PowerAuth Cloud Single-Device API Reference

When deploying the single-device version of the PowerAuth Cloud API, only one device is allowed per a particular user. This setup is handy in the case mobile token is the primary use-case for you, because the API calls are extremely comprehensive and as a result, the integration is very straight-forward.

The PowerAuth Cloud Single-Device API consists of two major API resource groups:

  • The Registration Services handle use-cases related to the user device registration, such as enrolling a new device, blocking the registration, or permanent registration removal.
  • The Services for Operations are responsible for creating operations, such as login requests or payment approvals, and for managing the operation state.

This documentation covers both the general principles of PowerAuth Cloud Single-Device API, as well as specific services in each API category.

Content Type

All services expect to work with the JSON request and response. Use the following header when calling the services:

Content-Type: application/json

Error Handling

In the case of an error, all endpoints will return the response in the following base format:

{
  "status": "ERROR",
  "responseObject": {
    "code": "${ERROR_CODE}",
    "message": "${ERROR_MESSAGE}"
  }
}
Attribute Type Description
status* String Always the ERROR string.
responseObject.code* String Error code.
responseObject.message* String Error message with more info about the issue.

Failing the Basic Request Validation

If request validation fails on the syntactic level, the service will return 400 Bad Request response with the following extended structure:

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_REQUEST",
    "message": "Required Long parameter 'timestampFrom' is invalid",
    "violations": [
      {
        "fieldName": "getAuditLog.timestampFrom",
        "invalidValue": -1000,
        "hint": "must be greater than or equal to 0"
      }
    ]
  }
}
Attribute Type Description
status* String Always the ERROR string.
responseObject.code* String Error code, always the value ERROR_REQUEST.
responseObject.message* String Information about the violation.
responseObject.violations Object[] Information about the specific fields that were invalid.
responseObject.violations[].fieldName* String Field name.
responseObject.violations[].invalidValue* - The invalid value that was provided.
responseObject.violations[].hint* String Hint on why the validation failed.

Possible Error Codes

The API may return one of the following error codes:

HTTP Error Code Description
400 ERROR_REGISTRATION Registration related error occurred.
400 ERROR_REGISTRATION_NOT_FOUND Registration was not found during a call where registration is expected.
400 ERROR_REGISTRATION_CHANGE Invalid registration change was attempted.
400 ERROR_OPERATION_NOT_FOUND Operation was not found during a call where operation is expected.
400 ERROR_OPERATION_STATE_CHANGE Invalid operation change was attempted.
400 ERROR_OTP_INVALID Offline certification - OTP code does not match expected value.
400 ERROR_AUDIT Error occurred while fetching the audit log.
400 ERROR_REQUEST Request did not pass validation (mandatory property missing, null/invalid value).
401 ERROR_UNAUTHORIZED Returned in the case authentication fails (invalid application credentials).
404 ERROR_NOT_FOUND Returned in the case URL is not present (calling wrong API).
500 ERROR_GENERIC Unknown error occurred while processing request.
500 ERROR_INTERNAL_API Communication with internal service failed.

Security

All services are protected by the Basic HTTP authentication. Failure to provide correct username or password will result in the 401 Unauthorized error with the following response body:

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Registration Services

To bind mobile device with a particular user ID, user needs to create registration. Registration is created via an “activation code”. After the user scans the code, the registration needs to be committed. At any point, you can obtain the registration status for a user with given ID.

post /registration Create New Registration

Initiate a new registration for provided user ID. The service returns a fully prepared content for the registration QR code - you can simply grab the response and encode it using your preferred QR code generator library.

If you want to allow manual code entry as well in your app, you can split the activationQrCodeData by the # character and use the first part of the split. The part after the # is a data signature that helps the mobile device recognize an authentic QR code data while scanning the code.

Request

{
  "userId": "$USER_ID"
}
Attribute Type Description
userId* String ID of a user for whom to create new registration.

Response

During successful registration, the API will return the activation code data. You can map the activationQrCodeData attribute in the response directly to the QR code data.

