Advanced Authentication API doc

API Endpoint

Terms

Endpoint

The appliance provide user’s authentication in different places, ex. Microsoft Windows, Apple MacOS X or other custom applications and systems. The final destination of user’s authentication is endpoint. The endpoint could be a physical workstation or an application.

Endpoint session

Endpoint should create endpoint session on the server to start working. The endpoint session has a lifetime, after this, the endpoint session will be deleted and the session will need to be renewed. All users can work with one endpoint session on one endpoint.

Event

The endpoints are combined in the events, the event is a logical separation for the endpoints. The Windows logon and Mac OS logon are different events, each event could had some set of the endpoints, and endpoints are Mac or Windows workstations.

Authentication Method

These are the specific authentication methods that are supported by the framework. Examples are SMS, OTP, or Smartphone authentication methods. In order to use a method, it needs to be connected to a chain. A method without a chain cannot be used to authenticate.

Name Key Description
LDAP password LDAP_PASSWORD:1 Authentication by LDAP password, system uses different LDAP users repository
One-time password based on hash algorithm HOTP:1 Authentication by OTP with hash algorithm
One-time password based on time algorithm TOTP:1 Authentication by OTP with time based algorithm
One-time password sending by e-mail EMAIL_OTP:1 Authentication by OTP sending by e-mail
One time password sending by SMS SMS_OTP:1 Authentication by OTP sending by SMS
RADIUS password RADIUS:1 Authentication by RADIUS server
Security question SECQUEST:1 Authentication by security question
Smartphone authentication SMARTPHONE:1 Authentication by smartphone application
Virtual password PASSWORD:1 Authentication by password assign to user
Voice call VOICE:1 Authentication by voice call
Cards CARD:1 Authentication by cards
FIDO U2F U2F:1 Authentication by FIDO U2F tokens
Emergency password EMERG_PASSWORD:1 Authentication by emergency password
PKI PKI:1 Authentication by PKI
Bluetooth BLUETOOTH:1 Authentication by Bluetooth devices
OAuth 2.0 OAUTH2:1 Authentication by OAuth 2.0

Chain

The authentication framework works with chains. These consist of one or more authentication methods and are used to connect to events. For example, LDAP password and an OTP. With this chain, you must first enter your password. Then you will enter a One-Time-Password retrieved from a token.

User templates

The user’s templates contain authentication information associated with users. Each template is linked to a user and to an authentication method. When users try to logon using a specific authentication method, the server finds the associated user template and provide authentication. Users cannot use authentication methods without associated user templates.

Enroll

The enrollment process collects information for creating of user templates. User templates can be created by several steps with the enroll process. The enroll process is wizard to user templates. Each user can create user templates into enroll process, administrator can assign enroll process results to another users. To start enroll user should logon first.

Logon

The server provides strong user authentication by using the chain-login concept. Each chain is a challenge-response login. To get a successful authentication, the entire chain should be completed. A chain can consist of one or several authentication method(s).

Login session

After a user logon, the system creates a login session, to access protected information from the server use this session. For example, reading event data requires a login session identifier.

Howto

To begin work with Aucore Rest Api you should have:

  • Created endpoint (endpoint id and secret). If you don’t have it, you should create it here

To login to Aucore:

  • Create endpoint session. Create endpoint session

  • Get all chains available for user and concrete event and select chain to useGet user chains

  • Start logon process with selected method and event. Start logon process

  • Complete all method in chain:

    • Call doLogon for specific method
    • If doLogon returns OK: you have successfully logged into Aucore
    • If doLogon returns MORE_DATA: Aucore is waiting for additional data. Use specific method description
    • If doLogon returns FAILED. Your attempt is not successful. Start new logon process to try again
    • If doLogon returns NEXT. Your attempt is successful. But you should call NEXT method to start with next method. After NEXT call, use doLogon again.
  • Use login_session_id for further work

To enroll:

Secrets

  1. login_session_id

  2. endpoint_session_id

  3. endpoint secret stored on endpoint device, passed as endpoint_secret_hash

If you know xxx_session_id you can remove session (logout user) or read /data - acts on behalf of user/endpoint.

Error reporting

Normally server respond with HTTP status 200 and JSON body (as described in corresponding service). In case of error, HTTP status may be 40x, 50x. Response body will be JSON structured as follows.

You need ‘description’ of first error

{ “errors”: [ { “description”: “Cannot connect to LDAP server(s)”, “location”: “server”, “msgid”: “AUCORE-0047” }], “reason”: “LDAP_NO_CONNECT” }

Do not use msgid for result status checking, use status and reason instead.

See Common Do logon for common status codes. Logon methods have individual statuses.

Special HTTP errors

HTTP 433 - endpoint session not found or expired. It is possible to get this error in the middle of logon process. You may start new endpoint session, resend do_logon request and continue.

HTTP 434 - logon session not found or expired. Re-logon.

HTTP 400 - wrong data (missed fields etc.) or method protocol violation e.g. voice method already did phone call and wait for PIN code, but you ask it to call user again. Fix your data and retry.

HTTP 500 - serious error, usually not possible to retry. Start your operation from the beginning (open new logon process, etc.)

Read HTTP error description, it may help debug.

Localization

It’s possible to choose a locale for server messages and warnings. Server detects a locale for request by the next properties ordered by priority:

  1. HTTP parameter LOCALE for GET or DELETE requests.

  2. JSON attribute LOCALE for POST, PUT and PATCH methods::

  3. LOCALE cookie

  4. Accept-Language HTTP header

  • Request (application/json)

    {
          "login_session_id": "789",
          "method_id": "HOTP:1",
          "_LOCALE_": "ru-RU"
      }

Supported locale formats

  1. Language with territory:

    en_US, nl_NL

  2. Language with territory:

    ru-RU, fr-FR

  3. Language only:

    ru, nl, fr

Message ID

Server issues an additional Message ID which can be used for message customization:

{ “chains”: [], “completed_methods”: [], “current_method”: “PASSWORD:1”, “logon_process_id”: “Ww323YxvYv6IVj3J3EaLNlkVM2aoHfLa”, “msgid”: “AUCORE-1008”, “msg”: “Process started”, “status”: “MORE_DATA” }

NOTE: Do not use msgid for result status checking, use status with reason instead.

Endpoints

Endpoint session management

Register new endpoint:

POST /api/v1/endpoints
RequestsNot trusted endpointTrusted endpoint
Body
{
    "name":"workstation1.domain.local",  // pass hostname here
    "software_type" "Windows Client",    // PAM Module/AD filter/etc
    "software_ver" "6.0.111",
    "desc":"New NAM endpoint",
    "tenant_name":"MARIA_GROUP",
    "os": {
        // recognized fields
        "type": "Windows",  // Linux, MacOS etc.
        "display_name": "Windows 10 Version 1607",  // Ubuntu 14.04.3 LTS
        "platform": "x64",  // x86 ARM8 etc
        "version": "10.0.14393",  // "14.04.03"
        // Windows machine GUID/SID, Linux machine-id etc.
        // please send GUID as "7c0da94b-ded2-4eb3-9c90-22a568f8d30a",
        // not as "{7c0da94b-ded2-4eb3-9c90-22a568f8d30a}" to slightly improve indexing performance
        "device_id": "<str, unique computer/device ID>",

    // other fields possible - OS specific info
    "build": "14393",
    "tz": "+07:00",
    "win10_version": "1607",
    "RAM": "32768",
    "domain": "WORKGROUP",
    "linux_distr": "Ubuntu",
    "windows_family": "Desktop"
},
"extra": {
    // any extra fields possible
}
}
Responses200
Body
{
  "secret": "cctdgkMc4pyKw0jAduP5CetGtaGKniPL",
  "id": "76d1d94607da11e69bae080027983191"
}
Body
{
    "name":"nam.new.trusted.endpoint",
    "typ":3,
    "desc":"New trusted NAM endpoint2",
    "is_trusted":true,
    "tenant_name": "MARIA_GROUP",
    "auth_data": {

                "method_id": "PASSWORD:1",
                "user_name": "LOCAL\admin",
                "password": "password"
             }
}
Responses200
Body
{
  "secret": "cJd8UjfftveHW4JXrphTupMDACoF06xZ",
  "id": "72fe734607db11e69bae080027983191"
}

Register new endpoint:
POST/api/v1/endpoints

Grab secret and remember it inside endpoint (secure registry storage, root-only accessible file etc.) You will use the secret in ‘endpoint_sessions’ service. TODO: add link to endpoint sessions resource


Read endpoint information:

GET /api/v1/endpoints/f1be127607dc11e69bae080027983191
Responses200404
Body
{
  "name": "nam.new.trusted.endpoint3",
  "typ": 3,
  "desc": "New trusted NAM endpoint",
  "is_enabled": true,
  "id": "d5f5881e07df11e69bae080027983191",
  "is_trusted": true
  # os information is not returned for security reason - this call is world-accessible
}
Body
{
  "errors": [
    {
      "location": "server",
      "name": "AuError",
      "msgid": "AUCORE-1022",
      "description": "Endpoint not found"
    }
  ],
  "status": "error"
}

Read endpoint information:
GET/api/v1/endpoints/{endpoint_id}

URI Parameters
HideShow
endpoint_id
32 symbol id (required) Example: f1be127607dc11e69bae080027983191

ID of the endpoint


Destroy endpoint:

DELETE /api/v1/endpoints/f1be127607dc11e69bae080027983191
Requestsexample 1
Body
{
    "auth_data": {

                    "method_id": "PASSWORD:1",
                    "user_name": "LOCAL\admin",
                    "password": "admin"
                 },
    "secret": "M2QjVLgxVKOYrpVtYKafsGtKrBRx1aTU"
}
Responses200
Body
null

Destroy endpoint:
DELETE/api/v1/endpoints/{endpoint_id}

Untrusted endpoint can be destroyed by user who knows endpoint secret(auth_data check skipped). Otherwise user must be provide auth_data. Only FULL ADMINS or ENROLL ADMINS can destroy endpoints. This method requires JSON body, not all web clients/proxy servers support body for HTTP DELETE method

URI Parameters
HideShow
endpoint_id
32 symbol id (required) Example: f1be127607dc11e69bae080027983191

ID of the endpoint


Update endpoint information:

PATCH /api/v1/endpoints/f1be127607dc11e69bae080027983191
RequestsChange endpoint name
Body
{
    "name":"sara.domain.local",
    "auth_data": {

                    "method_id": "PASSWORD:1",
                    "user_name": "LOCAL\admin",
                    "password": "admin"
    },
    // optional
    "os": {
        // ... Entire dictionary will be changed
    }
    "software_type" "Windows Client",
    "software_ver" "6.2",
}
Responses200
Body
null

Update endpoint information:
PATCH/api/v1/endpoints/{endpoint_id}

Field auth_data is required to update endpoint

If you omit a field, it will not be changed.

URI Parameters
HideShow
endpoint_id
32 symbol id (required) Example: f1be127607dc11e69bae080027983191

ID of the endpoint


Search endpoints by name:

POST /api/v1/endpoints/search
Requestsexample 1
Body
{
    "tenant_name": "MARIA_GROUP",
    "name": "nam.new.trusted.endpoint3",
    "auth_data": {
                    "method_id": "PASSWORD:1",
                    "user_name": "LOCAL\admin",
                    "password": "admin"
                 }
}
Responses200
Body
{
  "endpoints": [
    {
      "name": "nam.new.trusted.endpoint3",
      "typ": 3,
      "desc": "New trusted NAM endpoint",
      "is_enabled": true,
      "id": "d5f5881e07df11e69bae080027983191",
      "is_trusted": true
    }
  ]
}

Search endpoints by name:
POST/api/v1/endpoints/search

Field tenant_name is optional, TOP tenant is used by default. Field name is required, name of endpoint (case-insensitive) Field auth_data is required to search endpoints. Only FULL ADMINS or ENROLL ADMINS can search endpoints.


Endpoint sessions

Endpoint session management. Does not require login/endpoint session. Instead, it requires endpoint secret.

Session lifetime (TTL): expire on inactivity 60 min, max lifetime 10080 min. It may change without notice. Please handle 434/433 HTTP codes to re-open session on-the fly and re-send request.

Create the session from endpoint and returns it's ID:

POST /api/v1/endpoints/f1be127607dc11e69bae080027983191/sessions
RequestsSuccessful create sessionCreate session with incorrect credentials
Body
{
    "salt": "i_am_salt",
    "endpoint_secret_hash": "d8065693d119fd3d3b0ea54b31d0bf66cc6b56879de302c94cf0e464fef67124",
    "session_data":
    {
        "any": { "data": ["you", "want to store", "in session"] }
    }

    // Optional - update os and client software information

    "os":
    {
        "display_name": "Ubuntu 14.04.3 LTS",
        "platform": "x64",
        "version": "14.04.03"
        // Entire dictionary will be changed
        // Always pass full info or don't pass any
    },
    "software_type" "Windows Client",  // optional
    "software_ver" "6.2",              // optional
    "name": "new.endpoint.name"  // rename endpoint (e.g if hostname has been changed)
}
Responses200
Body
{
  "endpoint_session_id": "0TbKHn9MsZKJYhfQ0FZ0W2y0RHVwxTOY"
}
Body
{
    "salt": "i_am_salt",
    "endpoint_secret_hash": "d8065693d119fd3d3b0ea54b31d0bf66cc6b56879de302c94cf0e464fef67127",
    //incorrect secret hash
    "session_data": {"any": { "data": ["you", "want to store", "in session"] } }
}
Responses403
Body
{
  "errors": [
    {
      "location": "server",
      "name": "AuError",
      "msgid": "AUCORE-1065",
      "description": "Wrong credentials (endpoint secret)"
    }
  ],
  "status": "error"
}

Create the session from endpoint and returns it's ID:
POST/api/v1/endpoints/{endpoint_id}/sessions

Client machine knows in advance endpoint_secret and id. It sends it to server, in hashed+salted form. Server validates and returns endpoint_session_id or HTTP error.

endpoint_secret_hash calculation in python::

def get_endpoint_secret_hash(endpoint, salt): # Calculates endpoint secret hash as SHA256(endpoint.secret, SHA256(endpoint.id_hex + salt)) # salt is random string of length >= 1

salted_endpoint_id = (endpoint.id_hex + salt).encode('utf-8')
        endpoint_id_hash = sha256(salted_endpoint_id).hexdigest()
        salted_enpoint_secret = (endpoint.secret + endpoint_id_hash).encode('utf-8')

        return sha256(salted_enpoint_secret).hexdigest()
URI Parameters
HideShow
endpoint_id
32 symbol id (required) Example: f1be127607dc11e69bae080027983191

ID of the endpoint


Read information about endpoint session:

GET /api/v1/endpoints/f1be127607dc11e69bae080027983191/sessions/f1be127607dc11e69bae080027983191?salt=i_am_salt&endpoint_secret_hash=7a68b11d3e409c09ba1545f5500273defb3c27127250029f00ac65097978fcf6
Responses200
Body
{
  "endpoint_id": "377ac5fe07e011e69bae080027983191",
  "session_data": {
    "any": {
      "data": [
        "you",
        "want to store",
        "in session"
      ]
    }
  },
  "sid": "daTpDaWAd5BP0QzBNcIulLuFYCJ32Aak"
}

Read information about endpoint session:
GET/api/v1/endpoints/{endpoint_id}/sessions/{endpoint_session_id}?salt={salt}&endpoint_secret_hash={endpoint_secret_hash}

URI Parameters
HideShow
endpoint_id
32 symbol id (required) Example: f1be127607dc11e69bae080027983191

ID of the endpoint

endpoint_session_id
32 symbol id (required) Example: f1be127607dc11e69bae080027983191

ID of the endpoint

salt
string (required) Example: i_am_salt

Client generated salt. This salt is used in secret hash generated algorithm.

endpoint_secret_hash
string (required) Example: 7a68b11d3e409c09ba1545f5500273defb3c27127250029f00ac65097978fcf6

Endpoint secret hash


Destroys the endpoint session:

DELETE /api/v1/endpoints/f1be127607dc11e69bae080027983191/sessions/f1be127607dc11e69bae080027983191?salt=i_am_salt&endpoint_secret_hash=7a68b11d3e409c09ba1545f5500273defb3c27127250029f00ac65097978fcf6
Responses200
Body
null

Destroys the endpoint session:
DELETE/api/v1/endpoints/{endpoint_id}/sessions/{endpoint_session_id}?salt={salt}&endpoint_secret_hash={endpoint_secret_hash}

URI Parameters
HideShow
endpoint_id
32 symbol id (required) Example: f1be127607dc11e69bae080027983191

ID of the endpoint

endpoint_session_id
32 symbol id (required) Example: f1be127607dc11e69bae080027983191

ID of the endpoint

salt
string (required) Example: i_am_salt

Client generated salt. This salt is used in secret hash generated algorithm.

endpoint_secret_hash
string (required) Example: 7a68b11d3e409c09ba1545f5500273defb3c27127250029f00ac65097978fcf6

Endpoint secret hash


Logon

Implements logon process. Requires endpoint_session_id. Add it to all requests.

