Registration

Those endpoints allow to register a external authenticator, like Encedo Mobile Authenticator.

Allowed users

Allowed

Required access scope

auth:ext:pair

Register a new authenticator

Phase 1 - challenge

Get registration challenge and begin the process

POST https://my.ence.do/api/auth/ext/init

Generate a challenge to link the device with a new external authenticator.

Headers

NameTypeDescription

Authorization*

String

Bearer JWT_TOKEN

Content-Type*

String

application/json

Request Body

NameTypeDescription

epk*

String

Broker ephemeral public key

{
  "request": "eyJlY2RoIjoieDI1NTE5IiwidHlwIjoiSldUIiwiYWxnIjoiSFMyNTYifQ.eyJqdGkiOiI5cHM0WWlySDdUZTB0ZWZwanl6Q2NQNTYzRjhTK2daeGJCTVg5VExFQnZnPSIsImV4cCI6MTY0Nzk2MzUxMCwiYXVkIjoiL05HU0F2dTltNjRpQzc5d2FrR3ZMYzdSYlcrclhkcnVZUHVlOXYwbmZIST0iLCJpc3MiOiJmZjYvcnBncHJ3Nk9qY1BiZWRJQjVMYnN4alpxbW5mNDNKMXplSzF4ODJJPSJ9.M0gYXmgB9cpI1YF48SG5iI7OcMRxRC-uqlIHaiAFrUQ",
  "eid": "ff6/rpgprw6OjcPbedIB5LbsxjZqmnf43J1zeK1x82I="
}

Response data for successful operation

NameTypeDescription

eid

String

EncedoID, public key of the instance.

request

String

Registration data to proxy to the external authenticator.

Log entries

EventResultSource

LOG_TYPE_FAILED_SCOPE_CHECK

LOG_RESULT_FAILED

403

Phase 2 - response

Upload registration reply and validate registration

POST https://my.ence.do/api/auth/ext/validate

Upload a registration reply data sent by an external authenticator.

Headers

NameTypeDescription

Authorization*

String

Bearer JWT_TOKEN

Content-Type*

String

application/json

Request Body

NameTypeDescription

pid*

String

Unique Pairing ID

reply*

String

Reply data sent by external authenticator

{
  "kid": "42afc419dbda72636b37a2455955e095",
  "code": "3SABMB8RqE2XH2floeEqg7obeyn/TtqK1hk/hi+4N8k="
}

Response data for successful operation

NameTypeDescription

code

String

Confirmation code

kid

String

Key ID of saved authenticator public key

Log entries

EventResultSource

LOG_TYPE_FAILED_SCOPE_CHECK

LOG_RESULT_FAILED

403

LOG_TYPE_AUTH_PAIRED_EXTERNAL

LOG_RESULT_OK

200

List registered authenticators

Get authentication data

POST https://my.ence.do/api/auth/ext/mac

Get MAC data to authenticate the device on the broker site to get a list of paired authenticators.

Headers

NameTypeDescription

Authorization*

String

Bearer JWT_TOKEN

Content-Type*

String

application/json

Request Body

NameTypeDescription

epk*

String

Broker ephemeral public key

{
  "nonce": "XJ04YiV/Mh517cV0zqG+XEeCGbGNBt2PUnWcCtV7NVg=",
  "mac": "ttyTJLTi+bguIwU9mW+5dCEy6l55YyQZZ4tq8tR8WRE=",
  "eid": "ff6/rpgprw6OjcPbedIB5LbsxjZqmnf43J1zeK1x82I="
}

Response data for successful operation

NameTypeDescription

eid

String

EncedoID, public key of the instance.

mac

String

Authentication data

nonce

String

Authentication data nonce

Log entries

EventResultSource

LOG_TYPE_FAILED_SCOPE_CHECK

LOG_RESULT_FAILED

403

PreviousExternal authenticatorNextAuthentication

Last updated