{
  "activationQrCodeData": "23456-DEFGH-77777-77777#MEUCIDFFx60vcqDcqRY014uE+5CH38lJ/NOVNoaGHWpE+7fVAiEA8LsWi9AvRJPwRnlSSOB3O080mXd6YbRt74DLQqrrLlg="
}
Attribute Type Description
activationQrCodeData* String String for the activation QR code.

Registration failed due to a business logic problem.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_REGISTRATION",
    "message": "Registration already exists"
  }
}

Possible error states are:

  • ERROR_REGISTRATION - When registration already exists.
  • ERROR_REGISTRATION_NOT_FOUND - When user does not have access to the registrations.
  • ERROR_REQUEST - Request did not pass a structural validation (mandatory field is null, invalid field type, etc.).

Invalid username or password was provided while calling the service.

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Error occurred while calling the internal service. This can happen only as a result of misconfiguration. Check your deployment configuration for errors.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_INTERNAL_API",
    "message": "Unable to call upstream service"
  }
}

post /registration/commit Commit New Registration

Commit the new registration after the mobile device exchanged the data with the server-side in order to make the registration active.

Only registrations that are in the PENDING_COMMIT state can be committed. Check the registration status by calling GET /registration before the commit.

Request

{
  "userId": "$USER_ID",
  "externalUserId": "$EXTERNAL_USER_ID"
}
Attribute Type Description
userId* String ID of a user for whom to commit the registration
externalUserId String ID of an external user who initiated this action (i.e., a call center operator or admin)

Response

{
  "status": "OK"
}
Attribute Type Description
status* String Fixed value OK.

Registration commit failed due to a business logic problem.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_REGISTRATION_NOT_FOUND",
    "message": "No registration found that can be committed"
  }
}

Possible error states are:

  • ERROR_REGISTRATION_NOT_FOUND - When registration in the PENDING_COMMIT state does not exist for given user and application or user does not have access to the registration.
  • ERROR_REQUEST - Request did not pass a structural validation (mandatory field is null, invalid field type, etc.)

Invalid username or password was provided while calling the service.

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Error occurred while calling the internal service. This can happen only as a result of misconfiguration. Check your deployment configuration for errors.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_INTERNAL_API",
    "message": "Unable to call upstream service"
  }
}

get /registration Get Registration Status

Get the registration status for a given user.

Request

Query Params
Param Type Description
userId* String ID of a user for whom to get the registration status.

Response

The response body attributes depend on the registration status. There are four possible response structures:

  • No Registration
  • Created Registration
  • Pending Commit Registration
  • Active Registration
No Registration

There is no registration for a given user, or a previously existing registration was removed.

{
  "registration": "NONE"
}
Attribute Type Description
registration* String Fixed value NONE.
Created Registration

The registration was just created, no other activity occurred. The expected step at this stage is exchange between mobile authenticator and server-side components. This step is initiated by scanning the activation QR code with a mobile app.

{
  "registration": "CREATED",
  "activationQrCodeData": "NTF5I-R3KHV-SZN6E-ISYBA#MEYCIQC99lzXIlz3V3nLFBz1MyN0EV6y7IZDdheI14BetT/J5QIhAJReYRX8GKQYm1YzExJatYUBLHJgvhCLnjYeltVYDr1a"
}
Attribute Type Description
registration* String Fixed value CREATED.
activationQrCodeData* String String for the activation QR code.
Pending Commit Registration

The exchange between mobile authenticator and server-side components is completed and activation is ready to be committed, which makes it usable for operation approval. In this state, the activation fingerprint contains the value representing exchanged cryptographic material. You can show the value in both mobile app and web interface to let user check that the exchange completed successfully.

{
  "registration": "PENDING_COMMIT",
  "name": "iPhone",
  "platform": "ios",
  "deviceInfo": "iPhone10,6",
  "activationFingerprint": "52649917"
}
Attribute Type Description
registration* String Fixed value PENDING_COMMIT.
name* String Name of the registration, usually a device name.
platform* String Platform of the mobile client, ios or android.
deviceInfo* String Information about the device model, i.e. iPhone10,6
activationFingerprint* String Numerical value representing the exchanged data. You may show this value in the web interface to allow user check that the same value is displayed on the mobile device and hence exchange was completed successfully.
Active Registration

The registration is active and it can be used to approve operations.

{
  "registration": "ACTIVE",
  "name": "iPhone",
  "platform": "ios",
  "deviceInfo": "iPhone10,6"
}
Attribute Type Description
registration* String Fixed value ACTIVE.
name* String Name of the registration, usually a device name.
platform* String Platform of the mobile client, ios or android.
deviceInfo* String Information about the device model, i.e. iPhone10,6
Blocked Registration

The registration is blocked, either because of too many failed attempts to authenticate, or because it was actively blocked by the user, admin, call center, or any other similar mechanism. The blocked registration cannot be used to approve operations, it has to be unblocked first, or the user needs to re-activate the device.

{
  "registration": "BLOCKED",
  "name": "iPhone",
  "platform": "ios",
  "deviceInfo": "iPhone10,6"
}
Attribute Type Description
registration* String Fixed value BLOCKED.
name* String Name of the registration, usually a device name.
platform* String Platform of the mobile client, ios or android.
deviceInfo* String Information about the device model, i.e. iPhone10,6

Request validation failed.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_REQUEST",
    "message": "Required String parameter 'userId' is not present"
  }
}
  • ERROR_REQUEST - Request did not pass a structural validation (mandatory field is null, invalid field type, etc.)

Invalid username or password was provided while calling the service.

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Error occurred while calling the internal service. This can happen only as a result of misconfiguration. Check your deployment configuration for errors.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_INTERNAL_API",
    "message": "Unable to call upstream service"
  }
}

put /registration Edit Registration Status

Edit the registration status, for example: block, unblock or delete registration. The method checks if the particular change is allowed for the current registration status.

The following actions are allowed for particular registration states:

  • CREATED => REMOVE
  • PENDING_COMMIT => REMOVE
  • ACTIVE => BLOCK, REMOVE
  • BLOCKED => UNBLOCK, REMOVE

Request

{
  "userId": "$USER_ID",
  "change": "$CHANGE",
  "externalUserId": "$EXTERNAL_USER_ID",
  "blockReason": "$BLOCK_REASON"
}
Attribute Type Description
userId* String ID of a user for whom to change the registration status
change* String Type of the requested change.
externalUserId String ID of an external user who created this change, i.e., admin or call center operator.
blockReason String Reason for blocking the activation.

Possible changes are:

  • BLOCK - Block the active registration.
  • UNBLOCK - Unblock the blocked registration.
  • REMOVE - Remove the registration, can be called in any registration state.

Response

{
  "status": "OK"
}
Attribute Type Description
status* String Fixed value OK.

Registration status change failed due to a business logic problem.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_REGISTRATION_CHANGE",
    "message": "Activation is BLOCKED, you can only UNBLOCK or REMOVE it."
  }
}
{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_REGISTRATION_NOT_FOUND",
    "message": "No registration found to change state"
  }
}

Possible error states are:

  • ERROR_REGISTRATION_NOT_FOUND - No registration is found for provided user or user does not have access to the registration.
  • ERROR_REGISTRATION_CHANGE - The requested change cannot be performed due to invalid initial state.

Invalid username or password was provided while calling the service.

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Error occurred while calling the internal service. This can happen only as a result of misconfiguration. Check your deployment configuration for errors.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_INTERNAL_API",
    "message": "Unable to call upstream service"
  }
}

delete /registration Remove Registration

Remove the registration.

Request

Query Params
Param Type Description
userId* String ID of a user for whom to remove the registration.

Response

{
  "status": "OK"
}
Attribute Type Description
status* String Fixed value OK.

Registration removal failed due to a business logic problem.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_REGISTRATION_NOT_FOUND",
    "message": "No registration found to change state"
  }
}

Possible error states are:

  • ERROR_REGISTRATION_NOT_FOUND - No registration is found for provided user or user does not have access to the registration.

