Weavr
Powered by Redocly

Step-up

Issue a one-time password that can be used to step-up a token

Initiates the step-up token process by sending an SMS with an one-time-password to a device belonging to the logged-in user that was previously enrolled through /authentication_factors/otp/{channel} endpoint.

This process is required for endpoints that require a step-up token to complete the call.

Note that on the Sandbox Environment, text messages are not sent and the one-time-password is always "123456".

Securityauth_token and api_key
Request
path Parameters
channel
required
string (SCAOtpChannel)

The unique identifier for the channel.

Value: "SMS"
Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

405

Method Not Allowed - The request was received but has been rejected for the requested resource.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/stepup/challenges/otp/{channel}
Request samples 
Response samples 
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}
Verify a step-up token using a one-time password
Completes the verification process for a step up token.


Note that on the Sandbox Environment, text messages are not sent and the verificationCode is always "123456".


Securityauth_token and api_key 
Request 
path Parameters
channel
required
string (SCAOtpChannel) 
The unique identifier for the channel.


 Value: "SMS"  
Request Body schema: application/json
required
verificationCode
required
string (Nonce)   = 6 characters ^[0-9]*$
The code received by the user on the device.


 
Responses 
204
Success - No Content.


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


post/stepup/challenges/otp/{channel}/verify
Request samples 
application/json
{
  • "verificationCode": "string"
}
Response samples 
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}
Issue a push notification that can be used to step-up a token
Initiates the step-up token process by submitting a push notification to a device belonging to the logged-in user that was previously enrolled through the /authentication_factors/push/{channel} endpoint.


You should only start this process if the token step-up isn't already in flight.


Securityauth_token and api_key 
Request 
path Parameters
channel
required
string (SCAPushChannel) 
    

  • "AUTHY": The push notification is sent on the user's device using Twilio Authy
    • 

  • "BIOMETRIC": The push notification is sent to the user's device
    • 



 Enum: "AUTHY" "BIOMETRIC"  
Responses 
200
Success


400
Bad Request Error - Your request is invalid.


401
Unauthorized - Your credentials or access token are invalid.


403
Forbidden - Access to the requested resource or action is forbidden.


405
Method Not Allowed - The request was received but has been rejected for the requested resource.


409
Conflict


429
Too many requests.


500
Internal Server Error - There is a problem with the server. Please try again later.


503
Service Unavailable - We're temporarily offline for maintenance. Please try again later.


default
Error


post/stepup/challenges/push/{channel}
Request samples 
Response samples 
application/json
{
  • "id": "string"
}
➔ Next to Corporates