To use the API, one method is called. It will return:

- HTTP Status code 200 if SMS was sent ok.

- HTTP Status code 403 if SMS could not be sent

To use the API, fetch username and OTP from the end user and send it to the API endpoint.

To use the API, two methods must be called. The first API method call is to trigger the authentication. This will return a transaction ID value. The second API method call will poll the status of the authentication. The API client must poll until a status=OK or an error is returned.

To use the API, two methods must be called. The first API method call is to trigger the authentication. This will return a authRef value. The second API method call will poll the status of the authentication. The API client must poll until a status=APPROVED, CANCELED, RP_CANCELED or EXPIRED is returned.

To use the API, two methods must be called. The first API method call is to trigger the authentication. This will return an assignment ID value. The second API method call will poll the status of the authentication. The API client must poll the authentication until a authentication-process-done status is returned.

The use case behind this API call:

- The end user will retreive one-time-password by calling to a specific phone number (company phone system)

- The company phone system will pick up the phone number of the called-in user

- The company phone system will call out to this api, sending in the phone number of the called-in user

- PhenixID MFA server will search for the user (based on the received phone number)

- If the user is found, an OTP will be generated and bound to the userID

- The PhenixID HTTP API will return the OTP value to the calling API client (the company phone system)

- The company phone system will automatically echo the one-time-password to the end user.

- API function end

After the api call:

- The end user will enter username, password and OTP (the service protected may vary) and click Login

- Username, password and OTP will be sent to PhenixID MFA server

- PhenixID MFA server will validate the password (against the user directory) and the OTP

- If validation is ok, user will be logged in.

NB! This scenario can also be used for username+OTP based logins.

To use the API, one method is called. It will return:

- HTTP Status code 200 if session is still valid. Authentication method (auth_method) and user ID (userid) will be returned.

- HTTP Status code 403 if session is not valid.  

To use the API, two methods must be called. The first API method call is to trigger the authentication. This will return a transaction ID value. The second API method call will poll the status of the authentication. The API client must poll until a status=COMPLETE or an error is returned.