Invalid username or password was provided while calling the service.

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Error occurred while calling the internal service. This can happen only as a result of misconfiguration. Check your deployment configuration for errors.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_INTERNAL_API",
    "message": "Unable to call upstream service"
  }
}

Services for Operations

Mobile token API is based on the concept of an “operation”. Operation is an activity that user needs to review and either approve or reject via the mobile token app. Each operation has a unique “operation ID” that can be used to obtain information about that particular operation and poll for the operation status.

Operations are created based on a “template” (registered in the system) that is filled with specific parameters. Template represents a type of an operation, parameters assign the particular operation properties. This way, you can create an operation, for example, for a payment (payment template, to initiate authorize_payment operation type) with a particular amount (passed in the parameters.amount and parameters.currency field).

post /operations Create New Operation

Create a new operation to be approved.

Request

{
  "userId": "$USER_ID",
  "template": "$TEMPLATE",
  "language": "en",
  "externalId": "op_123",
  "parameters": {
    "param1": "$PARAM1",
    "param2": "$PARAM2",
    "param3": "$PARAM3"
  }
}
Attribute Type Description
userId* String ID of a user for whom to create a new operation.
template* String Template to use for the particular operation.
language char[2] Language code to be used for this operation. Default: en
externalId String ID of the operation in some external system, for example, an ID of the transaction.
parameters Map<String, String> Parameters of the particular operation. The keys used in the map depend on the specific operation template, there is no limitation on the count. However, we recommend using reasonable amount (i.e., up-to 5) of parameters.

Response

{
  "operationId": "$OPERATION_ID",
  "userId": "$USER_ID",
  "status": "PENDING",
  "operationType": "$OPERATION_TYPE",
  "parameters": {
    "param1": "$PARAM1",
    "param2": "$PARAM2",
    "param3": "$PARAM3"
  },
  "failureCount": 0,
  "maxFailureCount": 5,
  "timestampCreated": 1617787702781,
  "timestampExpires": 1617788002781
}
Attribute Type Description
operationId* UUID ID of the just created operation.
userId* String ID of the user who created the operation.
status* String For just created operation, PENDING value is always returned. See operation states in GET /operations.
operationType* String The operation type, created according to provided template.
parameters Map<String, String> Parameters used while creating the operation.
failureCount* Long How many failed approval attempts user made (always 0 for a newly created operation).
maxFailureCount* Long How many failed approval attempts are allowed for this operation.
timestampCreated* Long Unix timestamp in milliseconds, represents when the operation was created.
timestampExpires* Long Unix timestamp in milliseconds, represents when the operation will expire.

Operation could not be created due to a business logic problem.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_REGISTRATION_NOT_FOUND",
    "message": "Registration for the requested user not found"
  }
}

Possible error states are:

  • ERROR_REGISTRATION_NOT_FOUND - No registration is found for provided user or user does not have access to the registration.

Invalid username or password was provided while calling the service.

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Error occurred while calling the internal service. This can happen only as a result of misconfiguration. Check your deployment configuration for errors.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_INTERNAL_API",
    "message": "Unable to call upstream service"
  }
}

get /operations Get Operation Status

Get the status of the operation by operation ID.

Request

Query Params
Param Type Description
operationId UUID ID of an operation to obtain status for.

Response

{
  "operationId": "$OPERATION_ID",
  "userId": "$USER_ID",
  "status": "PENDING",
  "operationType": "$OPERATION_TYPE",
  "parameters": {
    "param1": "$PARAM1",
    "param2": "$PARAM2",
    "param3": "$PARAM3"
  },
  "failureCount": 0,
  "maxFailureCount": 5,
  "timestampCreated": 1617787702781,
  "timestampExpires": 1617788002781
}
Attribute Type Description
operationId* UUID ID of the just created operation.
userId* String ID of the user who created the operation.
status* String For just created operation, “PENDING” value is always returned. See operation states in GET /operations.
operationType* String The operation type, created according to provided template.
parameters Map<String, String> Parameters used while creating the operation.
failureCount* Long How many failed approval attempts user made.
maxFailureCount* Long How many failed approval attempts are allowed for this operation.
timestampCreated* Long Unix timestamp in milliseconds, represents when the operation was created.
timestampExpires* Long Unix timestamp in milliseconds, represents when the operation will expire.