Login procedure:

  1. Start login process, grab login_process_id

  2. Series of do_logon calls. Client software sends ‘response’ to server; server replies with ‘challenge’

  3. Received status=‘OK’ or ‘FAILED’ is the end of the process.

    OK - logon is complete, login session has been created. FAILED - logon failed, logon process is destroyed

  4. HTTP error 400 or 500 does not destroy the process, it is possible to continue it.

  5. Special HTTP error 434 is returned in case when login session not found or expired

Simple logon

First, you create login process::

POST /api/v1/logon { ‘method_id’: ‘PASSWORD:1’, ‘user_name’: ‘REPONAME\USERNAME’, ‘is_1N’: True/False, # optional, default False ‘unit_id’: ‘xxx’, # for 1N login ‘event’: ‘xxx’ # can be empty string for testing (allow any method) }

For 1N login, you set is_1N to True and pass unit_id. For normal login, you pass user_name. Return::

{ ‘chains’: [], ‘completed_methods’: [], ‘current_method’: ‘PASSWORD:1’, ‘logon_process_id’: ‘Ww323YxvYv6IVj3J3EaLNlkVM2aoHfLa’, ‘msg’: ‘Process started’, ‘status’: ‘MORE_DATA’ }

Grab logon_process_id and perform series of do_logon calls while getting status ‘MORE_DATA’::

POST /api/v1/logon/Ww323YxvYv6IVj3J3EaLNlkVM2aoHfLa/do_logon { ‘response’: ‘method-specific dictionary, maybe omitted if method does not requires data on 1st do_login’ } Return { # method-specific data such as ‘challenge’: {‘rounds’: 100, ‘salt’: ‘cdf123Dx’}, ‘status’: ‘MORE_DATA’ }

POST /api/v1/logon/Ww323YxvYv6IVj3J3EaLNlkVM2aoHfLa/do_logon
{
    'response': {'answer' : 'my-password' # method-specific dict in 'response' field
                                          # this is 'response' to 'challenge' which server sent in previous do_logon
}

At some iteration, you get either status=OK or FAILED. ‘OK’ gives you also information about logged user::

{ ‘chains’: [], ‘completed_methods’: [‘PASSWORD:1’], ‘login_session_id’: ‘YTxTmMW6RPv051RmeCiyBn7txzE0JoM2’, ‘msg’: ‘Welcome!’, ‘repo_id’: ‘703f7c641beb11e48c69000c294fde0e’, ‘user_id’: ‘7044631e1beb11e48c69000c294fde0e’, ‘user_name’: ‘LOCAL\user1’, ‘event_name’: ‘Windows logon’, ‘event_data_id’: ‘OSLogon’ ‘status’: ‘OK’ }

# example of FAILED method

{ 'msg': 'Wrong password',
  'status': 'FAILED'}

Grab login_session_id, you will pass it to other services. 1-N logon does not know user name before login starts, and now it knows.

Chained logon

Depending of event and endpoint_session_id (trusted/untrusted endpoint) you receive list of chains.

Chain defines:

  • list of methods user must login to, one-by-one.

  • After login, you can access data of the event by using ‘user_data’ service.

‘NEXT’ status says that current method is complete (OK) and user must start next method. What method to start is up to user (or client UI) - it depends on what chain user wants to complete.

Login is completed as soon as any chain is completed.

Chained logon example::

optional - read chains

# GET  /api/v1/logon/chains?event=Windows%20logon&is_trusted=true

# decide what chain to complete and...

# 1. start 1st method

POST /api/v1/logon
{ 'method_id': 'SUPER_OTP:1', 'user_name': 'MARIA\director', 'event': 'Windows logon' }
Return
{ 'chains':
        [
            # same list of chains as you GET from /api/v1/logon/chains?event=Windows%20logon
        ],
  'completed_methods': [],
  'current_method': 'SUPER_OTP:1',
  'logon_process_id': 'abc345',
  'msg': 'Process started',
  'status': 'MORE_DATA'
}
# Grab login_process_id (abc345) and...

# 2. call do_logon

POST /api/v1/logon/abc345/do_logon
{ 'response': 'some_secret' }
returns
{ 'status': 'MORE_DATA', 'current_method': 'SUPER_OTP:1', 'completed_methods': [] }

# 3. continue 1st method (it is 2-phase method)

POST /api/v1/logon/abc345/do_logon
{ response: 'second_secret' }
returns
{ status: 'NEXT', 'completed_methods': ['SUPER_OTP:1'] }

Status=NEXT means ‘SUPER_OTP’ is OK, completed_methods has method name. You start next method by POSTing to same process::

4. start next method

POST /api/v1/logon/abc345/next
{ 'method_id': 'LDAP_PASSWORD:1' } # user_name will be same as before
                                   # you may pass unit_id and is_1N=true,
                                   # it will work - but unit_id must be owned by same user
returns
{ status: 'MORE_DATA', 'current_method': 'LDAP_PASSWORD:1', 'completed_methods': ['SUPER_OTP:1']}

# 5. call do_logon, as usual

POST /api/v1/logon/abc345/do_logon
{ 'response': 'Password1' }
returns
{
    'status': 'OK',
    'completed_methods': ['SUPER_OTP:1', 'LDAP_PASSWORD:1'],
    'login_session_id': 'YTxTmMW6RPv051RmeCiyBn7txzE0JoM2',
    'msg': 'Welcome!',
    'repo_id': '703f7c641beb11e48c69000c294fde0e',
    'user_id': '7044631e1beb11e48c69000c294fde0e',
    'user_name': 'MARIA\director',
    'event_name': 'Windows logon',
    'event_data_id': 'OSLogon'
}

# The chain is complete! Grab login_session_id!

OK, grab login_session_id and user info.

Chained logon - wrong password in the middle

Consider a chain has 3 methods, user completed 2 of them but provided wrong credentials for 3rd method. In that case:

  1. Result is NEXT (not FAILED because it means end of the process)

  2. completed_methods still contains 2 methods

  3. Re-start method by POSTing as usual to /api/v1/logon/abc345/next

Create logon process:

POST /api/v1/logon
RequestsSimple logon1:N authentication
Body
{
    "method_id": "PASSWORD:1",
    "user_name": "LOCAL\USER1",
    "event": "NAM",
    "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u"
}
Responses200
Body
{
  "completed_methods": [],
  "chains": [
    {
      "name": "Authenticators Management - Password",
      "position": 1,
      "id_hex": "3c927b4a061e11e6b224080027983191",
      "apply_for_ep_owner": false,
      "required_chain_id_hex": null,
      "methods": [
        "PASSWORD:1"
      ],
      "short_name": "",
      "image_name": "PASSWORD_1.png",
      "is_trusted": null,
      "is_enabled": true,
      "grace_period": null
    }
  ],
  "plugins": [],
  "event_name": "NAM",
  "logon_process_id": "TTPeglOJxUZ3R8IV3e5vwUgUQACs8fBS",
  "event_data_id": "OSLogon",
  "status": "MORE_DATA",
  "msgid": "AUCORE-1008",
  "current_method": "PASSWORD:1",
  "msg": "Process started",
  "reason": "PROCESS_STARTED"
}
Body
{
        "method_id": "PASSWORD:1",
        "event": "NAM",
        "is_1N":true,
        "unit_id":"test",
        "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
    }
Responses200
Body
{ 'chains': [],
  'completed_methods': [],
  'current_method': 'PASSWORD:1',
  'logon_process_id': 'Ww323YxvYv6IVj3J3EaLNlkVM2aoHfLa',
  'msg': 'Process started',
  'status': 'MORE_DATA'
}

Create logon process:
POST/api/v1/logon

First, you create login process For 1N login, you set is_1N to True and pass unit_id. For normal login, you pass user_name. Then use doLogon method to proceed.

Use next event names as event param:

  • Authenticators Management

  • EndpointsManagement

  • NAM

  • NCA

  • AdminUI

  • Radius Server

  • Helpdesk

  • Mac OS logon

  • Windows logon

  • ADFS

  • Linux logon

  • Report logon

  • Helpdesk user

  • Search Card


Common Do logon

POST /api/v1/logon/TTPeglOJxUZ3R8IV3e5vwUgUQACs8fBS/do_logon
RequestsSimple virtual password doLogonSimple incorrect virtual password doLogon
Body
{
  "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
  "response": {
    "answer": "my-password"
  }
}
Responses200
Body
{
  "user_id": "4f34e2882991440ddd0fd515e0d0236c",
  "completed_methods": [
    "PASSWORD:1"
  ],
  "repo_id": "3c9c1fd8061e11e6b224080027983191",
  "status": "OK",
  "repo_obj_id": "3caa08a0061e11e6b224080027983191",
  "event_data_id": "",
  "logon_process_id": "jImh3267QFyZ9pXjSGPj5EIhpKKU8Xu9",
  "user_name": "LOCAL\ADMIN",
  "login_session_id": "TmPxkC98vF4FGhDvqedjXItbmGjVJYTD",
  "plugins": [],
  "event_name": "",
  "chains": [
    {
      "name": "TEST CHAIN",
      "position": 1000,
      "id_hex": null,
      "apply_for_ep_owner": false,
      "required_chain_id_hex": null,
      "methods": [
        "ANY"
      ],
      "short_name": "",
      "image_name": "ANY.png",
      "is_trusted": null,
      "is_enabled": true,
      "grace_period": null
    }
  ],
  "current_method": "PASSWORD:1",
  "msgid": "AUCORE-2001",
  "msg": "Welcome!",
  "data_id": ""
}
Body
{
  "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
  "response": {
    "answer": "my-incorrect-password"
  }
}
Responses200
Body
{
  "completed_methods": [],
  "chains": [
    {
      "name": "TEST CHAIN",
      "position": 1000,
      "id_hex": null,
      "apply_for_ep_owner": false,
      "required_chain_id_hex": null,
      "methods": [
        "ANY"
      ],
      "short_name": "",
      "image_name": "ANY.png",
      "is_trusted": null,
      "is_enabled": true,
      "grace_period": null
    }
  ],
  "plugins": [],
  "event_name": "",
  "logon_process_id": "TaEXATdeJmyzhYlEKDwBKCUqzMW0YdtT",
  "event_data_id": "",
  "status": "FAILED",
  "msgid": "AUCORE-2007",
  "current_method": "PASSWORD:1",
  "msg": "Wrong password",
  "reason": "PASSWORD_WRONG"
}

Common Do logon
POST/api/v1/logon/{logon_process_id}/do_logon

Grab logon_process_id and perform series of do_logon calls while getting status ‘MORE_DATA’

doLogon response can contain status with OK, FAILED, MORE_DATA, NEXT

OK - you are successfully logged to event

FAILED - unsuccessful response for logon

NEXT - current method is done, service is waiting for next method. To start next method use next method bellow. Then call do_logon, as usual.

MORE_DATA - service is waiting for data

At some iteration, you get either status=OK or FAILED.

‘OK’ gives you also information about logged user. Grab login_session_id, you will pass it to other services.

Details about data and steps for specific methods read here

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: TTPeglOJxUZ3R8IV3e5vwUgUQACs8fBS

ID of the logon process


Continue logon for multiple step logon

POST /api/v1/logon/TTPeglOJxUZ3R8IV3e5vwUgUQACs8fBS/next
Requestsexample 1
Body
{
  "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
  "method_id": "HOTP:1"
}
Responses200
Body
{
  "event_name": "",
  "completed_methods": [
    "PASSWORD:1"
  ],
  "msg": "Process started",
  "chains": [
    {
      "required_chain_id_hex": null,
      "short_name": "",
      "position": 0,
      "apply_for_ep_owner": false,
      "id_hex": "e5c25e240a2411e68f20080027983191",
      "methods": [
        "PASSWORD:1",
        "HOTP:1"
      ],
      "is_enabled": true,
      "is_trusted": null,
      "grace_period": null,
      "name": "test",
      "image_name": "default"
    }
  ],
  "current_method": "HOTP:1",
  "plugins": [],
  "msgid": "AUCORE-1008",
  "reason": "PROCESS_STARTED",
  "status": "MORE_DATA",
  "event_data_id": "",
  "logon_process_id": "TTPeglOJxUZ3R8IV3e5vwUgUQACs8fBS"
}

Continue logon for multiple step logon
POST/api/v1/logon/{logon_process_id}/next

For example: after successful PASSWORD:1 logon

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: TTPeglOJxUZ3R8IV3e5vwUgUQACs8fBS

ID of the logon process


Read available chains:

GET /api/v1/logon/chains?user_name=LOCAL\USER1&is_trusted=1&event=NAM&endpoint_session_id=f1be127607dc11e69bae080027983191
Responses200
Body
{
  "chains": [
    {
      "name": "Admin Password",
      "position": 0,
      "id_hex": "3c8c306e061e11e6b224080027983191",
      "apply_for_ep_owner": false,
      "required_chain_id_hex": null,
      "methods": [
        "PASSWORD:1"
      ],
      "short_name": "",
      "image_name": "PASSWORD_1.png",
      "is_trusted": null,
      "is_enabled": true,
      "grace_period": null,
      'mfa_tags' : []
    },
    {
      "name": "Authenticators Management - Password",
      "position": 2,
      "id_hex": "3c927b4a061e11e6b224080027983191",
      "apply_for_ep_owner": false,
      "required_chain_id_hex": null,
      "methods": [
        "PASSWORD:1"
      ],
      "short_name": "",
      "image_name": "PASSWORD_1.png",
      "is_trusted": null,
      "is_enabled": true,
      "grace_period": null,
      'mfa_tags' : []
    }
  ],
  "user_is_locked": false
}

Read available chains:
GET/api/v1/logon/chains?user_name={user_name}&is_trusted={is_trusted}&event={event}&endpoint_session_id={endpoint_session_id}

is_trusted can be 1, 0, “True”, “False” or missed(False)

If you omit ‘is_trusted’ in your query, service does not filter and returns both trusted and untrusted chains.

If you omit ‘user_name’, service does not filter and returns all chains configured given event/is_trusted.

If you provide ‘user_name’ of user that isn’t yet registered in aucore (such as new LDAP user), service returns only chains made of methods not requiring enroll.

“user_is_locked” returned if you specify user_name, use it to immediately show error and not ask user creds / chain selection

URI Parameters
HideShow
is_trusted
boolean (required) Example: 1

Show only trusted chains or not (1, 0, “True”, “False”)

user_name
string (required) Example: LOCAL\USER1

username

event
string (required) Example: NAM

event’s name

endpoint_session_id
32 symbol id (required) Example: f1be127607dc11e69bae080027983191

ID of the endpoint


Destroy logon process:

DELETE /api/v1/logon/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX?endpoint_session_id=f1be127607dc11e69bae080027983191

Destroy logon process:
DELETE/api/v1/logon/{logon_process_id}?endpoint_session_id={endpoint_session_id}

URI Parameters
HideShow
logon_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the logon process

endpoint_session_id
32 symbol id (required) Example: f1be127607dc11e69bae080027983191

ID of the endpoint


Authenticate by basic authentication header:

GET /account/basic
Requestsauthorization by PASSWORD:1
Headers
Authorization: Basic <base64 of credentials>
Responses302
Headers
Location: /account

Authenticate by basic authentication header:
GET/account/basic

Credentials format:

login:method_name:password

Examples:

  • Authorization: {base64 of REPO\user1:LDAP_PASSWORD:1:user1_password}

  • Authorization: {base64 of TENANT\REPO\user1:HOTP:1:user1_password}

  • Authorization: {base64 of user1:HOTP:1:user1_password}


Login sessions

Manage login sessions. Requires endpoint_session_id

Session lifetime (TTL): expire on inactivity 20 min, max lifetime 1440 min. It may change without notice. Please handle 434/433 HTTP codes to re-open session on-the fly and re-send request.

Read information about login session:

GET /api/v1/logon/sessions/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX?endpoint_session_id=f1be127607dc11e69bae080027983191
Responses200
Body
{
    "user_id": "4f34e2882991440ddd0fd515e0d0236c",
    "user_name": "LOCAL\ADMIN",
    "sid": "GKWrJUBaeBA20KHzHAcmzihNrOgdXooh",
    "repo_id": "3c9c1fd8061e11e6b224080027983191",
    "repo_obj_id": "3caa08a0061e11e6b224080027983191",
    "event_name": "",
    "data_id": "",
    "chain_id : "3cab08a0061e11e6b224080027983191"
}

Read information about login session:
GET/api/v1/logon/sessions/{login_session_id}?endpoint_session_id={endpoint_session_id}

URI Parameters
HideShow
login_session_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the login session

endpoint_session_id
32 symbol id (required) Example: f1be127607dc11e69bae080027983191

ID of the endpoint session


Delete login session:

DELETE /api/v1/logon/sessions/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX?endpoint_session_id=f1be127607dc11e69bae080027983191

Delete login session:
DELETE/api/v1/logon/sessions/{login_session_id}?endpoint_session_id={endpoint_session_id}

URI Parameters
HideShow
login_session_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the login session

endpoint_session_id
32 symbol id (required) Example: f1be127607dc11e69bae080027983191

ID of the endpoint session


Enroll

The service for creation authentication template (enroll). Requires login_session_id. Any user may start enroll process.

When process is finished, you create template from process result by using ‘user_template’ service. Until that, process result lives at the server for some time. Admin may assign process result to any user. User may assign process result to himself. It is possible that user1 created the process, tell enroll_process_id to user2 and he assigns it to himself.

Enroll procedure:

  1. Start enroll process, grab enroll_process_id

  2. Series of do_enroll calls. Client software sends ‘response’ to server until it replies ‘OK’ or ‘FAILED’

  3. POST/PUT enroll_process_id and user_id to ‘user_templates’ service.

Start enroll process:

POST /api/v1/enroll
Requestsexample 1
Body
{
    "method_id": "HOTP:1",
    //login method to create authentication template for
    "login_session_id":"B3XBHzwAHuPfHwMHfSjf3eVdV3glCa0o"
}
Responses200
Body
{
  "enroll_process_id": "JfgSCsAr89tR3tu92mKV3MWy4LWSmroU"
}

Start enroll process:
POST/api/v1/enroll

Returns enroll_process_id. Use it in do_enroll method.


