a63a",
"operationId": "login_1234567",
"otpStatus": "REMOVED"
}
}
Authentication API
post /auth/otp Authenticate Using an OTP
Authenticate using a one time password.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | AUTH_METHOD_NOT_FOUND - authentication method was not found |
400 | OPERATION_ALREADY_FINISHED - operation is already in DONE state |
400 | OPERATION_ALREADY_FAILED - operation is already in FAILED state |
400 | OPERATION_ALREADY_CANCELED - operation is already in FAILED/CANCELED state |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | CREDENTIAL_NOT_FOUND - credential was not found |
400 | OPERATION_NOT_FOUND - operation was not found |
400 | OTP_NOT_FOUND - OTP with identifier specified in the request was not found |
400 | OPERATION_NOT_VALID - operation is not valid |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"otpId": "b498adb3-84aa-4235-8ffb-d8e9daa54145",
"operationId": null,
"otpValue": "37325969",
"authMethod": null,
"updateOperation": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "test1234",
"userIdentityStatus": "ACTIVE",
"credentialStatus": "ACTIVE",
"timestampBlocked": null,
"otpStatus": "ACTIVE",
"authenticationResult": "FAILED",
"remainingAttempts": 2,
"showRemainingAttempts": false,
"errorMessage": null,
"operationFailed": false
}
}
post /auth/credential Authenticate Using a Credential
Authenticate using a credential.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity was not found |
400 | AUTH_METHOD_NOT_FOUND - authentication method was not found |
400 | OPERATION_ALREADY_FINISHED - operation is already in DONE state |
400 | OPERATION_ALREADY_FAILED - operation is already in FAILED state |
400 | OPERATION_ALREADY_CANCELED - operation is already in FAILED/CANCELED state |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | OPERATION_NOT_FOUND - operation was not found |
400 | CREDENTIAL_NOT_FOUND - credential was not found |
400 | CREDENTIAL_DEFINITION_NOT_FOUND - credential definition was not found |
400 | OPERATION_NOT_VALID - operation is not valid |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"credentialName": "RETAIL_CREDENTIAL",
"userId": "test1234",
"credentialValue": "OTuGEsf<n8Ue",
"authenticationMode": "MATCH_EXACT",
"credentialPositionsToVerify": [],
"operationId": null,
"authMethod": null,
"updateOperation": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "test1234",
"userIdentityStatus": "ACTIVE",
"timestampBlocked": null,
"credentialStatus": "ACTIVE",
"credentialChangeRequired": false,
"authenticationResult": "FAILED",
"remainingAttempts": 2,
"showRemainingAttempts": false,
"errorMessage": null,
"operationFailed": false
}
}
post /auth/combined Authenticate Using a Credential and OTP
Authenticate using a credential and one time password.
The list of expected status codes:
Code | Description |
---|---|
200 | OK response - request succeeded |
400 | REQUEST_VALIDATION_FAILED - request validation failed |
400 | INVALID_REQUEST - invalid request received |
400 | USER_IDENTITY_NOT_FOUND - user identity was not found |
400 | AUTH_METHOD_NOT_FOUND - authentication method was not found |
400 | OPERATION_ALREADY_FINISHED - operation is already in DONE state |
400 | OPERATION_ALREADY_FAILED - operation is already in FAILED state |
400 | OPERATION_ALREADY_CANCELED - operation is already in FAILED/CANCELED state |
400 | INVALID_CONFIGURATION - Next Step configuration is invalid |
400 | CREDENTIAL_NOT_FOUND - credential was not found |
400 | OPERATION_NOT_FOUND - operation was not found |
400 | OTP_NOT_FOUND - OTP with identifier specified in the request was not found |
400 | OPERATION_NOT_VALID - operation is not valid |
400 | ENCRYPTION_FAILED - encryption failed |
500 | Server error - unexpected error occurred |
Request
- Headers:
Content-Type: application/json
{
"requestObject": {
"userId": "test1234",
"credentialValue": ")wOI6ijUkwYI",
"authenticationMode": "MATCH_EXACT",
"credentialPositionsToVerify": [],
"otpId": "b498adb3-84aa-4235-8ffb-d8e9daa54145",
"operationId": null,
"otpValue": "29092692",
"authMethod": null,
"updateOperation": false
}
}
Response
- Headers:
Content-Type: application/json
{
"status": "OK",
"responseObject": {
"userId": "test1234",
"userIdentityStatus": "ACTIVE",
"timestampBlocked": null,
"credentialStatus": "ACTIVE",
"credentialChangeRequired": false,
"otpStatus": "ACTIVE",
"authenticationResult": "FAILED",
"credentialAuthenticationResult": "FAILED",
"otpAuthenticationResult": "FAILED",
"remainingAttempts": 1,
"showRemainingAttempts": false,
"errorMessage": null,
"operationFailed": false
}
}