Access

Manage authentication for your users.

Login with password

Authenticate a user with the email and password that they provided when registering.

Given that the user credentials are correct, this returns a token that can then be used to authorise other secured operations. In case the password is expired, a temporary token is returned, which can be used solely for updating the password.

The token returned is valid for 5 minutes from last activity.

Securityapi_key

Request

Request Body schema: application/json

email required	string <email> (Email) E-mail Address of the user
required	object (SensitivePassword) The user's password or passcode used to log in a user. Passwords must be: between 8 and 30 characters include a lowercase character include an uppercase character include a digit and a special character different from any of the 5 last such passwords used. For non-PCI compliant integrations, the password submitted must be tokenised.

Responses

200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

The authentication credentials are not found or are incorrect.

409

The user's password has expired. Use the returned temporary token to update their password via the '/passwords/update' endpoint.

423

Locked - Account is temporarily locked due to failed consecutive login attempts. Try again in 30 minutes.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/login_with_password

Request samples

application/json

{"email": "user@example.com",
"password": {"value": "pa$$word"
}
}

Response samples

200
400
409
default

application/json

{"token": "string",
"tokenType": "AUTH",
"identity": {"type": "CONSUMER",
"id": "string"
},
"credentials": {"type": "ROOT",
"id": "string"
}
}

Get user identities

Retrieves a list of identities available to the holder of the token.

Securityauth_token and api_key

Responses

200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

get/identities

Request samples

Response samples

200
400
404
409
default

application/json

[{"id": {"type": "CONSUMER",
"id": "string"
},
"name": "string"
}
]

Issue a one-time password that can be used to step-up a token

Initiates the step-up token process by sending an SMS with an one-time-password to a device belonging to the logged-in user that was previously enrolled through /authentication_factors/otp/{channel} endpoint.

This process is required for endpoints that require a step-up token to complete the call.

Note that on the Sandbox Environment, text messages are not sent and the one-time-password is always "123456".

Securityauth_token and api_key

Request

path Parameters

channel

required

string (SCAOtpChannel)

The unique identifier for the channel.

Value: "SMS"

Responses

204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

405

Method Not Allowed - The request was received but has been rejected for the requested resource.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/stepup/challenges/otp/{channel}

Request samples

Response samples

400
405
409
default

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Verify a step-up token using a one-time password

Completes the verification process for a step up token.

Note that on the Sandbox Environment, text messages are not sent and the verificationCode is always "123456".

Securityauth_token and api_key

Request

path Parameters

channel

required

string (SCAOtpChannel)

The unique identifier for the channel.

Value: "SMS"

Request Body schema: application/json

verificationCode

required

string (Nonce) <= 50 characters ^[a-zA-Z0-9_.*@-]*$|^[a-zA-Z0-9.!#$%&*+\\/=?^...

The code received by the user on the device.

Responses

204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/stepup/challenges/otp/{channel}/verify

Request samples

application/json

{"verificationCode": "string"
}

Response samples

400
409
default

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Issue a push notification that can be used to step-up a token

Initiates the step-up token process by submitting a push notification to a device belonging to the logged-in user that was previously enrolled through the /authentication_factors/push/{channel} endpoint.

You should only start this process if the token step-up isn't already in flight.

Securityauth_token and api_key

Request

path Parameters

channel

required

string (SCAPushChannel)

"AUTHY": The push notification is sent on the user's device using Twilio Authy
"BIOMETRIC": The push notification is sent to the user's device

Enum: "AUTHY" "BIOMETRIC"

Responses

200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

405

Method Not Allowed - The request was received but has been rejected for the requested resource.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/stepup/challenges/push/{channel}

Request samples

Response samples

200
400
405
409
default

application/json

{"id": "string"
}

Logout

Logs out the user and terminates the session identified by the auth_token in the Authorization Header.

Securityauth_token and api_key

Responses

200

Success

204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/logout

Request samples

Response samples

200
400
default

application/json

{"url": "string"
}

Acquire a new access token

This API endpoint accepts a POST request with an auth_token parameter and returns an access_token that grants authorized access to additional resources within the API, with a different expiration time and unique signature.

Securityapi_key and auth_token

Request

Request Body schema: application/json

required

object (IdentityId)

Responses

200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

The auth token is not specified or is incorrect.

423

Locked - Account is temporarily locked due to failed consecutive login attempts. Try again in 30 minutes.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/access_token

Request samples

application/json

{"identity": {"type": "CONSUMER",
"id": "string"
}
}

Response samples

200
400
default

application/json

{"token": "string",
"identity": {"type": "CONSUMER",
"id": "string"
},
"credentials": {"type": "ROOT",
"id": "string"
}
}

➔ Next to Passwords