How to work with authenticator using REST API

Introduction

Safewhere Identify provides some REST API methods to support user to view, on-board or reset the user’s TOTP authenticator.

View user authenticator

Description: New REST API to get all identity providers which have configured multi factor connection and that multi factor connection have enableAuthenticatorFromMyProfile = true

  • Module: User
  • Http method: GET
  • Path: /api/rest/v2/user/authenticators
  • Parameters
    • userId: user’s id
  • Behavior: get all identity providers which are configured  Authenticator by a user
  • Rest API Privileges:
    • Only admin user can get all identity providers of others users.
    • Only a user can get all identity providers of him or her self.

Reset authenticator

  • Module: User
  • Http method: DELETE
  • Path: /api/rest/v2/users/resetauthenticator
  • Parameters
    • userId: user’s id
    • connectionName: second factor connection name
  • Behavior: Delete a row in table [UserSecondFactorCode by UserId and OtpConnectionId
  • Rest API Privileges:
    • Only admin user can reset authenticator of others users.
    • Only a user can reset authenticator by him or her self.

On-board authenticator

  • Module: Users
  • Http method: POST
  • Path: /api/rest/v2/users/onboardauthenticator
  • Parameters
    • userIduser’s id
    • connectionNamesecond factor connection name
    • secretCodesecret code generated at Safewhere Admin side
  • Behavior: Insert a new row in table [UserSecondFactorCode]
  • Rest API Privileges:
    • Only a user can onboard authenticator by himself or herself.