Additional Factors

Manage additional strong customer authentication factors for your users.

Get user authentication factors

Retrieves the list of authentication factors that can be used to verify the logged-in user.

Securityauth_token and api_key

Responses

200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

get/authentication_factors

Request samples

Response samples

200
400
404
default

application/json

{"factors": [{"type": "OTP",
"status": "PENDING_VERIFICATION",
"channel": "SMS"
}
]
}

Enrol a user device for authentication using one-time passwords

This is the first step in enrolling the logged-in user's mobile device, where a one-time password is sent to the device.

Note that on the Sandbox Environment, text messages are not sent and the one-time-password is always "123456".

Securityapi_key and auth_token

Request

path Parameters

channel

required

string (SCAOtpChannel)

The unique identifier for the channel.

Value: "SMS"

header Parameters

idempotency-ref

string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Responses

204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/authentication_factors/otp/{channel}

Request samples

Response samples

400
404
409
default

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Verify enrolment of a user device for authentication using one-time passwords

The second step in enrolling the logged-in user (root or authorised user) to use one-time-passwords to enable verification of transactions. The challenge expires after 5 minutes and the number of incorrect OTP attempts is limited to reduce the risk of fraud, in that case challenge has to be issued again.

Note that on the Sandbox Environment, text messages are not sent and the verificationCode is always set to "123456".

Securityapi_key and auth_token

Request

path Parameters

channel

required

string (SCAOtpChannel)

The unique identifier for the channel.

Value: "SMS"

header Parameters

idempotency-ref

string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json
required

verificationCode

required

string (Nonce) = 6 characters ^[0-9]*$

The code received by the user on the device.

Responses

204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/authentication_factors/otp/{channel}/verify

Request samples

application/json

{"verificationCode": "string"
}

Response samples

400
404
409
default

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Enrol a user device for authentication using push notifications

This is the first step in enrolling the logged-in user's mobile device, where a push notification is sent to the device.

Securityapi_key and auth_token

Request

path Parameters

channel

required

string (AuthSCAPushChannel)

"AUTHY": The push notification is sent on the user's device using Twilio Authy

Value: "AUTHY"

header Parameters

idempotency-ref

string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Responses

204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/authentication_factors/push/{channel}

Request samples

Response samples

400
403
404
409
default

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Unlink a user device for authentication using push notifications

Securityapi_key and auth_token

Request

path Parameters

channel

required

string (SCAPushChannel)

"AUTHY": The push notification is sent on the user's device using Twilio Authy
"BIOMETRIC": The push notification is sent to the user's device

Enum: "AUTHY" "BIOMETRIC"

Responses

204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

delete/authentication_factors/push/{channel}

Request samples

Response samples

400
403
404
409
default

application/json

{"message": "string",
"syntaxErrors": {"invalidFields": [{"params": ["string"
],
"fieldName": "string",
"error": "REQUIRED"
}
]
}
}

Additional Factors

Get user authentication factors

Enrol a user device for authentication using one-time passwords

path Parameters

header Parameters

Verify enrolment of a user device for authentication using one-time passwords

path Parameters

header Parameters

Request Body schema: application/jsonrequired

Enrol a user device for authentication using push notifications

path Parameters

header Parameters

Unlink a user device for authentication using push notifications

path Parameters

Request Body schema: application/json
required