Common Do enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsCorrect requestIncorrect request
Body
{
  "login_session_id": "rBT79CAz8AWh1o920OrHumx32iaToCU9",
  "response": {
    "secret": "0000000000000100",
    "counter": 10
  }
}
Responses200
Body
{
  "reason": "",
  "method_id": "HOTP:1",
  "status": "OK",
  "msg": ""
}
Body
{
    "login_session_id":"rBT79CAz8AWh1o920OrHumx32iaToCU9",
    "response":{
            "password":"0000000000000100",
            }
}
Responses200
Body
{
  "status": "FAILED",
  "msgid": "AUCORE-3028",
  "reason": "",
  "msg": "Secret and counter required"
}

Common Do enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

Grab enroll_process_id and perform series of do_enroll calls while getting status ‘MORE_DATA’

When you get ‘status’=‘OK’, enroll process is finished. Now you want to create template from process result and link it to a user. POST/PUT enroll_process_id and user_id to ‘user_templates’ service. It will create authentication template and destroy waiting enroll process. User will become template owner.

Details about data and steps for specific methods read here

URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Destroy pending/waiting process:

DELETE /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX?login_session_id=LRvql8GD946V7ryN8fesWBLhN1I7dpEe

Destroy pending/waiting process:
DELETE/api/v1/enroll/{enroll_process_id}?login_session_id={login_session_id}

URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process

login_session_id
string (required) Example: LRvql8GD946V7ryN8fesWBLhN1I7dpEe

ID of the login session


Policies

Read object policies. Requires logged_session_id.

No writes. Setting policies is the task of admin UI.

Policies are defined for component. “Component policies” is dictionary of values. Value is any json-serializable object, maybe nested dict::

{ “component_id”: { “policy1”: value, “policy2”: value } }

Service returns effective policies. Effective is default component policies overridden by object-specific policies.

Read effective policies of user :

GET /api/v1/users/4f34e2882991440ddd0fd515e0d0236c/effective_policy?login_session_id=JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX
Responses200
Body
{
  "policy": {
    "LoginOptions": {
      "component_id": "LoginOptions",
      "data": {
        "default_repos": [
          "LOCAL"
        ],
        "nondefault_repos": []
      }
    },
    "HelpdeskOptions": {
      "component_id": "HelpdeskOptions",
      "data": {
        "require_user_credentials": false
      }
    }
  }
}

Read effective policies of user :
GET/api/v1/users/{user_id}/effective_policy?login_session_id={login_session_id}

URI Parameters
HideShow
user_id
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

ID of the user

login_session_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the login session


Read info about specific component of effective user policy

GET /api/v1/users/4f34e2882991440ddd0fd515e0d0236c/effective_policy/TOTPMethod?login_session_id=JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX
Responses200
Body
{
  "policy": {
    "component_id": "TOTPMethod",
    "data": {
      "otp_window": 4,
      "otp_format": "dec6",
      "otp_period": 30,
      "use_key_uri_format_qr": false
    }
  }
}

Read info about specific component of effective user policy
GET/api/v1/users/{user_id}/effective_policy/{component}?login_session_id={login_session_id}

URI Parameters
HideShow
user_id
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

ID of the user

login_session_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the login session

component
string (required) Example: TOTPMethod

Component name


Read effective policies of endpoint :

GET /api/v1/endpoints/4f34e2882991440ddd0fd515e0d0236c/effective_policy?endpoint_session_id=JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX
Responses200
Body
{
  "policy": {
    "LoginOptions": {
      "component_id": "LoginOptions",
      "data": {
        "default_repos": [
          "LOCAL"
        ],
        "nondefault_repos": []
      }
    },
    "HelpdeskOptions": {
      "component_id": "HelpdeskOptions",
      "data": {
        "require_user_credentials": false
      }
    }
  }
}

Read effective policies of endpoint :
GET/api/v1/endpoints/{endpoint_id}/effective_policy?endpoint_session_id={endpoint_session_id}

Note: return default policies(not effective)

URI Parameters
HideShow
endpoint_id
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

ID of the endpoint

endpoint_session_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the endpoint session


Read info about specific component of endpoint effective policy

GET /api/v1/endpoints/4f34e2882991440ddd0fd515e0d0236c/effective_policy/TOTPMethod?endpoint_session_id=JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX
Responses200
Body
{
  "policy": {
    "component_id": "TOTPMethod",
    "data": {
      "otp_window": 4,
      "otp_format": "dec6",
      "otp_period": 30,
      "use_key_uri_format_qr": false
    }
  }
}

Read info about specific component of endpoint effective policy
GET/api/v1/endpoints/{endpoint_id}/effective_policy/{component}?endpoint_session_id={endpoint_session_id}

Note: return default policies(not effective)

URI Parameters
HideShow
endpoint_id
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

ID of the endpoint

endpoint_session_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the endpoint session

component
string (required) Example: TOTPMethod

Component name


User data

Access to data of the user.

Requires login_session_id of user or admin.

Data is defined for events. You may access data only of the event you are logged in. The event defines accessible data_id. Several events may share data_id. By default data_id = Event.name.upper().

Data permissions

  1. Restricted records - admin and user can read, but only admin can write (restricted write)

  2. Sensitive records - admin and user can write, but only user can read (restricted read)

Read all records of OSLogon data:

GET /api/v1/users/4f34e2882991440ddd0fd515e0d0236c/data/OSLogon?login_session_id=rBT79CAz8AWh1o920OrHumx32iaToCU9
Responses200
Body
{
  "data": {
    "field3": {
      "inner": "dict",
      "is": {
        "possible": "at",
        "any": "level"
      }
    },
    "field1": "new_value"
  }
}

Read all records of OSLogon data:
GET/api/v1/users/{user_id}/data/OSLogon?login_session_id={login_session_id}

Read data. Data consists of records. You may read all records or specific one. Add login_session_id as query-string parameter.

URI Parameters
HideShow
user_id
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

ID of the user

login_session_id
string (required) Example: rBT79CAz8AWh1o920OrHumx32iaToCU9

ID of the login session id


Delete all records of OSLogon data:

DELETE /api/v1/users/4f34e2882991440ddd0fd515e0d0236c/data/OSLogon?login_session_id=rBT79CAz8AWh1o920OrHumx32iaToCU9
Responses200
Body
null

Delete all records of OSLogon data:
DELETE/api/v1/users/{user_id}/data/OSLogon?login_session_id={login_session_id}

URI Parameters
HideShow
user_id
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

ID of the user

login_session_id
string (required) Example: rBT79CAz8AWh1o920OrHumx32iaToCU9

ID of the login session id


Delete password record only:

DELETE /api/v1/users/4f34e2882991440ddd0fd515e0d0236c/data/OSLogon/password?login_session_id=rBT79CAz8AWh1o920OrHumx32iaToCU9
Responses200
Body
null

Delete password record only:
DELETE/api/v1/users/{user_id}/data/OSLogon/password?login_session_id={login_session_id}

URI Parameters
HideShow
user_id
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

ID of the user

login_session_id
string (required) Example: rBT79CAz8AWh1o920OrHumx32iaToCU9

ID of the login session id


Modify data:

PATCH /api/v1/users/4f34e2882991440ddd0fd515e0d0236c/data/OSLogon
RequestsUpdate fieldUpdate many fieldsModifications/additions are recursive and process sub-records
Body
{
  "login_session_id": "LRvql8GD946V7ryN8fesWBLhN1I7dpEe",
  "data": {
    "field1": "a value"
  }
}
Responses200
Body
null
Body
{
  "login_session_id": "LRvql8GD946V7ryN8fesWBLhN1I7dpEe",
  "data": {
    "field1": "new_value",
    "field2": null,
    "field3": {
      "inner": "dict",
      "is": {
        "possible": "at",
        "any": "level"
      }
    }
  }
}
Responses200
Body
null
Body
{
  "login_session_id": "LRvql8GD946V7ryN8fesWBLhN1I7dpEe",
  "data": {
    "field3": {
      "sub-record": "is added"
    }
  }
}
Responses200
Body
null

Modify data:
PATCH/api/v1/users/{user_id}/data/OSLogon

Create/modify record field1 for OSLogon data::

URI Parameters
HideShow
user_id
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

ID of the user


Delete user:

POST /api/v1/users/4f34e2882991440ddd0fd515e0d0236c/delete?login_session_id=rBT79CAz8AWh1o920OrHumx32iaToCU9
Responses200
Body
{}

Delete user:
POST/api/v1/users/{user_id}/delete?login_session_id={login_session_id}

  • clear all templates

  • clear any stored passwords

  • clear any other user specific data

  • user can delete itself only, access to another user is not allowed

URI Parameters
HideShow
user_id
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

ID of the user

login_session_id
string (required) Example: rBT79CAz8AWh1o920OrHumx32iaToCU9

ID of the login session id


User templates

Access to user’s authentication templates. Requires login_session_id of user or admin.

List of user's linked templates:

GET /api/v1/users/4f34e2882991440ddd0fd515e0d0236c/templates?login_session_id=JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX
Responses200
Body
{
  "templates": [
    {
      "id": "3cb97b50061e11e6b224080027983191",
      "method_id": "PASSWORD:1",
      "method_title": "Password",
      "is_enrolled": true,
      "comment": ""
    },
    {
      "id": "83523194b70919672b1157bc929ed67a",
      "method_id": "CARD:1",
      "method_title": "Card",
      "is_enrolled": true,
      "comment": ""
    },
    {
      "id": "ff3f4e84203e6d7f56a0013074237071",
      "method_id": "SECQUEST:1",
      "method_title": "Security questions",
      "is_enrolled": true,
      "comment": ""
    },
    {
      "id": "5194c010d968811da4ff47f843a3245e",
      "method_id": "HOTP:1",
      "method_title": "HOTP",
      "is_enrolled": true,
      "comment": ""
    }
  ]
}

List of user's linked templates:
GET/api/v1/users/{user_id}/templates?login_session_id={login_session_id}

URI Parameters
HideShow
user_id
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

ID of the user

login_session_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the login session


POST /api/v1/users/4f34e2882991440ddd0fd515e0d0236c/templates
Requestsexample 1
Body
{
  "login_session_id": "LRvql8GD946V7ryN8fesWBLhN1I7dpEe",
  "enroll_process_id": "rlV6pSKXT4e0Ueq9hEXreL1ubkAdNYz2",
  "category_id": "hex or empty",
  "comment": "this is my comment"
}
Responses200
Body
{
  "auth_t_id": "3978beae0a3f11e68f20080027983191"
}

Create template, fill it from enroll session and link to user:
POST/api/v1/users/{user_id}/templates

User becomes owner of created template. Existing enrolled session is destroyed (no way to create 2 templates from same enroll session).

URI Parameters
HideShow
user_id
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

ID of the user


POST /api/v1/users/4f34e2882991440ddd0fd515e0d0236c/templates
Requestsexample 1
Body
{
    "login_session_id": "LRvql8GD946V7ryN8fesWBLhN1I7dpEe",
    "method_id": "EMAIL_OTP:1",
    "category_id": "hex or empty",
    "comment" : "this is my comment"
    //optional
    "unit_id " : "xxx"
}
Responses200
Body
{
  "auth_t_id": "b94292c20a3f11e68f20080027983191"
}

Create template without data and link to the user:
POST/api/v1/users/{user_id}/templates

Template should not be enrolled template and should be filled later by PUT

URI Parameters
HideShow
user_id
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

ID of the user


POST /api/v1/users/4f34e2882991440ddd0fd515e0d0236c/templates
Requestsexample 1
Body
{
  "auth_t_id": "3cb97b50061e11e6b224080027983191",
  "login_session_id": "LRvql8GD946V7ryN8fesWBLhN1I7dpEe"
}
Responses200
Body
{
  "auth_t_id": "3cb97b50061e11e6b224080027983191"
}

Link existing template to user.
POST/api/v1/users/{user_id}/templates

Passed logged_session_id must be of admin After that operation, user may login by ‘xxx’ template owned by some other user, but user can’t change it.

URI Parameters
HideShow
user_id
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

ID of the user


Fill auth template from enroll session and/or change comment:

PUT /api/v1/users/4f34e2882991440ddd0fd515e0d0236c/templates/83523194b70919672b1157bc929ed67a
RequestsChange commentFill auth template
Body
{
  "login_session_id": "JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX",
  "comment": "my new comment"
}
Responses200
Body
null
Body
{
    "login_session_id": "JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX",
    "enroll_process_id": "hex",
    "comment": "12345",
}
Responses200
Body
null

Fill auth template from enroll session and/or change comment:
PUT/api/v1/users/{user_id}/templates/{auth_t_id}

URI Parameters
HideShow
user_id
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

ID of the user

auth_t_id
string (required) Example: 83523194b70919672b1157bc929ed67a

ID of the template


DELETE /api/v1/users/4f34e2882991440ddd0fd515e0d0236c/templates/83523194b70919672b1157bc929ed67a?login_session_id=JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX
Responses200
Body
null

Categories of templates

Read authenticator categories. Requires login_session_id of any user authenticated to any event.

Read categories:

GET /api/v1/categories?login_session_id=B3XBHzwAHuPfHwMHfSjf3eVdV3glCa0o
Responses200
Body
{ 'categories': [
      {
        'id': 'd3ad2dd0dca211e68604000c29ecee77',
        'name': 'CAT1',
        'desc': 'category one'},
      {
        'id': 'd3ad3528dca211e68604000c29ecee77',
        'name': 'VAR',
        'desc': 'bar'}]
}

Read categories:
GET/api/v1/categories?login_session_id={login_session_id}

URI Parameters
HideShow
login_session_id
string (required) Example: B3XBHzwAHuPfHwMHfSjf3eVdV3glCa0o

Users

User lookup by name, list of users.

Requires login_session_id. Logged user must be member of FULL ADMINS or ENROLL ADMINS.

User lookup by given user name:

GET /api/v1/users?user_name=LOCAL\ADMIN&login_session_id=JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX
Responses200
Body
{
      "obj_id": "3caa08a0061e11e6b224080027983191",
      "user_name": "LOCAL\ADMIN",
      "last_fail_at": null,
      "repo_id": "3c9c1fd8061e11e6b224080027983191",
      "repo_name": "LOCAL",
      "id": "4f34e2882991440ddd0fd515e0d0236c",
      "loginame": "ADMIN"
    }

User lookup by given user name:
GET/api/v1/users?user_name={user_name}&login_session_id={login_session_id}

URI Parameters
HideShow
user_name
string (required) Example: LOCAL\ADMIN

User name

login_session_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the login session


List of users:

GET /api/v1/users?repo_name=BAZZ&page=0&login_session_id=JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX
Responses200
Body
{ 'repo': {'id': '18cfb964dc2111e69288000c29ecee77', 'name': 'FOO'},
  'tenant': 'TOP',
  'users': [ { 'id': '1897e91881407b0183bb2e6870d117ba',
               'name': 'admin',
               'sid': 'S-1-5-21-3303523795-413055529-2892985274-1104'},
             { 'id': '221bbf7ac0dab7ccd25821f53f4276e0',
               'name': 'Administrator',
               'sid': 'S-1-5-21-3303523795-413055529-2892985274-500'}]}

List of users:
GET/api/v1/users?repo_name={repo_name}&page={page}&login_session_id={login_session_id}

LOCAL repo - all local users. LDAP repo - users listed in server database - those who tried to authenticate at least once.

URI Parameters
HideShow
repo_name
string (optional) Example: BAZZ
repo_id
hex (required) Example: fc73edbbc04048b79edc68521485c518

Either repo id or name required

page
int (optional) Example: 0

Page number starts with 0. Page size is 50000. Result is unsorted

login_session_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the login session


Events

Events manager rest api. Requires login_session_id. Logged user must be member of FULL ADMINS or ENROLL ADMINS.

