Authenticator app (TOTP)

Start authenticator app enrollment

POST https://api.authsignal.com/v1/client/user-authenticators/totp

Use this endpoint to to enroll a new TOTP authenticator for a user.

Response

• userAuthenticatorIdstring

  The ID of the TOTP authenticator which has been created but not yet verified.

• uristring

  A URI which can be converted into a QR code and scanned by an authenticator app.

• secretstring

  A secret which can be manually entered into an authenticator app. Typically presented as a backup option if the user is unable to scan the QR code.

Verify authenticator app challenge

POST https://api.authsignal.com/v1/client/verify/totp

Use this endpoint to verify a challenge when enrolling a new TOTP authenticator or when re-authenticating with an existing TOTP authenticator.

Request

• userAuthenticatorIdstring

  The ID of the user's TOTP authenticator which is being used for the verification.

• verificationCodestring

  The TOTP code inputted by the user.

Response

• isVerifiedboolean

  True if the inputted TOTP code is correct.

• accessTokenstring | undefined

  A new short-term token with scopes to manage authenticators (e.g. add secondary authenticators, remove authenticators, view or regenerate recovery codes). Only present if the challenge succeeded.

• failureReasonstring | undefined

  One of the following values: CODE_INVALID_OR_EXPIRED, MAX_ATTEMPTS_EXCEEDED.