The possible operation states are:

  • PENDING - Operation is active, waiting for the user’s action.
  • CANCELED - The operation was cancelled, for example, by clicking the “Cancel” button in the web interface.
  • EXPIRED - The operation expired.
  • APPROVED - The operation was approved by the user.
  • REJECTED - The operation was rejected by the user.
  • FAILED - The operation approval failed due to too many failed approval attempts.

Operation status could not be obtained due to a business logic problem.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_OPERATION_NOT_FOUND",
    "message": "Operation with given ID was not found"
  }
}

Possible error states are:

  • ERROR_REGISTRATION_NOT_FOUND - User does not have access to the registration.
  • ERROR_OPERATION_NOT_FOUND - Operation with provided ID was not found.

Invalid username or password was provided while calling the service.

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Error occurred while calling the internal service. This can happen only as a result of misconfiguration. Check your deployment configuration for errors.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_INTERNAL_API",
    "message": "Unable to call upstream service"
  }
}

delete /operations Cancel Operation

Delete the pending operation. The call checks the status of the operation and returns error in the case operation cannot be canceled (i.e., operation already expired).

Request

Query Params
Param Type Description
operationId* UUID ID of an operation to cancel.

Response

{
  "status": "OK"
}
Attribute Type Description
status* String Fixed value OK.

Operation could not be canceled due to a business logic problem.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_OPERATION_NOT_FOUND",
    "message": "Operation with given ID was not found"
  }
}
{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_OPERATION_STATE_CHANGE",
    "message": "Operation is in invalid state for requested action"
  }
}

Possible error states are:

  • ERROR_REGISTRATION_NOT_FOUND - User does not have access to the registration.
  • ERROR_OPERATION_NOT_FOUND - Operation with provided ID was not found.
  • ERROR_OPERATION_STATE_CHANGE - Operation state does not allow canceling, i.e., operation already expired.

Invalid username or password was provided while calling the service.

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Error occurred while calling the internal service. This can happen only as a result of misconfiguration. Check your deployment configuration for errors.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_INTERNAL_API",
    "message": "Unable to call upstream service"
  }
}

get /operations/offline/qr Get Operation QR Code

Get the QR code for an offline approval of the particular operation. The user scans the QR code with the mobile device, computes the OTP which is then validated via POST /operations/offline/otp call. The call also returns the nonce value, which is required during the OTP code verification later.

Tip: Store the nonce value in the hidden form field on the page, next to the generated QR code and text field for the OTP input.

Request

Query Params
Param Type Description
operationId* UUID ID of an operation to obtain QR code for.

Response

{
  "operationQrCodeData": "b67a77d6-8308-4ffd-b6e0-9f42f36a41a7\nApprove Login\nPlease confirm the login request.\nA2\nB\n7YLYRMvRIX0GZD94/oGPjg==\n1MEQCIDh0mCFv9uKdE7Gec+dE4WRfwDLpMltCy4hSMqMo1FwxAiAJwmzrMa6QsWeFoZEvQgRZeBd6v7e4vVw84w2bsvT7+Q==",
  "nonce": "7YLYRMvRIX0GZD94/oGPjg=="
}
Attribute Type Description
operationQrCodeData* String Contents of the QR code to be scanned by the mobile token app.
nonce* String Cryptographic nonce, used during the OTP verification.

Operation QR code for offline approvals could not be created due to business logic error.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_OPERATION_NOT_FOUND",
    "message": "Operation with given ID was not found"
  }
}
{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_OPERATION_STATE_CHANGE",
    "message": "Operation is in invalid state for requested action"
  }
}

Possible error states are:

  • ERROR_REGISTRATION_NOT_FOUND - Registration does not exist, it is not active or user does not have access to the registration.
  • ERROR_OPERATION_NOT_FOUND - Operation with provided ID was not found.
  • ERROR_OPERATION_STATE_CHANGE - Operation state does not allow canceling, i.e., operation already expired.