List of events:

GET /api/v1/events?login_session_id=JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX
Responses200
Body
{
  "events": [
    {
      "type": "Generic",
      "endpoints": [],
      "chains": [
        {
          "short_name": "",
          "is_enabled": true,
          "methods": [
            "ANY"
          ],
          "is_trusted": null,
          "is_image_custom": false,
          "grace_period": null,
          "name": "Test-chain",
          "id": "4c9f4524608911e7ae720800276d2239",
          "apply_for_ep_owner": false,
          "image_name": "ANY.png",
          "required_chain_id": null,
          "forced": false
        }
      ],
      "is_enabled": true,
      "json_data": {},
      "is_standard": false,
      "is_geo_fencing_enabled": false,
      "category_id": null,
      "geo_zones": [],
      "id": "4c9e8508608911e7ae720800276d2239",
      "name": "TEST",
      "forced": false
    }
  ]
}

List of events:
GET/api/v1/events?login_session_id={login_session_id}

URI Parameters
HideShow
login_session_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the login session


Create event:

POST /api/v1/events?login_session_id=JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX
RequestsSuccessful create session
Body
{
  "name": "Hello, world!",
  "type": "Hello, world!",
  "is_enabled": true,
  "is_geo_fencing_enabled": true,
  "category_id": "Hello, world!",
  "geo_zones": [],
  "chains": [],
  "endpoints": []
}
Schema
{
  "type": "object",
  "properties": {
    "name": {
      "type": "string",
      "description": "event name"
    },
    "type": {
      "type": "string",
      "description": "type of event, one of [\"Generic\",\"OSLogon\",\"PasswordStore\",\"OAuth2\", \"SAML2\"]"
    },
    "is_enabled": {
      "type": "boolean",
      "description": "is event enabled"
    },
    "is_geo_fencing_enabled": {
      "type": "boolean",
      "description": "is geo fencing enabled"
    },
    "category_id": {
      "type": "string",
      "description": "category id"
    },
    "geo_zones": {
      "type": "array",
      "description": "list of geo zones"
    },
    "chains": {
      "type": "array",
      "description": "list of geo zones"
    },
    "endpoints": {
      "type": "array",
      "description": "list of endpoints"
    }
  },
  "$schema": "http://json-schema.org/draft-04/schema#"
}
Responses200
Body
{
  "forced": false,
  "type": "Generic",
  "endpoints": [
    {
      "is_local": false,
      "device_id": "",
      "software_type": "",
      "name": "TEST_ENDPOINT",
      "desc": "",
      "typ": null,
      "owner": null,
      "is_trusted": false,
      "is_enabled": true,
      "id": "56ff565c608a11e7afe10800276d2239"
    }
  ],
  "is_standard": false,
  "is_enabled": false,
  "category_id": null,
  "is_geo_fencing_enabled": false,
  "name": "TEST_EVENT2",
  "chains": [
    {
      "apply_for_ep_owner": false,
      "image_name": "default",
      "required_chain_id": null,
      "is_enabled": true,
      "forced": false,
      "name": "chain",
      "grace_period": null,
      "short_name": "",
      "id": "56ff8384608a11e7afe10800276d2239",
      "is_image_custom": false,
      "methods": [
        "OTP:1",
        "PASSWORD:1"
      ],
      "is_trusted": null
    }
  ],
  "json_data": {},
  "geo_zones": [],
  "id": "59704798608a11e7afe10800276d2239"
}

Create event:
POST/api/v1/events?login_session_id={login_session_id}

URI Parameters
HideShow
login_session_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the login session


Get event by event id:

GET /api/v1/events/59704798608a11e7afe10800276d2239?login_session_id=JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX
Responses200
Body
{
  "type": "Generic",
  "endpoints": [],
  "chains": [
    {
      "short_name": "",
      "is_enabled": true,
      "methods": [
        "ANY"
      ],
      "is_trusted": null,
      "is_image_custom": false,
      "grace_period": null,
      "name": "Test-chain",
      "id": "4c9f4524608911e7ae720800276d2239",
      "apply_for_ep_owner": false,
      "image_name": "ANY.png",
      "required_chain_id": null,
      "forced": false
    }
  ],
  "is_enabled": true,
  "json_data": {},
  "is_standard": false,
  "is_geo_fencing_enabled": false,
  "category_id": null,
  "geo_zones": [],
  "id": "4c9e8508608911e7ae720800276d2239",
  "name": "TEST",
  "forced": false
}

Get event by event id:
GET/api/v1/events/{event_id}?login_session_id={login_session_id}

URI Parameters
HideShow
event_id
string (required) Example: 59704798608a11e7afe10800276d2239

ID of the event

login_session_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the login session


Update event:

PUT /api/v1/events/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX?login_session_id=JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX
RequestsSuccessful update session
Body
{
  "name": "Hello, world!",
  "type": "Hello, world!",
  "is_enabled": true,
  "is_geo_fencing_enabled": true,
  "category_id": "Hello, world!",
  "geo_zones": [],
  "chains": [],
  "endpoints": []
}
Schema
{
  "type": "object",
  "properties": {
    "name": {
      "type": "string",
      "description": "event name"
    },
    "type": {
      "type": "string",
      "description": "type of event, one of [\"Generic\",\"OSLogon\",\"PasswordStore\",\"OAuth2\", \"SAML2\"]"
    },
    "is_enabled": {
      "type": "boolean",
      "description": "is event enabled"
    },
    "is_geo_fencing_enabled": {
      "type": "boolean",
      "description": "is geo fencing enabled"
    },
    "category_id": {
      "type": "string",
      "description": "category id"
    },
    "geo_zones": {
      "type": "array",
      "description": "list of geo zones"
    },
    "chains": {
      "type": "array",
      "description": "list of chains"
    },
    "endpoints": {
      "type": "array",
      "description": "list of endpoints"
    }
  },
  "$schema": "http://json-schema.org/draft-04/schema#"
}
Responses200
Body
{
  "is_geo_fencing_enabled": false,
  "forced": false,
  "type": "Generic",
  "json_data": {},
  "id": "a131020c608a11e7a1810800276d2239",
  "geo_zones": [],
  "chains": [],
  "category_id": null,
  "is_enabled": false,
  "name": "TEST2",
  "is_standard": false,
  "endpoints": [
    {
      "is_local": false,
      "software_type": "",
      "is_trusted": false,
      "desc": "",
      "typ": null,
      "is_enabled": true,
      "device_id": "",
      "name": "TEST_ENDPOINT",
      "owner": null,
      "id": "a135281e608a11e7a1810800276d2239"
    }
  ]
}

Update event:
PUT/api/v1/events/{event_id}?login_session_id={login_session_id}

URI Parameters
HideShow
event_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the event

login_session_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the login session


Delete event:

DELETE /api/v1/events/59704798608a11e7afe10800276d2239?login_session_id=JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

Delete event:
DELETE/api/v1/events/{event_id}?login_session_id={login_session_id}

URI Parameters
HideShow
event_id
string (required) Example: 59704798608a11e7afe10800276d2239

ID of the event

login_session_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the login session


POST /api/v1/cookies
RequestsGenerate cookie
Body
{
  "login_session_id": "B3XBHzwAHuPfHwMHfSjf3eVdV3glCa0o"
}
Responses200
Body
{
  "server_id": null,
  "cookie_value": "300e82d5d1f31108cd064155728c1dda"
}

Generate cookie value:
POST/api/v1/cookies

Use login_session_id to generate cookie for this session Will return json body with cookie_value and server_id Server_id for single-node configuration is null.


GET /api/v1/cookies/a23as...34ff?server_id=a23as...34ff
Responses200
Body
{
    "user_id": "4f34e2882991440ddd0fd515e0d0236c",
    "user_name": "LOCAL\ADMIN",
    "sid": "GKWrJUBaeBA20KHzHAcmzihNrOgdXooh",
    "repo_id": "3c9c1fd8061e11e6b224080027983191",
    "repo_obj_id": "3caa08a0061e11e6b224080027983191",
    "event_name": "",
    "data_id": ""
}

GET /api/v1/tickets?login_session_id=B3XBHzwAHuPfHwMHfSjf3eVdV3glCa0o&target_endpoint_id=a23as...34ff&target_endpoint_name=endpoint name
Responses200
Body
{
  "login_session_data": "296e9f9d8c19d7f9f....2a674855e3f574cb9e272bf68"
}

Chain image

Provides chain images. This API is not restricted by endpoint/logon session.

Load chain image:

GET /api/v1/chain_image/4f34e2882991440ddd0fd515e0d0236c

Load chain image:
GET/api/v1/chain_image/{image_name}

Do not worry about image cache invalidation, possible to cache forever. When admin uploads new image of the chain, ‘chain.image_name’ changes.

Returns:

PNG file, with appropriate content-type and cache settings. You may use it in src attribute of html image.

Returns default image if image_name is default.

URI Parameters
HideShow
image_name
string (required) Example: 4f34e2882991440ddd0fd515e0d0236c

value of chain.image-name


Status

Read server status and version. Requires endpoint_session_id to read version.

Get server status and version:

GET /api/v1/status
Responses200
Body
{
  "status": "OK",
  "multitenancy_mode": false,
  "version": "5.4"
}

Get server status and version:
GET/api/v1/status

External monitors may check this URL as health indicator. Does not check that database is up and status of the license. Checks that the server is reachable and the web service is running.


Read exact server version, check license, FIPS mode state and system stats:

POST /api/v1/status
Requestsexample 1
Body
{
     "endpoint_session_id": "PefYcnXk8QnqtYxXoaZjKES4pVrLaKzI",  # optional
     "login_session_id": "IxJq1C5Gt6VxGeF65YjKl5R99Q70Lf9H",  # optional
     "tenant_name": "TOP"  # optional
}
Responses200
Body
{
  "status": "OK/NO_LICENSE",
  "multitenancy_mode": false,
  "fips_mode": false,
  "version": "5.4-108",
  "stats": {
    "mem": {
      "free": 961,
      "total": 2013,
      "usage": 52
    },
    "disk": {
      "free": 4437,
      "used": 2856,
      "reserved": 234,
      "usage": 40
    },
    "cpu": {
      "usage": 4
    }
  }
}

Read exact server version, check license, FIPS mode state and system stats:
POST/api/v1/status

  • Returns HTTP code 200 only in case everything is OK.

  • Checks the license of tenant_name (“TOP”, by default).

  • Returns HTTP code 555 if NO_LICENSE.

  • Returns exact version number.

  • Returns system stats if admin’s login_session_id provided.

  • External monitors may check this URL as health indicator.

  • No endpoint session in the request - no exact version, still check the license.

  • No admin login session in the request - no system stats.

  • All the sizes in stats are in megabytes.


Logon by Basic Auth to /account

Provides basic authentication.

Authenticate by basic authentication header:

GET /account/basic
Requestsauthorization by PASSWORD:1
Headers
Authorization: Basic <base64 of credentials>
Responses302
Headers
Location: /account

Authenticate by basic authentication header:
GET/account/basic

Credentials format:

login:method_name:password

Examples:

  • Authorization: {base64 of REPO\user1:LDAP_PASSWORD:1:user1_password}

  • Authorization: {base64 of TENANT\REPO\user1:HOTP:1:user1_password}

  • Authorization: {base64 of user1:HOTP:1:user1_password}


Methods

Do PASSWORD:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsCorrect request
Body
{
  "login_session_id": "rBT79CAz8AWh1o920OrHumx32iaToCU9",
  "response": {
    "password": "super_password"
  }
}
Responses200
Body
{
  "reason": "",
  "method_id": "PASSWORD:1",
  "status": "OK",
  "msg": ""
}

Do PASSWORD:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

PASSWORD:1 enroll steps:

  1. Send request with password to do_enroll and check status

Error reasons:

  • PASSWORD_BAD_CONFIRMATION

  • PASSWORD_EMPTY

  • PASSWORD_UNCHANGED

  • PASSWORD_TOO_SHORT

  • PASSWORD_TOO_SIMPLE

URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do PASSWORD:1 logon:

POST /api/v1/logon/TTPeglOJxUZ3R8IV3e5vwUgUQACs8fBS/do_logon
RequestsSimple virtual password doLogon
Body
{
  "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
  "response": {
    "answer": "my-password"
  }
}
Responses200
Body
{
  "user_id": "4f34e2882991440ddd0fd515e0d0236c",
  "completed_methods": [
    "PASSWORD:1"
  ],
  "repo_id": "3c9c1fd8061e11e6b224080027983191",
  "status": "OK",
  "repo_obj_id": "3caa08a0061e11e6b224080027983191",
  "event_data_id": "",
  "logon_process_id": "jImh3267QFyZ9pXjSGPj5EIhpKKU8Xu9",
  "user_name": "LOCAL\ADMIN",
  "login_session_id": "TmPxkC98vF4FGhDvqedjXItbmGjVJYTD",
  "plugins": [],
  "event_name": "",
  "chains": [
    {
      "name": "TEST CHAIN",
      "position": 1000,
      "id_hex": null,
      "apply_for_ep_owner": false,
      "required_chain_id_hex": null,
      "methods": [
        "ANY"
      ],
      "short_name": "",
      "image_name": "ANY.png",
      "is_trusted": null,
      "is_enabled": true,
      "grace_period": null
    }
  ],
  "current_method": "PASSWORD:1",
  "msgid": "AUCORE-2001",
  "msg": "Welcome!",
  "data_id": ""
}

Do PASSWORD:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

PASSWORD:1 logon steps:

  1. Send password to do_logon and check status

Error reasons:

  • PASSWORD_UNDEFINED

  • PASSWORD_WRONG

  • PASSWORD_EXPIRED

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: TTPeglOJxUZ3R8IV3e5vwUgUQACs8fBS

ID of the logon process


Do EMERG_PASSWORD:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsCorrect request
Body
{
  "login_session_id": "rBT79CAz8AWh1o920OrHumx32iaToCU9",
  "response": {
    "password": "emerg_password"
  }
}
Responses200
Body
{
  "reason": "",
  "method_id": "EMERG_PASSWORD:1",
  "status": "OK",
  "msg": ""
}

Do EMERG_PASSWORD:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

EMERG_PASSWORD:1 enroll steps:

  1. Send request with password to do_enroll and check status
URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do EMERG_PASSWORD:1 logon:

POST /api/v1/logon/TTPeglOJxUZ3R8IV3e5vwUgUQACs8fBS/do_logon
RequestsEmergency password doLogon
Body
{
  "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
  "response": {
    "answer": "my-emergency-password"
  }
}
Responses200
Body
{
  "user_id": "4f34e2882991440ddd0fd515e0d0236c",
  "completed_methods": [
    "EMERG_PASSWORD:1"
  ],
  "repo_id": "3c9c1fd8061e11e6b224080027983191",
  "status": "OK",
  "repo_obj_id": "3caa08a0061e11e6b224080027983191",
  "event_data_id": "",
  "logon_process_id": "jImh3267QFyZ9pXjSGPj5EIhpKKU8Xu9",
  "user_name": "LOCAL\ADMIN",
  "login_session_id": "TmPxkC98vF4FGhDvqedjXItbmGjVJYTD",
  "plugins": [],
  "event_name": "",
  "chains": [
    {
      "name": "TEST CHAIN",
      "position": 1000,
      "id_hex": null,
      "apply_for_ep_owner": false,
      "required_chain_id_hex": null,
      "methods": [
        "ANY"
      ],
      "short_name": "",
      "image_name": "ANY.png",
      "is_trusted": null,
      "is_enabled": true,
      "grace_period": null
    }
  ],
  "current_method": "EMERG_PASSWORD:1",
  "msgid": "AUCORE-2001",
  "msg": "Welcome!",
  "data_id": ""
}

Do EMERG_PASSWORD:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

EMERG_PASSWORD:1 logon steps:

  1. Send password to do_logon and check status

Error reasons:

  • EMERG_PASSWORD_EXPIRED

  • EMERG_PASSWORD_INEFFECTIVE

  • EMERG_PASSWORD_EXHAUSTED

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: TTPeglOJxUZ3R8IV3e5vwUgUQACs8fBS

ID of the logon process


Do LDAP_PASSWORD:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsLDAP_PASSWORD:1 enroll
Body
{
  "login_session_id": "IxJq1C5Gt6VxGeF65YjKl5R99Q70Lf9H"
}
Responses200
Body
{
  "reason": "",
  "method_id": "LDAP_PASSWORD:1",
  "status": "OK",
  "msg": ""
}

Do LDAP_PASSWORD:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

LDAP_PASSWORD:1 enroll steps:

  1. Send empty request to do_enroll and check status
URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do LDAP_PASSWORD:1 logon:

POST /api/v1/logon/jImh3267QFyZ9pXjSGPj5EIhpKKU8Xu9/do_logon
RequestsSimple ldap password doLogon
Body
{
  "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
  "response": {
    "answer": "my-ldap-password"
  }
}
Responses200
Body
{
  "user_id": "4f34e2882991440ddd0fd515e0d0236c",
  "completed_methods": [
    "LDAP_PASSWORD:1"
  ],
  "repo_id": "3c9c1fd8061e11e6b224080027983191",
  "status": "OK",
  "repo_obj_id": "3caa08a0061e11e6b224080027983191",
  "event_data_id": "",
  "logon_process_id": "jImh3267QFyZ9pXjSGPj5EIhpKKU8Xu9",
  "user_name": "LOCAL\ADMIN",
  "login_session_id": "TmPxkC98vF4FGhDvqedjXItbmGjVJYTD",
  "plugins": [],
  "event_name": "",
  "chains": [
    {
      "name": "TEST CHAIN",
      "position": 1000,
      "id_hex": null,
      "apply_for_ep_owner": false,
      "required_chain_id_hex": null,
      "methods": [
        "ANY"
      ],
      "short_name": "",
      "image_name": "ANY.png",
      "is_trusted": null,
      "is_enabled": true,
      "grace_period": null
    }
  ],
  "current_method": "LDAP_PASSWORD:1",
  "msgid": "AUCORE-2001",
  "msg": "Welcome!",
  "data_id": ""
}

Do LDAP_PASSWORD:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

LDAP_PASSWORD:1 logon steps:

  1. Send password to do_logon and check status

Error reasons:

  • LDAP_PASSWORD_UNDEFINED

  • LDAP_PASSWORD_WRONG

  • LDAP_PASSWORD_ACCOUNT_RESTRICTION

  • LDAP_PASSWORD_INVALID_LOGON_HOURS

  • LDAP_PASSWORD_INVALID_WORKSTATION

  • LDAP_PASSWORD_ACCOUNT_DISABLED

  • LDAP_PASSWORD_TOO_MANY_CONTEXT_IDS

  • LDAP_PASSWORD_ACCOUNT_EXPIRED

  • LDAP_PASSWORD_MUST_CHANGE

  • LDAP_PASSWORD_ACCOUNT_LOCKED_OUT

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: jImh3267QFyZ9pXjSGPj5EIhpKKU8Xu9

ID of the logon process


Do TOTP:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsCorrect request
Body
{
  "login_session_id": "rBT79CAz8AWh1o920OrHumx32iaToCU9",
  "response": {
    "secret": "0000000000000100"
  }
}
Responses200
Body
{
  "reason": "",
  "method_id": "TOTP:1",
  "status": "OK",
  "msg": ""
}

Do TOTP:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

TOTP:1 enroll steps:

  1. Send request with secret to do_enroll and check status

Error reasons:

  • TOTP_SCAN_QR

TOTP auth_template is shared secret and acceptance period (oath default is 30 sec)

Request fields:

  • secret, hex or base32 string

  • is_base32_secret, optional, default False

  • period, optional, default 30

  • otp_format, optional, one of [dec4, dec6, dec7, dec8]

  • hash, optional, one of hashlib.algorithms_guaranteed

URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do TOTP:1 logon:

