Using PhenixID HTTP API for Token OTP authentication

Overview

To use the API, fetch username and OTP from the end user and send it to the API endpoint.

Prerequisites

- PhenixID Authentication Services HTTP API for Token OTP authentication configured

- Token app or device

- Token app or device enrolled for a user

- If PhenixID Authentication Services HTTP API is protected with client certificate authentication: Client certificate (p12)

- If PhenixID Authentication Services HTTP API is protected with basic authentication: Username and password

Trigger authentication - data to be fetched before api call

To trigger OneTouch authentication, the api client must fetch these values:

- The username (must match the username of the enrolled token)

- The OTP

Trigger authentication - api call

Request

Method: HTTP PUT

Endpoint: /api/authentication/otp_token_auth

Headers:

Name Value
Mandatory Comment
Content-Type application/json Yes
tenant ot Yes .Value must be given to you by PhenixID Authentication Services admin, it might differ depending on the environment.
Authorization <basic_auth_value> No If applicable, username and password must be given to you by PhenixID Authentication Services admin.

Body:

The body must contains a json structure.

{
"username":"..",
"otp":"123456
} 

Json structure properties:

Name Example value Mandatory Comment
username wgretzky Yes The userID. Must match the userID of the enrolled token .
top 123456 Yes Token OTP value

Example request (Please note that authorization data is not included in this example).

 

PUT /api/authentication/otp_token_auth HTTP/1.1
Host: demo.phenixid.net
Content-Type: application/json
tenant: ot
Cache-Control: no-cache
{ "username":"wgretzky","otp" : "123456" }

Response

The http response status code represents the result of the token validation:

- 200 - Validation successful

- 4xx - Validation unsuccessful

- 5xx - Backend error

Example responses

HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden