Authentication Factors

Get user authentication factors

Retrieves the list of authentication factors that can be used to verify the logged-in user.

Securityauth_token and api_key
Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

get/authentication_factors
Request samples
Response samples
application/json
{
  • "factors": [
    ]
}

Enrol a user device for authentication using one-time passwords

This is the first step in enrolling the logged-in user's mobile device, where a one-time password is sent to the device.

Note that on the Sandbox Environment, text messages are not sent and the one-time-password is always "123456".

Securityapi_key and auth_token
Request
path Parameters
channel
required
string (SCAOtpChannel)

The unique identifier for the channel.

Value: "SMS"
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/authentication_factors/otp/{channel}
Request samples
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Verify enrolment of a user device for authentication using one-time passwords

The second step in enrolling the logged-in user (root or authorised user) to use one-time-passwords to enable verification of transactions. The challenge expires after 5 minutes and the number of incorrect OTP attempts is limited to reduce the risk of fraud, in that case challenge has to be issued again.

Note that on the Sandbox Environment, text messages are not sent and the verificationCode is always set to "123456".

Securityapi_key and auth_token
Request
path Parameters
channel
required
string (SCAOtpChannel)

The unique identifier for the channel.

Value: "SMS"
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Request Body schema: application/json
required
verificationCode
required
string (Nonce) = 6 characters ^[0-9]*$

The code received by the user on the device.

Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/authentication_factors/otp/{channel}/verify
Request samples
application/json
{
  • "verificationCode": "string"
}
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Enrol a user device for authentication using push notifications

This is the first step in enrolling the logged-in user's mobile device, where a push notification is sent to the device.

Securityapi_key and auth_token
Request
path Parameters
channel
required
string (AuthSCAPushChannel)
  • "AUTHY": The push notification is sent on the user's device using Twilio Authy
Value: "AUTHY"
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/authentication_factors/push/{channel}
Request samples
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Unlink a user device for authentication using push notifications

Unlink a user device for authentication using push notifications

Securityapi_key and auth_token
Request
path Parameters
channel
required
string (SCAPushChannel)
  • "AUTHY": The push notification is sent on the user's device using Twilio Authy
  • "BIOMETRIC": The push notification is sent to the user's device
Enum: "AUTHY" "BIOMETRIC"
header Parameters
idempotency-ref
string

A unique call reference generated by the caller that, taking into consideration the payload as well as the operation itself, helps avoid duplicate operations. Idempotency reference uniqueness is maintained for at least 24 hours.

Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

delete/authentication_factors/push/{channel}
Request samples
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}