Invalid username or password was provided while calling the service.

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Error occurred while calling the internal service. This can happen only as a result of misconfiguration. Check your deployment configuration for errors.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_INTERNAL_API",
    "message": "Unable to call upstream service"
  }
}

post /operations/offline/otp Verify Operation OTP

Verify operation OTP for offline operation approval. After the user scans the QR code with operation data, the mobile authenticator prompts the user for an authentication and calculates the OTP code. The user then rewrites the OTP in the web browser, into a form that stores operation ID and nonce values.

Tip: The OTP code is accepted in the “credit card number” format of 4x4 digits separated by a dash (9301-7407-1055-2502), as well as 2x8 digits separated by a dash ( 93017407-10552502), or simply as 16 digits (9301740710552502).

Request

{
  "operationId": "$OPERATION_ID",
  "otp": "$OTP",
  "nonce": "$NONCE"
}
Attribute Type Description
operationId* UUID ID of an operation to validate OTP for.
otp* String OTP value as entered by the user.
nonce* String Cryptographic nonce obtained while creating the QR code.

Response

{
  "status": "OK"
}
Attribute Type Description
status String Fixed value OK.

Operation OTP code verification for offline approvals failed due to a business logic problem.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_OTP_INVALID",
    "message": "Offline approval failed due to invalid OTP"
  }
}
{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_OPERATION_NOT_FOUND",
    "message": "Operation with given ID was not found"
  }
}
{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_OPERATION_STATE_CHANGE",
    "message": "Operation is in invalid state for requested action"
  }
}

Possible error states are:

  • ERROR_OTP_INVALID - OTP verification failed due to invalid OTP value.
  • ERROR_REGISTRATION_NOT_FOUND - User does not have access to the registration.
  • ERROR_OPERATION_NOT_FOUND - Operation with provided ID was not found.
  • ERROR_OPERATION_STATE_CHANGE - Operation state does not allow canceling, i.e., operation already expired.

Invalid username or password was provided while calling the service.

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Error occurred while calling the internal service. This can happen only as a result of misconfiguration. Check your deployment configuration for errors.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_INTERNAL_API",
    "message": "Unable to call upstream service"
  }
}

Auditing Services

get /audit/log Get Audit Log

The functionality of the audit log is currently experimental and may change in the future. Any information required for detailed examination of a particular situation can be found in system logs or application database.

Get the event log for auditing purposes.

Request

Query Params
Param Type Description
userId* String ID of user to fetch the audit logs for.
timestampFrom Long Unix timestamp in milliseconds from which to obtain the log (the date more in the past), default: 30 days ago.
timestampTo Long Unix timestamp in milliseconds to which to obtain the log (the date more in the past), default: now.

Response

{
  "items": [
    {
      "activationId": "6cf201c0-a410-4dd1-96a6-c859ccb060f5",
      "eventType": "signature_ok",
      "eventData": "POST\n/operation/cancel\n{\"requestObject\":{\"id\":\"82b98a73-5402-4f08-98a2-78b75015dafd\",\"reason\":\"UNKNOWN\"}}",
      "timestamp": 1617787708677
    },
    {
      "activationId": "6cf201c0-a410-4dd1-96a6-c859ccb060f5",
      "eventType": "signature_ok",
      "eventData": "POST\n/operation/authorize\n{\"requestObject\":{\"id\":\"600eac37-3e1f-4c95-9458-fabc45d75f20\",\"data\":\"A1*A1000.23EUR*ICZ3855000000003643174999\"}}",
      "timestamp": 1617173535559
    }
  ]
}
Attribute Type Description
items* Object[] Items of the audit log.
items[].activationId* String ID of the device / registration.
items[].eventType* String Type of the event.
items[].eventData* String Additional information about the event.
items[].timestamp* String Event unix timestamp in milliseconds.