POST /api/v1/logon/f0fzSCkoGcCFMJTDRalx5nnsC9zEYHBQ/do_logon
RequestsSimple TOTP password doLogon
Body
{
  "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
  "response": {
    "answer": "123456"
  }
}
Responses200
Body
{
    "event_data_id": "",
    "msgid": "AUCORE-2001",
    "logon_process_id": "f0fzSCkoGcCFMJTDRalx5nnsC9zEYHBQ",
    "login_session_id": "9QHUl8xbBNo4PUO6UXYzbHltNaMmNpSL",
    "current_method": "TOTP:1",
    "chains": [
    {
      "position": 1000,
      "short_name": "",
      "grace_period": null,
      "methods": [
        "ANY"
      ],
      "is_enabled": true,
      "name": "TEST CHAIN",
      "id_hex": null,
      "required_chain_id_hex": null,
      "is_trusted": null,
      "apply_for_ep_owner": false,
      "image_name": "ANY.png"
    }
    ],
    "repo_obj_id": "c0fd1ab20b0e11e6b224080027983191",
    "plugins": [],
    "msg": "Welcome!",
    "status": "OK",
    "user_id": "84a0a279d391de4b2fd70ea38b46d3ce",
    "data_id": "",
    "event_name": "",
    "repo_id": "c0eeb0ee0b0e11e6b224080027983191",
    "completed_methods": [
    "TOTP:1"
    ],
    "user_name": "LOCAL\ADMIN"
}

Do TOTP:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

TOTP:1 logon steps:

  1. Send otp-password to do_logon and check status

Error reasons:

  • TOTP_PASSWORD_UNDEFINED

  • TOTP_WAIT_MINUTE

  • TOTP_PASSWORD_WRONG

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: f0fzSCkoGcCFMJTDRalx5nnsC9zEYHBQ

ID of the logon process


Do HOTP:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsCorrect request with secret and counterCorrect request with hotps
Body
{
  "login_session_id": "rBT79CAz8AWh1o920OrHumx32iaToCU9",
  "response": {
    "secret": "0000000000000100",
    "counter": 10
  }
}
Responses200
Body
{
  "reason": "",
  "method_id": "HOTP:1",
  "status": "OK",
  "msg": ""
}
Body
{
    "login_session_id":"rBT79CAz8AWh1o920OrHumx32iaToCU9",
    "response":{
           "secret": "0000000000000100",
            "hotp1": "472265",
            "hotp2": "194708"
            "hotp3": "468067"
            }
}
Responses200
Body
{
  "reason": "",
  "method_id": "HOTP:1",
  "status": "OK",
  "msg": ""
}

Do HOTP:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

HOTP:1 enroll steps:

  1. Send request with secret and counter (or 3 hotp and secret) to do_enroll and check status

Remember user device (smartphone etc.) HOTP secret and algoritm parameters

HOTP auth_template is shared secret and starting counter

Request fields:

  • secret, hex string, required

  • counter, integer, required

  • hash, optional, one of hashlib.algorithms_guaranteed

  • token_public_id, optional, Yubikey tokens can be configured to insert their public ID before OTP

  • hotp1, hotp2, hotp3, consecutive otp password, required

  • secret, hex string, required

  • hash, optional, one of hashlib.algorithms_guaranteed

  • token_public_id, optional, Yubikey tokens can be configured to insert their public ID before OTP

URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do HOTP:1 logon:

POST /api/v1/logon/fae8kchtfY2p2t3W0OWrCS3UHu3nf6eM/do_logon
RequestsSimple HOTP password doLogon
Body
{
  "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
  "response": {
    "answer": "123456"
  }
}
Responses200
Body
{
    "event_data_id": "",
    "msgid": "AUCORE-2001",
    "logon_process_id": "fae8kchtfY2p2t3W0OWrCS3UHu3nf6eM",
    "login_session_id": "iCFCUvGVK9zlDQtWa018UWKUwuNHEYcn",
    "current_method": "HOTP:1",
    "chains": [
    {
      "position": 1000,
      "short_name": "",
      "grace_period": null,
      "methods": [
        "ANY"
      ],
      "is_enabled": true,
      "name": "TEST CHAIN",
      "id_hex": null,
      "required_chain_id_hex": null,
      "is_trusted": null,
      "apply_for_ep_owner": false,
      "image_name": "ANY.png"
    }
    ],
    "repo_obj_id": "c0fd1ab20b0e11e6b224080027983191",
    "plugins": [],
    "msg": "Welcome!",
    "status": "OK",
    "user_id": "84a0a279d391de4b2fd70ea38b46d3ce",
    "data_id": "",
    "event_name": "",
    "repo_id": "c0eeb0ee0b0e11e6b224080027983191",
    "completed_methods": [
    "HOTP:1"
    ],
    "user_name": "LOCAL\ADMIN"
    }

Do HOTP:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

HOTP:1 logon steps:

  1. Send otp-password to do_logon and check status

Error reasons:

  • HOTP_PASSWORD_WRONG

  • HOTP_PASSWORD_UNDEFINED

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: fae8kchtfY2p2t3W0OWrCS3UHu3nf6eM

ID of the logon process


Do SMS_OTP:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsCorrect request
Body
{
    "login_session_id":"rBT79CAz8AWh1o920OrHumx32iaToCU9",
    "response":
        {
            "mobile_phone" : "+123456789" // (optional, if missed phone from repository will be used)
        }
}
Responses200
Body
{
  "reason": "",
  "method_id": "SMS_OTP:1",
  "status": "OK",
  "msg": ""
}

Do SMS_OTP:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

SMS_OTP:1 enroll steps:

  1. Send empty request to do_enroll and check status
URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do SMS_OTP:1 logon:

POST /api/v1/logon/T3Hc3fwHIN4pyJ9gEBaWC416gKRTANQv/do_logon
Requests1. Send message to user2. Enter password from SMS3. Enter password from SMS unsuccessfully
Body
{
  "endpoint_session_id": "eRPr3yB92MgYySHk8I8yj5twuuf3PAUa"
}
Responses200
Body
{
  "event_name": "",
  "current_method": "SMS_OTP:1",
  "reason": "OTP_WAITING_PASSWORD",
  "msgid": "AUCORE-2012",
  "completed_methods": [],
  "logon_process_id": "T3Hc3fwHIN4pyJ9gEBaWC416gKRTANQv",
  "plugins": [],
  "status": "MORE_DATA",
  "event_data_id": "",
  "msg": "OTP password sent, please enter",
  "chains": [
    {
      "short_name": "",
      "position": 1000,
      "id_hex": null,
      "required_chain_id_hex": null,
      "is_trusted": null,
      "image_name": "ANY.png",
      "is_enabled": true,
      "methods": [
        "ANY"
      ],
      "name": "TEST CHAIN",
      "apply_for_ep_owner": false,
      "grace_period": null
    }
  ]
}
Body
{
  "endpoint_session_id": "eRPr3yB92MgYySHk8I8yj5twuuf3PAUa",
  "response": {
    "answer": "246635"
  }
}
Responses200
Body
{
    "user_id": "dfd5acc4dc8fdb8c712d8b9c8e8a10ad",
    "user_name": "LDS\Admin",
    "data_id": "",
    "event_data_id": "",
    "status": "OK",
    "msgid": "AUCORE-2001",
    "completed_methods": ["SMS_OTP:1"],
    "msg": "Welcome!",
    "repo_id": "4c8449de0c4f11e6b18c080027983191",
    "event_name": "",
    "chains": [
        {
            "short_name": "",
            "position": 1000,
            "id_hex": null,
            "required_chain_id_hex": null,
            "is_trusted": null,
            "image_name": "ANY.png",
            "is_enabled": true,
            "methods": ["ANY"],
            "name": "TEST CHAIN",
            "apply_for_ep_owner": false,
            "grace_period": null
        }
    ],
    "repo_obj_id": "11a2916c4521e14e83ad19b0165311d1",
    "user_mobile_phone": ["+12345678901"],
    "current_method": "SMS_OTP:1",
    "user_sid_hex": "0105000016ef19f498f9c6c5e52ce57b56b2314ba46e9bdd41d24e5d",
    "user_cn": "Admin",
    "logon_process_id": "T3Hc3fwHIN4pyJ9gEBaWC416gKRTANQv",
    "plugins": [],
    "user_sid": "S-1-384768500-3318151576-2078616805-1261548118-3717951140-1565446721",
    "login_session_id": "HG72YHJloobSOVuIQAobht2tSeSnvl6Z",
    "user_dn": "CN=Admin,CN=test"
}
Body
{
  "endpoint_session_id": "eRPr3yB92MgYySHk8I8yj5twuuf3PAUa",
  "response": {
    "answer": "795191"
  }
}
Responses200
Body
{
  "msg": "Wrong answer. Please try again",
  "reason": "OTP_WRONG_PASSWORD",
  "current_method": "SMS_OTP:1",
  "plugins": [],
  "status": "MORE_DATA",
  "chains": [
    {
      "short_name": "",
      "id_hex": null,
      "is_enabled": true,
      "position": 1000,
      "image_name": "ANY.png",
      "methods": [
        "ANY"
      ],
      "required_chain_id_hex": null,
      "name": "TEST CHAIN",
      "grace_period": null,
      "apply_for_ep_owner": false,
      "is_trusted": null
    }
  ],
  "event_data_id": "",
  "event_name": "",
  "logon_process_id": "T3Hc3fwHIN4pyJ9gEBaWC416gKRTANQv",
  "msgid": "AUCORE-2015",
  "completed_methods": []
}

Do SMS_OTP:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

SMS_OTP:1 logon steps:

  1. Send empty request to do_logon to send sms

  2. Send request with password from received sms to do_logon and check status

Error reasons:

  • OTP_CANNOT_SEND

  • OTP_TOO_MANY_SENT

  • OTP_WAITING_PASSWORD

  • OTP_NO_PASSWORD

  • OTP_PASSWORD_EXPIRED

  • OTP_WRONG_PASSWORD

  • OTP_TOO_MANY_REQUESTS

  • OTP_NO_EXPLICIT_RECIPIENT

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: T3Hc3fwHIN4pyJ9gEBaWC416gKRTANQv

ID of the logon process


Do SMS_OTP:1 method call:

POST /api/v1/logon_method/SMS_OTP:1
RequestsCorrect request
Body
{
    "endpoint_session_id":"rBT79CAz8AWh1o920OrHumx32iaToCU9", (trusted endpoint required)
    "mobile_phone": "+123456789"
}
Responses200
Body
{
  "otp": "123456"
}

Do SMS_OTP:1 method call:
POST/api/v1/logon_method/SMS_OTP:1

SMS_OTP:1 method steps:

  1. Send recipient mobile phone in request and check OTP

Do EMAIL_OTP:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsCorrect request
Body
{
    "login_session_id":"rBT79CAz8AWh1o920OrHumx32iaToCU9",
    "response":
        {
            "email" : "test@domain.com" //(optional, if missed mail from repository will be used)
        }
}
Responses200
Body
{
  "reason": "",
  "method_id": "EMAIL_OTP:1",
  "status": "OK",
  "msg": ""
}

Do EMAIL_OTP:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

EMAIL_OTP:1 enroll steps:

  1. Send empty request to do_enroll and check status
URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do EMAIL_OTP:1 logon:

POST /api/v1/logon/DjCTzG4tuJdwTmdWhtkbUggbertp2d6E/do_logon
Requests1. Send message to user2. Enter password from Email successfully3. Enter password from Email unsuccessfully
Body
{
  "endpoint_session_id": "caclPKkiAOkbwUMyX6kvMlIVtOdMwgvW"
}
Responses200
Body
{
  "event_name": "",
  "current_method": "EMAIL_OTP:1",
  "reason": "OTP_WAITING_PASSWORD",
  "msgid": "AUCORE-2012",
  "completed_methods": [],
  "logon_process_id": "DjCTzG4tuJdwTmdWhtkbUggbertp2d6E",
  "plugins": [],
  "status": "MORE_DATA",
  "event_data_id": "",
  "msg": "OTP password sent, please enter",
  "chains": [
    {
      "short_name": "",
      "position": 1000,
      "id_hex": null,
      "required_chain_id_hex": null,
      "is_trusted": null,
      "image_name": "ANY.png",
      "is_enabled": true,
      "methods": [
        "ANY"
      ],
      "name": "TEST CHAIN",
      "apply_for_ep_owner": false,
      "grace_period": null
    }
  ]
}
Body
{
  "endpoint_session_id": "caclPKkiAOkbwUMyX6kvMlIVtOdMwgvW",
  "response": {
    "answer": "795199"
  }
}
Responses200
Body
{
    "user_id": "470671fbf0227d268c2cc7d6b756e2c0",
    "user_name": "LDS\Admin",
    "data_id": "",
    "event_data_id": "",
    "status": "OK",
    "msgid": "AUCORE-2001",
    "completed_methods": ["EMAIL_OTP:1"],
    "msg": "Welcome!",
    "repo_id": "d65f2f4e0c4e11e6b18c080027983191",
    "event_name": "",
    "user_email": "test@localhost",
    "repo_obj_id": "11a2916c4521e14e83ad19b0165311d1",
    "current_method": "EMAIL_OTP:1",
    "user_sid_hex": "0105000016ef19f498f9c6c5e52ce57b56b2314ba46e9bdd41d24e5d",
    "chains": [
        {
            "short_name": "",
            "position": 1000,
            "id_hex": null,
            "required_chain_id_hex": null,
            "is_trusted": null,
            "image_name": "ANY.png",
            "is_enabled": true,
            "methods": ["ANY"],
            "name": "TEST CHAIN",
            "apply_for_ep_owner": false,
            "grace_period": null
        }
    ],
    "user_cn": "Admin",
    "logon_process_id": "DjCTzG4tuJdwTmdWhtkbUggbertp2d6E",
    "plugins": [],
    "user_sid": "S-1-384768500-3318151576-2078616805-1261548118-3717951140-1565446721",
    "login_session_id": "VqtNECMXwMIRDLqbOFG8pBbTbG8lfSTT",
    "user_dn": "CN=Admin,CN=test"
}
Body
{
  "endpoint_session_id": "caclPKkiAOkbwUMyX6kvMlIVtOdMwgvW",
  "response": {
    "answer": "795191"
  }
}
Responses200
Body
{
  "msg": "Wrong answer. Please try again",
  "reason": "OTP_WRONG_PASSWORD",
  "current_method": "EMAIL_OTP:1",
  "plugins": [],
  "status": "MORE_DATA",
  "chains": [
    {
      "short_name": "",
      "id_hex": null,
      "is_enabled": true,
      "position": 1000,
      "image_name": "ANY.png",
      "methods": [
        "ANY"
      ],
      "required_chain_id_hex": null,
      "name": "TEST CHAIN",
      "grace_period": null,
      "apply_for_ep_owner": false,
      "is_trusted": null
    }
  ],
  "event_data_id": "",
  "event_name": "",
  "logon_process_id": "DjCTzG4tuJdwTmdWhtkbUggbertp2d6E",
  "msgid": "AUCORE-2015",
  "completed_methods": []
}

Do EMAIL_OTP:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

EMAIL_OTP:1 logon steps:

  1. Send empty request to do_logon to send email

  2. Send request with password from received email to do_logon and check status

Error reasons:

  • OTP_CANNOT_SEND

  • OTP_TOO_MANY_SENT

  • OTP_WAITING_PASSWORD

  • OTP_NO_PASSWORD

  • OTP_PASSWORD_EXPIRED

  • OTP_WRONG_PASSWORD

  • OTP_TOO_MANY_REQUESTS

  • OTP_NO_EXPLICIT_RECIPIENT

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: DjCTzG4tuJdwTmdWhtkbUggbertp2d6E

ID of the logon process


Do EMAIL_OTP:1 method call:

POST /api/v1/logon_method/EMAIL_OTP:1
RequestsCorrect request
Body
{
    "endpoint_session_id": "rBT79CAz8AWh1o920OrHumx32iaToCU9", (trusted endpoint required)
    "email": "test@domain.com"
}
Responses200
Body
{
  "otp": "123456"
}

Do EMAIL_OTP:1 method call:
POST/api/v1/logon_method/EMAIL_OTP:1

EMAIL_OTP:1 method steps:

  1. Send recipient email in request and check OTP

Do VOICE_OTP:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsCorrect request
Body
{
    "login_session_id":"rBT79CAz8AWh1o920OrHumx32iaToCU9"
    'mobile_phone' : '+123456789' (optional, if missed phone from repository will be used)
}
Responses200
Body
{
  "reason": "",
  "method_id": "VOICE_OTP:1",
  "status": "OK",
  "msg": ""
}

Do VOICE_OTP:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

VOICE_OTP:1 enroll steps:

  1. Send request to do_enroll and check status
URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do VOICE_OTP:1 logon:

POST /api/v1/logon/T3Hc3fwHIN4pyJ9gEBaWC416gKRTANQv/do_logon
Requests1. Send message to user2. Enter password from call3. Enter password from call unsuccessfully
Body
{
  "endpoint_session_id": "eRPr3yB92MgYySHk8I8yj5twuuf3PAUa"
}
Responses200
Body
{
  "event_name": "",
  "current_method": "VOICE_OTP:1",
  "reason": "OTP_WAITING_PASSWORD",
  "msgid": "AUCORE-2012",
  "completed_methods": [],
  "logon_process_id": "T3Hc3fwHIN4pyJ9gEBaWC416gKRTANQv",
  "plugins": [],
  "status": "MORE_DATA",
  "event_data_id": "",
  "msg": "OTP password sent, please enter",
  "chains": [
    {
      "short_name": "",
      "position": 1000,
      "id_hex": null,
      "required_chain_id_hex": null,
      "is_trusted": null,
      "image_name": "ANY.png",
      "is_enabled": true,
      "methods": [
        "ANY"
      ],
      "name": "TEST CHAIN",
      "apply_for_ep_owner": false,
      "grace_period": null
    }
  ]
}
Body
{
  "endpoint_session_id": "eRPr3yB92MgYySHk8I8yj5twuuf3PAUa",
  "response": {
    "answer": "246635"
  }
}
Responses200
Body
{
    "user_id": "dfd5acc4dc8fdb8c712d8b9c8e8a10ad",
    "user_name": "LDS\Admin",
    "data_id": "",
    "event_data_id": "",
    "status": "OK",
    "msgid": "AUCORE-2001",
    "completed_methods": ["VOICE_OTP:1"],
    "msg": "Welcome!",
    "repo_id": "4c8449de0c4f11e6b18c080027983191",
    "event_name": "",
    "chains": [
        {
            "short_name": "",
            "position": 1000,
            "id_hex": null,
            "required_chain_id_hex": null,
            "is_trusted": null,
            "image_name": "ANY.png",
            "is_enabled": true,
            "methods": ["ANY"],
            "name": "TEST CHAIN",
            "apply_for_ep_owner": false,
            "grace_period": null
        }
    ],
    "repo_obj_id": "11a2916c4521e14e83ad19b0165311d1",
    "user_mobile_phone": ["+12345678901"],
    "current_method": "VOICE_OTP:1",
    "user_sid_hex": "0105000016ef19f498f9c6c5e52ce57b56b2314ba46e9bdd41d24e5d",
    "user_cn": "Admin",
    "logon_process_id": "T3Hc3fwHIN4pyJ9gEBaWC416gKRTANQv",
    "plugins": [],
    "user_sid": "S-1-384768500-3318151576-2078616805-1261548118-3717951140-1565446721",
    "login_session_id": "HG72YHJloobSOVuIQAobht2tSeSnvl6Z",
    "user_dn": "CN=Admin,CN=test"
}
Body
{
  "endpoint_session_id": "eRPr3yB92MgYySHk8I8yj5twuuf3PAUa",
  "response": {
    "answer": "795191"
  }
}
Responses200
Body
{
  "msg": "Wrong answer. Please try again",
  "reason": "OTP_WRONG_PASSWORD",
  "current_method": "VOICE_OTP:1",
  "plugins": [],
  "status": "MORE_DATA",
  "chains": [
    {
      "short_name": "",
      "id_hex": null,
      "is_enabled": true,
      "position": 1000,
      "image_name": "ANY.png",
      "methods": [
        "ANY"
      ],
      "required_chain_id_hex": null,
      "name": "TEST CHAIN",
      "grace_period": null,
      "apply_for_ep_owner": false,
      "is_trusted": null
    }
  ],
  "event_data_id": "",
  "event_name": "",
  "logon_process_id": "T3Hc3fwHIN4pyJ9gEBaWC416gKRTANQv",
  "msgid": "AUCORE-2015",
  "completed_methods": []
}

Do VOICE_OTP:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

VOICE_OTP:1 logon steps:

  1. Send empty request to do_logon to initiate call

  2. Send request with password from call to do_logon and check status

Error reasons:

  • OTP_CANNOT_SEND

  • OTP_TOO_MANY_SENT

  • OTP_WAITING_PASSWORD

  • OTP_NO_PASSWORD

  • OTP_PASSWORD_EXPIRED

  • OTP_WRONG_PASSWORD

  • OTP_TOO_MANY_REQUESTS

  • OTP_NO_EXPLICIT_RECIPIENT

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: T3Hc3fwHIN4pyJ9gEBaWC416gKRTANQv

ID of the logon process


Do VOICE_OTP:1 method call:

POST /api/v1/logon_method/VOICE_OTP:1
RequestsCorrect request
Body
{
    "endpoint_session_id":"rBT79CAz8AWh1o920OrHumx32iaToCU9", (trusted endpoint required)
    "mobile_phone": "+123456789"
}
Responses200
Body
{
  "otp": "3456"
}

Do VOICE_OTP:1 method call:
POST/api/v1/logon_method/VOICE_OTP:1

VOICE_OTP:1 method steps:

  1. Send recipient mobile phone in request and check OTP

Do RADIUS:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsRadius enroll
Body
{
  "login_session_id": "rBT79CAz8AWh1o920OrHumx32iaToCU9"
}
Responses200
Body
{
  "reason": "",
  "method_id": "RADIUS:1",
  "status": "OK",
  "msg": ""
}

Do RADIUS:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

RADIUS:1 enroll steps:

  1. Send request with fields bellow to do_enroll and check status

Request fields:

  • user_name (optional) - send to RADIUS instead of user.user_name

  • send_reponame (optional) - send ‘repository_name\peter’, not just ‘peter’

URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do RADIUS:1 logon:

POST /api/v1/logon/TTPeglOJxUZ3R8IV3e5vwUgUQACs8fBS/do_logon
RequestsRadius password doLogon
Body
{
  "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
  "response": {
    "answer": "my-radius-password"
  }
}
Responses200
Body
{
  "user_id": "4f34e2882991440ddd0fd515e0d0236c",
  "completed_methods": [
    "EMERG_PASSWORD:1"
  ],
  "repo_id": "3c9c1fd8061e11e6b224080027983191",
  "status": "OK",
  "repo_obj_id": "3caa08a0061e11e6b224080027983191",
  "event_data_id": "",
  "logon_process_id": "jImh3267QFyZ9pXjSGPj5EIhpKKU8Xu9",
  "user_name": "LOCAL\ADMIN",
  "login_session_id": "TmPxkC98vF4FGhDvqedjXItbmGjVJYTD",
  "plugins": [],
  "event_name": "",
  "chains": [
    {
      "name": "TEST CHAIN",
      "position": 1000,
      "id_hex": null,
      "apply_for_ep_owner": false,
      "required_chain_id_hex": null,
      "methods": [
        "ANY"
      ],
      "short_name": "",
      "image_name": "ANY.png",
      "is_trusted": null,
      "is_enabled": true,
      "grace_period": null
    }
  ],
  "current_method": "EMERG_PASSWORD:1",
  "msgid": "AUCORE-2001",
  "msg": "Welcome!",
  "data_id": ""
}

Do RADIUS:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

RADIUS:1 logon steps:

  1. Send password to do_logon and check status

Error reasons:

  • RADIUS_WRONG_PASSWORD
URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: TTPeglOJxUZ3R8IV3e5vwUgUQACs8fBS

ID of the logon process


Do SECQUEST:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
Requests1. Get questions2. Send answers
Body
{
  "login_session_id": "ySHjXQyPAH1dIXYeq3arbMQd7wyP3mMm"
}
Responses200
Body
{
  "msgid": "AUCORE-2046",
  "method_id": "SECQUEST:1",
  "reason": "SECQUEST_WAITING_ANSWERS",
  "status": "MORE_DATA",
  "msg": "Waiting for answers...",
  "questions": {
    "0": "question #0",
    "1": "question #1",
    "2": "question #2",
    "3": "question #3",
    "4": "question #4",
    "5": "question #5",
    "6": "question #6",
    "7": "question #7",
    "8": "question #8",
    "9": "question #9"
  }
}
Body
{
  "response": {
    "answers": {
      "0": "answer #0",
      "1": "answer #1",
      "2": "answer #2",
      "3": "answer #3",
      "4": "answer #4",
      "5": "answer #5",
      "6": "answer #6",
      "7": "answer #7",
      "8": "answer #8",
      "9": "answer #9"
    }
  },
  "login_session_id": "ySHjXQyPAH1dIXYeq3arbMQd7wyP3mMm"
}
Responses200
Body
{
  "msg": "",
  "method_id": "SECQUEST:1",
  "reason": "",
  "status": "OK"
}

Do SECQUEST:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

SECQUEST:1 enroll steps:

  1. Send empty request to do_enroll to receive questions

  2. Send answers to do_enroll and check status

Error reasons:

  • SECQUEST_WAITING_ANSWERS
URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do SECQUEST:1 logon:

POST /api/v1/logon/2rMurbLwdVVmL4MZYnaJQdh1RWV7ekDx/do_logon
Requests1. Get questions from service2. Send answers
Body
{
  "endpoint_session_id": "peSWzJrCY3BH10TaP6nRrZiQy8ahauIt"
}
Responses200
Body
{
  "status": "MORE_DATA",
  "plugins": [],
  "event_name": "",
  "chains": [
    {
      "apply_for_ep_owner": false,
      "is_trusted": null,
      "image_name": "ANY.png",
      "short_name": "",
      "id_hex": null,
      "position": 1000,
      "grace_period": null,
      "is_enabled": true,
      "methods": [
        "ANY"
      ],
      "required_chain_id_hex": null,
      "name": "TEST CHAIN"
    }
  ],
  "reason": "SECQUEST_WAITING_ANSWERS",
  "method_id": "SECQUEST:1",
  "questions": {
    "1": "question #1",
    "2": "question #2",
    "3": "question #3",
    "4": "question #4",
    "7": "question #7"
  },
  "msg": "Waiting for answers...",
  "event_data_id": "",
  "msgid": "AUCORE-2046",
  "completed_methods": [],
  "logon_process_id": "2rMurbLwdVVmL4MZYnaJQdh1RWV7ekDx",
  "current_method": "SECQUEST:1"
}
Body
{
  "response": {
    "answers": {
      "1": "answer #1",
      "2": "answer #2",
      "3": "answer #3",
      "4": "answer #4",
      "7": "answer #7"
    }
  },
  "endpoint_session_id": "peSWzJrCY3BH10TaP6nRrZiQy8ahauIt"
}
Responses200
Body
{
    "user_name": "LOCAL\ADMIN",
    "plugins": [],
    "logon_process_id": "2rMurbLwdVVmL4MZYnaJQdh1RWV7ekDx",
    "user_id": "bdb2b894ce176333bf70a35f1f961126",
    "msgid": "AUCORE-2001",
    "repo_obj_id": "46dfef2c0c7411e687c1080027983191",
    "status": "OK",
    "event_data_id": "",
    "event_name": "",
    "msg": "Welcome!",
    "current_method": "SECQUEST:1",
    "chains": [
        {
            "apply_for_ep_owner": false,
            "is_trusted": null,
            "image_name": "ANY.png",
            "short_name": "",
            "id_hex": null,
            "position": 1000,
            "grace_period": null,
            "is_enabled": true,
            "methods": ["ANY"],
            "required_chain_id_hex": null,
            "name": "TEST CHAIN"
        }
    ],
    "login_session_id": "doB7cTIWcAaE5tAIar6VnPPnKKf5wHdN",
    "repo_id": "46dac56a0c7411e687c1080027983191",
    "data_id": "",
    "completed_methods": ["SECQUEST:1"]
}

Do SECQUEST:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

SECQUEST:1 logon steps:

  1. Send empty request to do_logon to receive questions

  2. Send answers to do_logon and check status

Error reasons:

  • SECQUEST_WRONG_ANSWERS

  • SECQUEST_WAITING_ANSWERS

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: 2rMurbLwdVVmL4MZYnaJQdh1RWV7ekDx

ID of the logon process


Do U2F:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
Requests1. Ask server for registerRequests2. Forward registerRequests and signRequests to JSAPI, get registerResponse and forward to server
Body
{
  "response": {
    "userName": "user1"
  },
  "login_session_id": "xTIskntGShVlNfkAUiaZUXE7BR3xToue"
}
Responses200
Body
{
  "signRequests": [],
  "registerRequests": [
    {
      "version": "U2F_V2",
      "appId": "https://demo.yubico.com",
      "challenge": "2MSDiW84JXiIfSpUd72XebgBujs2WOA-UmuWzpyUQsk"
    }
  ],
  "method_id": "U2F:1",
  "msgid": "AUCORE-3004",
  "reason": "U2F_WAITING_REG_RESPONSE",
  "status": "MORE_DATA",
  "msg": "Waiting register response"
}
Body
{
  "response": {
    "registerResponse": {
      "registrationData": "BQQ_jNAqemWkTfI9uL4CVo3eQSNIMe66u-pasr8BMuu9maA764C7jDPqXMUWhw8_4tDxeUbM72VJH5fssT6F2vT5QKheRH3Tk0hCuJD94ZRHf0Nkg-JDmLOivamSUeVXvRJaBLOp7N-hhxvoxlChQ-CSzMDqrC7EZ7IqWvl7Ac3xejswggIcMIIBBqADAgECAgRyWMLqMAsGCSqGSIb3DQEBCzAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowKzEpMCcGA1UEAwwgWXViaWNvIFUyRiBFRSBTZXJpYWwgMTQ4MDMzMjE1NzgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASisDmTIlQxnUH6SFTVfKGN62nMmz5Nga45nzI-gRZDme8qlRRnPRV87L-18LzHiQhT7lXPPxogZvTVE5uTizELoxIwEDAOBgorBgEEAYLECgECBAAwCwYJKoZIhvcNAQELA4IBAQG8zBr5C3uVeBjVVaQzcWpgFqztyzEyw0EPNmFkEGwj2SqwbF0cLLaSmtQhSKoqOvOuU4k6aqFAyukyZZMVPZKqAP0Vh0sCMpRMzpDvEZjO3v6gh5Z8bIDmtQAJ5B2nnILyVpc7DA7taj3dUrZzNMD8v-bYjKdTsZJ_QzQstsewIPkoFOIRRtqta0iwkEFiX_cwR11IF-USGcQHKUBoMX65JP9nY6DzQ3XHplOD3bHUOHsCi2MqBZU-1fKOrQJpNP0w8cBQpSk_hsVTm7UiGW_FGrxrIKXfpGfCGICKDxCMfuWKIshu0HjP0pEhowAX1Ls1pie2SoK3-VEhYtkOFRLqMEUCIFnX5ZcO8ZWOKyF6R-tAse3rYdzwFBq4LZzEeXUwn6oMAiEAwNuC4mkjobmeyilaLM4twOAicm-R_x_YKzcQcXIx5cU",
      "clientData": "eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6IjFNX2hrbkxka0Ixb1hySFQxWUZqSHA5NDRpT2w4N2kwd1B5UUV0MW5DYzQiLCJvcmlnaW4iOiJodHRwczovL2RlbW8ueXViaWNvLmNvbSIsImNpZF9wdWJrZXkiOiIifQ"
    }
  },
  "login_session_id": "xTIskntGShVlNfkAUiaZUXE7BR3xToue"
}
Responses200
Body
{
  "reason": "",
  "status": "OK",
  "method_id": "U2F:1",
  "msg": "Enrollment complete",
  "msgid": "AUCORE-3001"
}

Do U2F:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

U2F:1 enroll steps:

  1. Ask server for registerRequests by sending empty request to do_enroll

  2. Forward registerRequests and signRequests to JSAPI, get registerResponse and forward to server to do_enroll

  3. Check status of received response

Error reasons:

  • U2F_WAITING_REG_RESPONSE

  • U2F_NOT_ATTESTED

U2F AP uses camelCasing for parameters. Chrome JS-API (u2f.js) uses this scheme. You simply forward objects such as SignRequest to/from AP and JS-API.

How to build APPID from inside browser:

function getOriginFromUrl(url) { var re = new RegExp(’^(https?😕/)[^/]*/?’); var originarray = re.exec(url); if (originarray == null) return originarray; var origin = originarray[0]; while (origin.charAt(origin.length - 1) == ‘/’) { origin = origin.substring(0, origin.length - 1); } if (origin == ‘http:’ || origin == ‘https:’) return null; return origin; }

var appId = getOriginFromUrl(window.location);
URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do U2F:1 logon:

POST /api/v1/logon/tvV9a4UNEf71yvZDxwJQ179SJnHQndmT/do_logon
Requests1. Ask server for signRequests2. Forward signRequests to JSAPI, get signResponse and forward to server
Body
{
  "endpoint_session_id": "4CkX5jecFnGrv4wIoP83ADpVORjk7zqZ"
}
Responses200
Body
{
  "logon_process_id": "tvV9a4UNEf71yvZDxwJQ179SJnHQndmT",
  "current_method": "U2F:1",
  "reason": "U2F_WAITING_AUTH_RESPONSE",
  "event_data_id": "",
  "msgid": "AUCORE-2059",
  "plugins": [],
  "signRequests": [
    {
      "appId": "https://demo.yubico.com",
      "keyHandle": "qF5EfdOTSEK4kP3hlEd_Q2SD4kOYs6K9qZJR5Ve9EloEs6ns36GHG-jGUKFD4JLMwOqsLsRnsipa-XsBzfF6Ow",
      "version": "U2F_V2",
      "challenge": "NGX54sR5bgHSSJVs7ijQaMi_vV-lz48UqWW-XTlHgX4"
    }
  ],
  "event_name": "TEST",
  "msg": "Waiting for an authentication response",
  "chains": [
    {
      "short_name": "",
      "required_chain_id_hex": null,
      "position": 0,
      "is_enabled": true,
      "methods": [
        "U2F:1"
      ],
      "image_name": "U2F_1.png",
      "grace_period": null,
      "name": "Test-chain",
      "id_hex": "42b312980c8911e69140080027983191",
      "apply_for_ep_owner": false,
      "is_trusted": null
    }
  ],
  "completed_methods": [],
  "status": "MORE_DATA"
}
Body
{
  "response": {
    "signResponse": {
      "keyHandle": "qF5EfdOTSEK4kP3hlEd_Q2SD4kOYs6K9qZJR5Ve9EloEs6ns36GHG-jGUKFD4JLMwOqsLsRnsipa-XsBzfF6Ow",
      "signatureData": "AQAAAKowRAIgFrmzsrUHiUw2ixt20cXLjBRDo7-UoqWqZlNsFcXZL4ECIH45ALRE86ijsKPv_r3zmzhoE34N3NqzgvRJ1f49C1UA",
      "clientData": "eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZ2V0QXNzZXJ0aW9uIiwiY2hhbGxlbmdlIjoiZXYwd3dLR3l5bV9YamdZZkExd2tNT3Y4bGpsOHphS0F5WGdBV3gyUW91OCIsIm9yaWdpbiI6Imh0dHBzOi8vZGVtby55dWJpY28uY29tIiwiY2lkX3B1YmtleSI6IiJ9"
    }
  },
  "endpoint_session_id": "4CkX5jecFnGrv4wIoP83ADpVORjk7zqZ"
}
Responses200
Body
{
    "data_id": "",
    "logon_process_id": "tvV9a4UNEf71yvZDxwJQ179SJnHQndmT",
    "current_method": "U2F:1",
    "event_data_id": "",
    "user_id": "3a76753d7f931751c79fa05d80eb058e",
    "repo_id": "42987aa00c8911e69140080027983191",
    "msgid": "AUCORE-2001",
    "plugins": [],
    "repo_obj_id": "42a3962e0c8911e69140080027983191",
    "event_name": "TEST",
    "msg": "Welcome!",
    "chains": [
        {
            "short_name": "",
            "required_chain_id_hex": null,
            "position": 0,
            "is_enabled": true,
            "methods": ["U2F:1"],
            "image_name": "U2F_1.png",
            "grace_period": null,
            "name": "Test-chain",
            "id_hex": "42b312980c8911e69140080027983191",
            "apply_for_ep_owner": false,
            "is_trusted": null
        }
    ],
    "user_name": "LOCAL\USER1",
    "completed_methods": ["U2F:1"],
    "status": "OK",
    "login_session_id": "Cga6cvaMTaMTaDp5TLZHPOet29O808VL"
}

