Authentication Codes
If you need to authenticate user against your system, our solution offers tools to sign HTTP request on mobile device using our SDK and validate it on your backend system using provided REST API.
The process works in the following steps:
- Mobile app uses PowerAuth Mobile SDK to compute authorization header for the HTTP call to your custom API endpoint
- Custom API endpoint receives the authorization header and validates the request against our Authentication Code API
- If the validation succeeds, your endpoint can accept request and perform desired business operation
This process can be applied on any communication between the mobile device and the server that has to be protected by multiple factors. However, it is the original and the most straight forward way to implement login in a mobile app.
Computing Authentication Code
Authentication Code is generated on mobile device using our PowerAuth Mobile SDK. It is signature generated from HTTP request.
- Uniform Resource Identifier (URI)
- Uniform Resource Name (URN)
- HTTP Method
- HTTP Request Body
The SDK will produce HTTP header that has to be included in the HTTP request to your custom endpoint.
You can choose which factors, either PIN or Biometry, will be used to generate authentication code.
Verifying Authentication
On the server side, you need to extract HTTP header from the request, and obtain a raw (unmodified!) HTTP request body and verify it against our Authentication Code API.
If you get positive result, you can continue with your business logic.
Signing other data
The SDK provides method to sign any data, it doesn’t have to be HTTP request.
See more in the section Data Signing.