Fetching the audit log failed due to a business logic problem.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_AUDIT",
    "message": "Unable to obtain an audit log information."
  }
}

Possible error states are:

  • ERROR_AUDIT - When an error occurred that prevents fetching the audit log, i.e., invalid dates on input or user ID that does not exist.

Invalid username or password was provided while calling the service.

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Error occurred while calling the internal service. This can happen only as a result of misconfiguration. Check your deployment configuration for errors.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_INTERNAL_API",
    "message": "Unable to call upstream service"
  }
}

Internal Services

Internal callbacks are not supposed to be directly called by the app developer. They are intended for internal systems, as a means to notify the cloud component about various internal changes.

post /internal/callback/operation Operation Callback

Operation status changed internally, i.e., operation expired.

Request

{
  "operationId": "$OPERATION_ID"
}
Attribute Type Description
operationId* UUID ID of an operation check the status on callback in order to obtain the current status.

Response

{
  "status": "OK"
}
Attribute Type Description
status* String Fixed value OK.

Request validation failed.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_REQUEST",
    "message": "Required String parameter 'userId' is not present"
  }
}
  • ERROR_REQUEST - Request did not pass a structural validation (mandatory field is null, invalid field type, etc.)

Invalid username or password was provided while calling the service.

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Error occurred while calling the internal service. This can happen only as a result of misconfiguration. Check your deployment configuration for errors.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_INTERNAL_API",
    "message": "Unable to call upstream service"
  }
}

Application Services

post /admin/application Create Application

Create a new app with provided ID.

Request

{
    "id": "MY_APP_01"
}

Response

{
  "serviceBaseUrl": "https://api.example.com/",
  "masterServerPublicKey": "MIIB...==",
  "appKey": "b34...==",
  "appSecret": "aef...=="
}
Attribute Type Description
status* String Fixed value OK.
responseObject.serviceBaseUrl* URL Base URL of the PowerAuth Standard RESTful API.
responseObject.masterServerPublicKey* String Master Server Public Key (value for the mobile app configuration).
responseObject.appKey* String App Key (value for the mobile app configuration).
responseObject.appSecret* String App Secret (value for the mobile app configuration).

Unable to return registration because of the invalid application name or version.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_ADMIN",
    "message": "No registration found that can be committed"
  }
}

Invalid username or password was provided while calling the service.

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Error occurred while calling the internal service. This can happen only as a result of misconfiguration. Check your deployment configuration for errors.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_INTERNAL_API",
    "message": "Unable to call upstream service"
  }
}

get /admin/application Get App Details

Obtain the configuration for an app with provided ID.

Request

Query Param
Param Type Description
id* String ID of an app.
version String Specific version name.

Response

{
  "serviceBaseUrl": "https://api.example.com/",
  "masterServerPublicKey": "MIIB...==",
  "appKey": "b34...==",
  "appSecret": "aef...=="
}
Attribute Type Description
status* String Fixed value OK.
responseObject.serviceBaseUrl* URL Base URL of the PowerAuth Standard RESTful API.
responseObject.masterServerPublicKey* String Master Server Public Key (value for the mobile app configuration).
responseObject.appKey* String App Key (value for the mobile app configuration).
responseObject.appSecret* String App Secret (value for the mobile app configuration).

Unable to return registration because of the invalid application name or version.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_ADMIN",
    "message": "No registration found that can be committed"
  }
}

Invalid username or password was provided while calling the service.

{
  "status": "ERROR",
  "responseObject": {
    "code": "HTTP_401",
    "message": "Unauthorized"
  }
}

Error occurred while calling the internal service. This can happen only as a result of misconfiguration. Check your deployment configuration for errors.

{
  "status": "ERROR",
  "responseObject": {
    "code": "ERROR_INTERNAL_API",
    "message": "Unable to call upstream service"
  }
}
Last updated on Apr 19, 2022 (19:14) View product
Search

2022.04

Mobile Token

PowerAuth Cloud