Do U2F:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

U2F:1 logon steps:

  1. Send empty request to do_logon to ask server for signRequests

  2. Forward signRequests to JSAPI, get signResponse, send it to do_logon and check status

Error reasons:

  • U2F_ALL_TOKENS_COMPROMISED

  • U2F_NO_TOKENS

  • U2F_WAITING_AUTH_RESPONSE

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: tvV9a4UNEf71yvZDxwJQ179SJnHQndmT

ID of the logon process


Do SMARTPHONE:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsGet QR to enrollFinish enroll after phone actions
Body
{
  "login_session_id": "KOYxcRUuuZxDsEhxiycof4XwcuI2lbwk"
}
Responses200
Body
{
  "msg": "Scan this QR code with the smartphone application",
  "msgid": "AUCORE-3003",
  "qrdata": "OOBDATAJgBFHPokfqPOxbVzvKrj61GcZDkHeYd0AWYT9x3qQ0ihO9rRktvpqmnyPdlP5efN/FgLhl5D03bU9NJ6OwnxfODK9p5VHXpKqRYfKJhS/hSL7E4weFC4iGP1M1a9DTKfiRN4/A6XprEbkAQceOZMGDdkzmsh7dUus+0owd3FwBnG7jkkfCAQ1rSeI5P1HFMuPsBCdOUFRbMv3Ju8kXLIQRNrHiotksOCtF2vh1ALN3S4fXoPfpC8Nu13uV3ZU7vU+RL5FuexRktRm3dnoDnT1WrTerDXGVRn3T6Ghlg9UkyxswtW1Ipu8N+7OWIT/4PlQ62mj1xGG2otpPE6qCpWPg==",
  "status": "MORE_DATA",
  "reason": "SMARTPHONE_SCAN_QR",
  "method_id": "SMARTPHONE:1"
}
Body
{
  "login_session_id": "KOYxcRUuuZxDsEhxiycof4XwcuI2lbwk"
}
Responses200
Body
{
  "msg": "",
  "reason": "",
  "status": "OK",
  "method_id": "SMARTPHONE:1"
}

Do SMARTPHONE:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

SMARTPHONE:1 enroll steps:

  1. Send empty request do_enroll to get QA code and check status. User should scan this QR code by application

  2. To check status of enroll application should send empty request to do_enroll until status will not changed for failed or successful.

Error reasons:

  • SMARTPHONE_ENROLL_TIMEOUT

  • SMARTPHONE_WAITING_DATA

  • SMARTPHONE_SCAN_QR

  • SMARTPHONE_WRONG_V4_TEMPLATE

URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do SMARTPHONE:1 logon online:

POST /api/v1/logon/6MwzQQ2AKGtTW0q0q2VEQ3tIs0Y6Py0n/do_logon
Requests1. Send push message to smartphone2a. Finish logon successfully2b. Finish logon failed
Body
{
  "endpoint_session_id": "MDG133vYLaZIBuSvHFF5LfZtSApQHkaQ"
}
Responses200
Body
{
  "reason": "SMARTPHONE_WAITING_DATA",
  "msgid": "AUCORE-2056",
  "msg": "Waiting for smartphone data...",
  "chains": [
    {
      "id_hex": null,
      "is_enabled": true,
      "short_name": "",
      "grace_period": null,
      "image_name": "ANY.png",
      "is_trusted": null,
      "name": "TEST CHAIN",
      "methods": [
        "ANY"
      ],
      "apply_for_ep_owner": false,
      "position": 1000,
      "required_chain_id_hex": null
    }
  ],
  "current_method": "SMARTPHONE:1",
  "status": "MORE_DATA",
  "logon_process_id": "6MwzQQ2AKGtTW0q0q2VEQ3tIs0Y6Py0n",
  "event_name": "",
  "completed_methods": [],
  "event_data_id": "",
  "plugins": [],
  "method_id": "SMARTPHONE:1"
}
Body
{
  "endpoint_session_id": "MDG133vYLaZIBuSvHFF5LfZtSApQHkaQ"
}
Responses200
Body
{
    "user_name": "LOCAL\AG",
    "msgid": "AUCORE-2053",
    "status": "OK",
    "repo_id": "8c4749d20c7111e69e17080027983191",
    "chains": [
        {
            "id_hex": null,
            "is_enabled": true,
            "short_name": "",
            "grace_period": null,
            "image_name": "ANY.png",
            "is_trusted": null,
            "name": "TEST CHAIN",
            "methods": ["ANY"],
            "apply_for_ep_owner": false,
            "position": 1000,
            "required_chain_id_hex": null
        }
    ],
    "current_method": "SMARTPHONE:1",
    "repo_obj_id": "8c4d1b500c7111e69e17080027983191",
    "msg": "Auth accepted",
    "user_id": "187e62bd172488bea921e47ea2be0e7e",
    "login_session_id": "qeDTAoC66hrMIl28xfnfeGbUpNn8nJXR",
    "logon_process_id": "6MwzQQ2AKGtTW0q0q2VEQ3tIs0Y6Py0n",
    "event_name": "",
    "completed_methods": ["SMARTPHONE:1"],
    "event_data_id": "",
    "data_id": "",
    "plugins": [],
    "method_id": "SMARTPHONE:1"
}
Body
{
  "endpoint_session_id": "MDG133vYLaZIBuSvHFF5LfZtSApQHkaQ"
}
Responses200
Body
{
  "event_name": "",
  "current_method": "SMARTPHONE:1",
  "status": "FAILED",
  "reason": "SMARTPHONE_AUTH_REJECTED",
  "method_id": "SMARTPHONE:1",
  "completed_methods": [],
  "msg": "Auth rejected",
  "plugins": [],
  "msgid": "AUCORE-2054",
  "chains": [
    {
      "grace_period": null,
      "image_name": "ANY.png",
      "position": 1000,
      "apply_for_ep_owner": false,
      "id_hex": null,
      "short_name": "",
      "is_trusted": null,
      "methods": [
        "ANY"
      ],
      "is_enabled": true,
      "required_chain_id_hex": null,
      "name": "TEST CHAIN"
    }
  ],
  "logon_process_id": "3VXhH6liboHcD35uweditS3MGoLJxQVo",
  "event_data_id": ""
}

Do SMARTPHONE:1 logon online:
POST/api/v1/logon/{logon_process_id}/do_logon

SMARTPHONE:1 Online mode logon steps:

  1. Send empty request to do_logon to send push notification to smartphone. User should receive push message and he can approve or reject it.

  2. To check status of logon application should send empty request to do_logon until status will not changed for failed or successful.

Error reasons:

  • SMARTPHONE_SAME_TOTP

  • SMARTPHONE_WRONG_TOTP

  • SMARTPHONE_AUTH_CONFIRM_TIMEOUT

  • SMARTPHONE_AUTH_REJECTED

  • SMARTPHONE_LOGON_IN_PROGRESS

  • SMARTPHONE_WAITING_DATA

  • SMARTPHONE_NO_LOCATION

  • SMARTPHONE_INCORRECT_LOCATION

  • SMARTPHONE_TOTP_LOGON_DISABLED

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: 6MwzQQ2AKGtTW0q0q2VEQ3tIs0Y6Py0n

ID of the logon process


Do SMARTPHONE:1 logon offline:

POST /api/v1/logon/X7F93FOgKJVoVBg7kgRgdTtc0UKAN2Tm/do_logon
RequestsEnter TOTP-password from smartphoneLogon failed
Body
{
  "endpoint_session_id": "oxBLoOk1WyIvAcuUv5xIENMgSoya1K0j",
  "response": {
    "totp": "053226"
  }
}
Responses200
Body
{
    "user_name": "LOCAL\AG",
    "msgid": "AUCORE-2001",
    "status": "OK",
    "repo_id": "bf6508400c7111e69e17080027983191",
    "chains": [
        {
            "id_hex": null,
            "is_enabled": true,
            "short_name": "",
            "grace_period": null,
            "image_name": "ANY.png",
            "is_trusted": null,
            "name": "TEST CHAIN",
            "methods": ["ANY"],
            "apply_for_ep_owner": false,
            "position": 1000,
            "required_chain_id_hex": null
        }
    ],
    "current_method": "SMARTPHONE:1",
    "repo_obj_id": "bf6d48340c7111e69e17080027983191",
    "msg": "Welcome!",
    "user_id": "0524d36a32ced8ac9044fb62f79f60e5",
    "login_session_id": "sUne8w7x4E2VMifobJcxxoobdudkq9Sp",
    "logon_process_id": "X7F93FOgKJVoVBg7kgRgdTtc0UKAN2Tm",
    "event_name": "",
    "completed_methods": ["SMARTPHONE:1"],
    "event_data_id": "",
    "data_id": "",
    "plugins": []
}
Body
{
  "endpoint_session_id": "oxBLoOk1WyIvAcuUv5xIENMgSoya1K0j",
  "response": {
    "totp": "053229"
  }
}
Responses200
Body
{
  "msg": "Wrong TOTP password",
  "event_name": "",
  "msgid": "AUCORE-2028",
  "reason": "SMARTPHONE_WRONG_TOTP",
  "current_method": "SMARTPHONE:1",
  "chains": [
    {
      "grace_period": null,
      "image_name": "ANY.png",
      "position": 1000,
      "apply_for_ep_owner": false,
      "id_hex": null,
      "short_name": "",
      "is_trusted": null,
      "methods": [
        "ANY"
      ],
      "is_enabled": true,
      "required_chain_id_hex": null,
      "name": "TEST CHAIN"
    }
  ],
  "status": "FAILED",
  "plugins": [],
  "logon_process_id": "nJERAkt5172RyPdJWuenkyjZHVKG2NR0",
  "event_data_id": "",
  "completed_methods": []
}

Do SMARTPHONE:1 logon offline:
POST/api/v1/logon/{logon_process_id}/do_logon

SMARTPHONE:1 Offline mode logon steps:

  1. Send request with totp password from smartphone to do_logon and check status

Error reasons:

  • SMARTPHONE_SAME_TOTP

  • SMARTPHONE_WRONG_TOTP

  • SMARTPHONE_AUTH_CONFIRM_TIMEOUT

  • SMARTPHONE_AUTH_REJECTED

  • SMARTPHONE_LOGON_IN_PROGRESS

  • SMARTPHONE_WAITING_DATA

  • SMARTPHONE_NO_LOCATION

  • SMARTPHONE_INCORRECT_LOCATION

  • SMARTPHONE_TOTP_LOGON_DISABLED

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: X7F93FOgKJVoVBg7kgRgdTtc0UKAN2Tm

ID of the logon process


Do VOICE:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsRadius enroll
Body
{
  "response": {
    "pin": "12345"
  },
  "login_session_id": "iKsplIEBS8lrfhMCr08uyZEtaWRff9s4"
}
Responses200
Body
{
  "status": "OK",
  "reason": "",
  "msg": "",
  "method_id": "VOICE:1"
}

Do VOICE:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

VOICE:1 enroll steps:

  1. Send request with pin to do_enroll and check status
URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do VOICE:1 logon:

POST /api/v1/logon/F1iJ4albUW81CqFzdZXekgdyPyB43YbY/do_logon
Requests1. Call to user2. Check call status3. Finish logon
Body
{
  "endpoint_session_id": "vqRVxFg79DEHCAJjoe0nJNBSMoibCZa9"
}
Responses200
Body
{
  "status": "MORE_DATA",
  "plugins": [],
  "msg": "Call initiated",
  "current_method": "VOICE:1",
  "completed_methods": [],
  "chains": [
    {
      "is_enabled": true,
      "apply_for_ep_owner": false,
      "is_trusted": null,
      "name": "TEST CHAIN",
      "position": 1000,
      "id_hex": null,
      "required_chain_id_hex": null,
      "image_name": "ANY.png",
      "grace_period": null,
      "short_name": "",
      "methods": [
        "ANY"
      ]
    }
  ],
  "reason": "VOICE_CALL_INITIATED",
  "msgid": "AUCORE-2077",
  "event_data_id": "",
  "event_name": "",
  "logon_process_id": "F1iJ4albUW81CqFzdZXekgdyPyB43YbY"
}
Body
{
  "endpoint_session_id": "vqRVxFg79DEHCAJjoe0nJNBSMoibCZa9"
}
Responses200
Body
{
  "status": "MORE_DATA",
  "plugins": [],
  "msg": "Call in progress",
  "current_method": "VOICE:1",
  "completed_methods": [],
  "chains": [
    {
      "is_enabled": true,
      "apply_for_ep_owner": false,
      "is_trusted": null,
      "name": "TEST CHAIN",
      "position": 1000,
      "id_hex": null,
      "required_chain_id_hex": null,
      "image_name": "ANY.png",
      "grace_period": null,
      "short_name": "",
      "methods": [
        "ANY"
      ]
    }
  ],
  "reason": "VOICE_CALL_IN_PROGRESS",
  "msgid": "AUCORE-2073",
  "event_data_id": "",
  "event_name": "",
  "logon_process_id": "F1iJ4albUW81CqFzdZXekgdyPyB43YbY"
}
Body
{
  "endpoint_session_id": "vqRVxFg79DEHCAJjoe0nJNBSMoibCZa9"
}
Responses200
Body
{
    "user_name": "LOCAL\AG",
    "msgid": "AUCORE-2001",
    "status": "OK",
    "repo_id": "bf6508400c7111e69e17080027983191",
    "chains": [
        {
            "id_hex": null,
            "is_enabled": true,
            "short_name": "",
            "grace_period": null,
            "image_name": "ANY.png",
            "is_trusted": null,
            "name": "TEST CHAIN",
            "methods": ["ANY"],
            "apply_for_ep_owner": false,
            "position": 1000,
            "required_chain_id_hex": null
        }
    ],
    "current_method": "VOICE:1",
    "repo_obj_id": "bf6d48340c7111e69e17080027983191",
    "msg": "Welcome!",
    "user_id": "0524d36a32ced8ac9044fb62f79f60e5",
    "login_session_id": "sUne8w7x4E2VMifobJcxxoobdudkq9Sp",
    "logon_process_id": "F1iJ4albUW81CqFzdZXekgdyPyB43YbY",
    "event_name": "",
    "completed_methods": ["VOICE:1"],
    "event_data_id": "",
    "data_id": "",
    "plugins": []
}

Do VOICE:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

VOICE:1 logon steps:

  1. Send empty request to do_logon to make a call to user. User should receive call and enter pin from it.

  2. To check status of logon application should send empty request to do_logon until status will not changed for failed or successful.

Error reasons:

  • VOICE_PIN_NOT_VERIFIED

  • VOICE_CALL_IN_PROGRESS

  • VOICE_PIN_EXPIRED

  • VOICE_CANNOT_CALL

  • VOICE_CALL_INITIATED

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: F1iJ4albUW81CqFzdZXekgdyPyB43YbY

ID of the logon process


Do CARD:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsSmartcard enroll
Body
{
  "response": {
    "card_cert": "308205243082040ca00302010202100e62f26..................a5883aa073b4588",
    "card_uid": "0e62f260aa610be177ba6c5d052ef002"
  },
  "login_session_id": "KOYxcRUuuZxDsEhxiycof4XwcuI2lbwk"
}
Responses200
Body
{
  "method_id": "CARD:1",
  "status": "OK",
  "reason": "",
  "msg": "Enrollment complete",
  "msgid": "AUCORE-3001"
}

Do CARD:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

Store card UID and validate card certificate (for PKI-cards)

Now only support contactless cards (UID).

CARD:1 enroll steps:

  1. Send request with card certificate and card uid to do_enroll and check status
URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do CARD:1 logon:

POST /api/v1/logon/R94moMSOwAekT28PMCbSnuK8UJq0AxlP/do_logon
RequestsSend Smartcard UID and card certificate
Body
{
  "endpoint_session_id": "MDG133vYLaZIBuSvHFF5LfZtSApQHkaQ",
  "response": {
    "card_uid": "0e62f260aa610be177ba6c5d052ef002",
    "card_cert": "308205243082040ca003...64a5883aa073b4588"
  }
}
Responses200
Body
{
    "plugins": [],
    "msg": "Welcome!",
    "status": "OK",
    "logon_process_id": "R94moMSOwAekT28PMCbSnuK8UJq0AxlP",
    "event_name": "TEST",
    "chains": [
        {
            "short_name": "",
            "apply_for_ep_owner": false,
            "image_name": "CARD_1.png",
            "grace_period": null,
            "methods": ["CARD:1"],
            "position": 0,
            "id_hex": "54e35a080c8a11e6b5cd080027983191",
            "is_trusted": null,
            "name": "Test-chain",
            "required_chain_id_hex": null,
            "is_enabled": true
        }
    ],
    "event_data_id": "",
    "repo_id": "54d11b360c8a11e6b5cd080027983191",
    "user_id": "ba94bcf442f0c148fc6a049c9470d1dd",
    "completed_methods": ["CARD:1"],
    "repo_obj_id": "54d6890e0c8a11e6b5cd080027983191",
    "login_session_id": "htNJc4zJq0DvtMR3jxqQXRzDKqdSB7vu",
    "data_id": "",
    "current_method": "CARD:1",
    "msgid": "AUCORE-2001",
    "user_name": "LOCAL\USER1"
}

Do CARD:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

CARD:1 logon steps:

  1. Send Smartcard UID and card certificate (for PKI-cards) to do_logon and check status

Now only support contactless cards (UID) and certificate-based (PKI) cards. This method supports 1-N logon, you can define card UID in ‘unit_id’ parameter instead of user_name. Yes, you send card_uid twice. Second one is needed for not 1-N logon scenarios, card AP is not first method of the chain. Non 1-N logon is also supported.

