URI's used by PhenixID apps

This document describes the URI's used by PhenixID apps.

Description

When publishing the different web applications in PhenixID Server, best practise is to only allow as little as possible regarding the service. So communication is only allowed to the very specific services needed for the specific configuration. This document will describe what needs to be allowed depending on service, web application and PhenixID app used. Example of the communication is available in the end of the document.

URL's for the different web applications

PhenixID configuration portal:
http(s)://ipordnsnametoserver:port/config

PhenixID MFA Administration:
http(s)://ipordnsnametoserver:port/mfaadmin

PhenixID Self Service:
http(s)://ipordnsnametoserver:port/selfservice

PhenixID Pocket Pass enrollment:
http(s)://ipordnsnametoserver:port/activatepocketpass

PhenixID One Touch enrollment:
http(s)://ipordnsnametoserver:port/activateonetouch

PhenixID MyApps:
http(s)://ipordnsnametoserver:port/myapps

PhenixID Password self service (version 3.2 and later):
http(s)://ipordnsnametoserver:port/pss

Example of complete communication

Pocket Pass enrollment:

/mfaadmin/otpadmin/api/?tokens/prepare/d67793ed1c4c1dddd7c61cc0982b6917

/mfaadmin/otpadmin/provision/otpauth/?5c73a048-f35a-4872-bc67-4bb28ba02fca

One Touch enrollment:

/mfaadmin/otpadmin/onetouch/enroll/status/5ee705a9-340b-408a-a97b-88fd56f83748

/mfaadmin/otpadmin/onetouch/enroll/start/JTdCJTIydXNlcm5hbWUlMjIlM0ElMjJkNjc3OTNlZDFjNGMxZGRkZDdjNjFjYzA5ODJiNjkxNyUyMiUyQyUyMmRpc3BsYXlfbmFtZSUyMiUzQSUyMm5yNCUyMiUyQyUyMnRpbWVzdGFtcCUyMiUzQSUyMjE1MTYxODg0OTM5OTglMjIlN0Q=

/mfaadmin/otpadmin/onetouch/enroll/status/42e1471b-62c4-4704-b801-dfa389e12734

/mfaadmin/otpadmin/onetouch/provision/start/42e1471b-62c4-4704-b801-dfa389e12734

/mfaadmin/otpadmin/onetouch/provision/chain/42e1471b-62c4-4704-b801-dfa389e12734

/mfaadmin/otpadmin/onetouch/enroll/status/42e1471b-62c4-4704-b801-dfa389e12734

/mfaadmin/otpadmin/api/?d67793ed1c4c1dddd7c61cc0982b6917

/pki/token/register/dd813370-87c3-479e-9ce4-da2a5e4f6fb3

/mfaadmin/otpadmin/onetouch/provision/chain/42e1471b-62c4-4704-b801-dfa389e12734

/pki/tokens/dd813370-87c3-479e-9ce4-da2a5e4f6fb3

/mfaadmin/otpadmin/api/?d67793ed1c4c1dddd7c61cc0982b6917

/pki/tokens/dd813370-87c3-479e-9ce4-da2a5e4f6fb3

 

/selfservice/selfservice/js/extensions/pki.js

/selfservice/selfservice/pki/enroll/start/JTdCJTIyZGlzcGxheV9uYW1lJTIyJTNBJTIycyUyMiUyQyUyMnRpbWVzdGFtcCUyMiUzQSUyMjE1MTYxODg3ODcxNjclMjIlN0Q=

/selfservice/selfservice/pki/enroll/status/

/selfservice/selfservice/pki/enroll/status/cacfa81f-5d84-428b-a767-8bc6275d88fc

/pki/token/start/12953c01-43e7-4b87-a039-95991ee2d945

/selfservice/selfservice/pki/enroll/status/aeccdc94-ff69-41ca-81e3-3e6f413b09c1

/selfservice/selfservice/api/entity

/pki/token/register/12953c01-43e7-4b87-a039-95991ee2d945

/pki/tokens/12953c01-43e7-4b87-a039-95991ee2d945

One Touch auth:

/pki/tokens/12953c01-43e7-4b87-a039-95991ee2d945

/pki/assignment/confirm/eb2dffbb-3960-43e0-a2a0-aebed7476156

/pki/tokens/12953c01-43e7-4b87-a039-95991ee2d945

One Touch revoke:

/pki/tokens/7b3b2dc3-2b4b-4753-a9ff-d470c71f9190