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: R94moMSOwAekT28PMCbSnuK8UJq0AxlP

ID of the logon process


Do PKI:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsStore either a public key in modulus+exponent format or a certificate in DER format
Body
{
  "response": {
    "card_uid": "1",
    "modulus": "bd77dc79a02acda19a9ec6099cd4a........0da58c9ef04a1e2655aac84f23",
    "certificate": null,
    "exponent": "10001"
  },
  "login_session_id": "IxJq1C5Gt6VxGeF65YjKl5R99Q70Lf9H"
}
Responses200
Body
{
  "msgid": "AUCORE-3001",
  "reason": "",
  "msg": "Enrollment complete",
  "status": "OK",
  "method_id": "PKI:1"
}

Do PKI:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

PKI:1 enroll steps:

  1. Send request with a public key in modulus+exponent format or a certificate in DER format to do_enroll and check status

Error reasons:

  • PKI_CERT_VALIDATION_FAILED
URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do PKI:1 logon:

POST /api/v1/logon/kytfmodEy4QmcMKgEb9cuGpLpNv9ooYp/do_logon
Requests1. Ask server for a challenge2. Sign the given challenge on card or token
Body
{
  "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
  "response": {}
}
Responses200
Body
{ "chains": [ { "image_name": "default",
                "is_enabled": True,
                "is_trusted": None,
                "methods": ["PKI:1"],
                "name": "Test-chain",
                "position": 0,
                "short_name": ""}],
  "completed_methods": [],
  "current_method": "PKI:1",
  "event_data_id": "",
  "event_name": "TEST",
  "logon_process_id": "kytfmodEy4QmcMKgEb9cuGpLpNv9ooYp",
  "msg": "Waiting for an authentication signature",
  "plugins": [],
  "challenge": "f81e9d6882aca80cbe97e291ee5771aba7cc13facb3c79a5ae924e788bc4f7d2",
  "keypair_id": "6f4712e554544ac3",
  "subject": "76b3af3dd66649e896b56b51d46cfe93037a793c961ca35586c485d130375e2f",
  "reason": "PKI_WAITING_AUTH_SIGN",
  "status": "MORE_DATA"
}
Body
{
  "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
  "response": {
    "signature": "58ad84f3a9b7244031aa55c0d....42d123bdb715a153974e992b16d022",
    "padding": "PKCS#1",
    "hash": "SHA1"
  }
}
Responses200
Body
{ "repo_obj_id": "6104a6ce424b11e5b7ebdc85de0b0889",
  "repo_id": "6104a6c5424b11e5b7ebdc85de0b0889",
  "logon_process_id": "kytfmodEy4QmcMKgEb9cuGpLpNv9ooYp",
  "status": "OK",
  "plugins": [],
  "msg": "Welcome!",
  "current_method": "PKI:1",
  "completed_methods": ["PKI:1"],
  "chains": [{ "methods": ["ANY"],
               "image_name": "default",
               "short_name": "",
               "position": 1000,
               "is_enabled": true,
               "is_trusted": null,
               "name": "TEST CHAIN"}],
  "event_data_id": "",
  "user_id": "6104a6cf424b11e5b7ebdc85de0b0889",
  "user_name": "LOCAL\ADMIN",
  "login_session_id": "DirIO8s41TbT1lm7Dh5BNfK6gRTHhXTl",
  "data_id": "",
  "event_name": "TEST"
}

Do PKI:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

PKI:1 logon steps:

  1. Ask server for a challenge by sending empty request to do_logon

  2. Sign the given challenge on card or token and send it to do_logon and check status

Error reasons:

  • PKI_WAITING_AUTH_SIGN

  • PKI_SIGN_VERIFICATION_FAILED

  • PKI_CERT_VALIDATION_FAILED

  • PKI_WRONG_CARD

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: kytfmodEy4QmcMKgEb9cuGpLpNv9ooYp

ID of the logon process


Do FINGER:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsMultiple finger enroll with imagesMultiple finger enroll with iso templates
Body
{
  "response": {
    "captures": [
      {
        "Finger": 1,
        "Image": {
          "BitsPerPixel": 8,
          "BytesPerLine": 300,
          "Dpi": 500,
          "Height": 300,
          "Width": 300,
          "captureStatus": "Ok",
          "Image": "<image content>"
        }
      },
      {
        "Finger": 1,
        "Image": {
          "BitsPerPixel": 8,
          "BytesPerLine": 300,
          "Dpi": 500,
          "Height": 300,
          "Width": 300,
          "captureStatus": "Ok",
          "Image": "<image content>"
        }
      }
    ]
  },
  "login_session_id": "IxJq1C5Gt6VxGeF65YjKl5R99Q70Lf9H"
}
Responses200
Body
{
  "msgid": "AUCORE-3001",
  "reason": "",
  "msg": "Enrollment complete",
  "status": "OK",
  "method_id": "FINGER:1"
}
Body
{
  "response": {
    "iso": true,
    "captures": [
      {
        "Finger": 1,
        "Image": {
          "ISO": "<iso finger capture template>",
          "captureStatus": "OK"
        }
      },
      {
        "Finger": 1,
        "Image": {
          "ISO": "<iso finger capture template>",
          "captureStatus": "OK"
        }
      }
    ]
  },
  "login_session_id": "IxJq1C5Gt6VxGeF65YjKl5R99Q70Lf9H"
}
Responses200
Body
{
  "msgid": "AUCORE-3001",
  "reason": "",
  "msg": "Enrollment complete",
  "status": "OK",
  "method_id": "FINGER:1"
}

Do FINGER:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

FINGER:1 enroll steps:

  1. Send request to do_enroll with finger images

Fields description: Finger: 1 , where 1 is finger id from ids bellow

Finger ids:

  • ANY_FINGER = 0

  • RIGHT_THUMB = 1

  • LEFT_THUMB = 2

  • RIGHT_INDEX = 3

  • LEFT_INDEX = 4

  • RIGHT_MIDDLE = 5

  • LEFT_MIDDLE = 6

  • RIGHT_RING = 7

  • LEFT_RING = 8

  • RIGHT_LITTLE = 9

  • LEFT_LITTLE = 10

Image content format:

  • BitsPerPixel, integer, bits per pixel, support only 8 bits now

  • BytesPerLine, integer, count of bytes per one row

  • Width , integer, length of row in pixels

  • Height, integer, pixel row’s count

  • Dpi, integer, is not used now

  • Image, string, base64 encoded string with bytes

  • captureStatus, string, result of capturing

Template content format:

  • ISO: string, base64 encoded string with iso content

  • captureStatus, string, result of capturing

Error reasons:

  • INCORRECT_FINGERS_COUNT

  • INCORRECT_CAPTURES_COUNT_PER_FINGER

UI uses Device Service by calling this url: https://127.0.0.1:8442/api/v1/fingerprint/capture It should return json with captured fingerpring. Device Service returns capture in ISO or image format. Type of response is depended on sensor type. So if device service returns ISO send ISO as response or image if device service returns image.

URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do FINGER:1 logon:

POST /api/v1/logon/kytfmodEy4QmcMKgEb9cuGpLpNv9ooYp/do_logon
RequestsSend finger captureSend finger capture's iso template
Body
{
  "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
  "response": {
    "capture": {
      "BitsPerPixel": 8,
      "BytesPerLine": 300,
      "Dpi": 500,
      "Height": 300,
      "Width": 300,
      "captureStatus": "Ok",
      "Image": "<image content>"
    }
  }
}
Responses200
Body
{
    "event_data_id": "",
    "msgid": "AUCORE-2001",
    "logon_process_id": "kytfmodEy4QmcMKgEb9cuGpLpNv9ooYp",
    "login_session_id": "iCFCUvGVK9zlDQtWa018UWKUwuNHEYcn",
    "current_method": "FINGER:1",
    "chains": [
        {
          "position": 1000,
          "short_name": "",
          "grace_period": null,
          "methods": [
            "FINGER:1"
          ],
          "is_enabled": true,
          "name": "TEST CHAIN",
          "id_hex": null,
          "required_chain_id_hex": null,
          "is_trusted": null,
          "apply_for_ep_owner": false,
          "image_name": "FINGER_1.png"
        }
    ],
    "repo_obj_id": "c0fd1ab20b0e11e6b224080027983191",
    "plugins": [],
    "msg": "Welcome!",
    "status": "OK",
    "user_id": "84a0a279d391de4b2fd70ea38b46d3ce",
    "data_id": "",
    "event_name": "",
    "repo_id": "c0eeb0ee0b0e11e6b224080027983191",
    "completed_methods": [
        "FINGER:1"
    ],
    "user_name": "LOCAL\ADMIN"

}
Headers
Content-Type: application/json
Body
{
  "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
  "response": {
    "capture": {
      "ISO": "<finger capture's iso template>",
      "captureStatus": "OK"
    }
  }
}
Responses200
Body
{
    "event_data_id": "",
    "msgid": "AUCORE-2001",
    "logon_process_id": "kytfmodEy4QmcMKgEb9cuGpLpNv9ooYp",
    "login_session_id": "iCFCUvGVK9zlDQtWa018UWKUwuNHEYcn",
    "current_method": "FINGER:1",
    "chains": [
        {
          "position": 1000,
          "short_name": "",
          "grace_period": null,
          "methods": [
            "FINGER:1"
          ],
          "is_enabled": true,
          "name": "TEST CHAIN",
          "id_hex": null,
          "required_chain_id_hex": null,
          "is_trusted": null,
          "apply_for_ep_owner": false,
          "image_name": "FINGER_1.png"
        }
    ],
    "repo_obj_id": "c0fd1ab20b0e11e6b224080027983191",
    "plugins": [],
    "msg": "Welcome!",
    "status": "OK",
    "user_id": "84a0a279d391de4b2fd70ea38b46d3ce",
    "data_id": "",
    "event_name": "",
    "repo_id": "c0eeb0ee0b0e11e6b224080027983191",
    "completed_methods": [
        "FINGER:1"
    ],
    "user_name": "LOCAL\ADMIN"

}

Do FINGER:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

FINGER:1 logon steps:

  1. Send to server finger capture or finger capture’s iso template

Image content format:

  • BitsPerPixel, integer, bits per pixel, support only 8 bits now

  • BytesPerLine, integer, count of bytes per one row

  • Width , integer, length of row in pixels

  • Height, integer, pixel row’s count

  • Dpi, integer, is not used now

  • Image, string, base64 encoded string with bytes

  • captureStatus, string, result of capturing

Template content format:

  • ISO: string, base64 encoded string with iso content

  • captureStatus, string, result of capturing

UI uses Device Service by calling this url: https://127.0.0.1:8442/api/v1/fingerprint/capture It should return json with captured fingerpring. Device Service returns capture in ISO or image format. Type of response is depended on sensor type. So if device service returns ISO send ISO as response or image if device service returns image.

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: kytfmodEy4QmcMKgEb9cuGpLpNv9ooYp

ID of the logon process


Do BLUETOOTH:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsBluetooth enroll
Body
{
  "response": {
    "address": "aabbccdd",
    "name": "Bluetooth device"
  },
  "login_session_id": "KOYxcRUuuZxDsEhxiycof4XwcuI2lbwk"
}
Responses200
Body
{
  "method_id": "BLUETOOTH:1",
  "status": "OK",
  "reason": "",
  "msg": "Enrollment complete",
  "msgid": "AUCORE-3001"
}

Do BLUETOOTH:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

BLUETOOTH:1 enroll steps:

  1. Send mac address and device name
URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do BLUETOOTH:1 logon:

POST /api/v1/logon/do_logon
Requests1. Ask server for encrypted mac address2. Send mac address of enrolled device from Device Service to do_logon
Body
{
  "endpoint_session_id": "4CkX5jecFnGrv4wIoP83ADpVORjk7zqZ"
}
Responses200
Body
{
    "logon_process_id": "tvV9a4UNEf71yvZDxwJQ179SJnHQndmT",
    "current_method": "BLUETOOTH:1",
    "reason": "BLUETOOTH_WAITING_AUTH_RESPONSE",
    "event_data_id": "",
    "msgid": "AUCORE-2059",
    "plugins": [],
    "hashes": [
        '66fd6ef831e4ec98957030be94189a78ca3c2986dbed57a3b97985d862c217af'
    ],
    "event_name": "TEST",
    "msg": "Waiting for an authentication response",
    "chains": [
        {
            "short_name": "",
            "required_chain_id_hex": null,
            "position": 0,
            "is_enabled": true,
            "methods": ["BLUETOOTH:1"],
            "image_name": "BLUETOOTH_1.png",
            "grace_period": null,
            "name": "Test-chain",
            "id_hex": "42b312980c8911e69140080027983191",
            "apply_for_ep_owner": false,
            "is_trusted": null
        }
    ],
    "completed_methods": [],
    "status": "MORE_DATA"
}
Body
{
  "response": {
    "address": "aabbccdd"
  },
  "endpoint_session_id": "4CkX5jecFnGrv4wIoP83ADpVORjk7zqZ"
}
Responses200
Body
{
    "data_id": "",
    "logon_process_id": "tvV9a4UNEf71yvZDxwJQ179SJnHQndmT",
    "current_method": "BLUETOOTH:1",
    "event_data_id": "",
    "user_id": "3a76753d7f931751c79fa05d80eb058e",
    "repo_id": "42987aa00c8911e69140080027983191",
    "msgid": "AUCORE-2001",
    "plugins": [],
    "repo_obj_id": "42a3962e0c8911e69140080027983191",
    "event_name": "TEST",
    "msg": "Welcome!",
    "chains": [
        {
            "short_name": "",
            "required_chain_id_hex": null,
            "position": 0,
            "is_enabled": true,
            "methods": ["BLUETOOTH:1"],
            "image_name": "BLUETOOTH_1.png",
            "grace_period": null,
            "name": "Test-chain",
            "id_hex": "42b312980c8911e69140080027983191",
            "apply_for_ep_owner": false,
            "is_trusted": null
        }
    ],
    "user_name": "LOCAL\USER1",
    "completed_methods": ["BLUETOOTH:1"],
    "status": "OK",
    "login_session_id": "Cga6cvaMTaMTaDp5TLZHPOet29O808VL"
}

Do BLUETOOTH:1 logon:
POST/api/v1/logon/do_logon

BLUETOOTH:1 logon steps:

  1. Send empty request to do_logon to ask server for encrypted MAC address

  2. Send mac address of enrolled device to do_logon


Do OAUTH2:1 enroll:

POST /api/v1/enroll/JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX/do_enroll
RequestsOAUTH2:1 enroll
Body
{
  "login_session_id": "IxJq1C5Gt6VxGeF65YjKl5R99Q70Lf9H"
}
Responses200
Body
{
  "reason": "",
  "method_id": "OAUTH2:1",
  "status": "OK",
  "msg": ""
}

Do OAUTH2:1 enroll:
POST/api/v1/enroll/{enroll_process_id}/do_enroll

OAUTH2:1 enroll steps:

  1. Send empty request to do_enroll and check status
URI Parameters
HideShow
enroll_process_id
string (required) Example: JHAHdZiRKdaYcPhQUHcPYgYSElFcMBVX

ID of the enroll process


Do OAUTH2:1 logon:

POST /api/v1/logon/TTPeglOJxUZ3R8IV3e5vwUgUQACs8fBS/do_logon
RequestsOAuth2 access token doLogon
Body
{
  "endpoint_session_id": "P7p3JJuenqo0SnyJ4HnbRbbJIqDhtt0u",
  "response": {
    "access_token": "access_token_value"
  }
}
Responses200
Body
{
  "user_id": "4f34e2882991440ddd0fd515e0d0236c",
  "completed_methods": [
    "OAUTH2:1"
  ],
  "repo_id": "3c9c1fd8061e11e6b224080027983191",
  "status": "OK",
  "repo_obj_id": "3caa08a0061e11e6b224080027983191",
  "event_data_id": "",
  "logon_process_id": "jImh3267QFyZ9pXjSGPj5EIhpKKU8Xu9",
  "user_name": "LOCAL\ADMIN",
  "login_session_id": "TmPxkC98vF4FGhDvqedjXItbmGjVJYTD",
  "plugins": [],
  "event_name": "",
  "chains": [
    {
      "name": "TEST CHAIN",
      "position": 1000,
      "id_hex": null,
      "apply_for_ep_owner": false,
      "required_chain_id_hex": null,
      "methods": [
        "ANY"
      ],
      "short_name": "",
      "image_name": "ANY.png",
      "is_trusted": null,
      "is_enabled": true,
      "grace_period": null
    }
  ],
  "current_method": "OAUTH2:1",
  "msgid": "AUCORE-2001",
  "msg": "Welcome!",
  "data_id": ""
}

Do OAUTH2:1 logon:
POST/api/v1/logon/{logon_process_id}/do_logon

OAUTH2:1 logon steps:

  1. Send access token to do_logon and check status

Error reasons:

  • OAUTH2_WRONG_TOKEN

  • INACTIVE_TOKEN

  • WRONG_USER

URI Parameters
HideShow
logon_process_id
32 symbol id (required) Example: TTPeglOJxUZ3R8IV3e5vwUgUQACs8fBS

ID of the logon process


Generated by aglio on 25 Jan 2018