Authsignal’s server SDKs make it easier to interact with Authsignal’s REST API from your server-side code.

Installation

Initialization

Initialize the Authsignal client by providing your tenant’s secret key and the API URL for your region.

The API URLs for each region are defined below.

RegionAPI URL
US (Oregon)https://api.authsignal.com/v1
AU (Sydney)https://au.api.authsignal.com/v1
EU (Dublin)https://eu.api.authsignal.com/v1

Usage

Track

API schema

This method lets you track authentication events performed by users and initiate challenges via the Authsignal pre-built UI or client SDKs.

Learn more about how to track actions to implement MFA or passwordless login flows.

Validate Challenge

API schema

This method lets you validate server-side whether a user has successfully completed an authentication challenge via the Authsignal pre-built UI or an Authsignal client SDK.

After obtaining a short-lived token from the pre-built UI or a client SDK, pass this token to your server to determine the result.

Get User

API schema

This method lets you retrieve information about a user.

Update User

API schema

This method lets you update information about a user. Any fields which are omitted in the request will be left unchanged.

Delete User

API schema

This method lets you delete a user and all their associated authenticator data.

Get Authenticators

API schema

This method lets you retrieve a list of the authenticators that a user currently has enrolled.

Enroll Verified Authenticator

API schema

This method lets you enroll an email or SMS-based authenticator for a user whose email address or phone number has already been verified via an external platform.

This method should not be used if you haven’t yet verified the user’s email or phone number. It does not send out an email / SMS to initiate a verification process - if you need to verify an email address or phone number, you should use a client SDK or the pre-built UI.

Delete Authenticator

API schema

This method lets you remove an authenticator that a user has previously enrolled.

Get Action

API schema

This method lets you retrieve information about an action which was previously tracked.

Update Action

API schema

This method lets you manually update the state of an action that was previously tracked.

Error handling

Authsignal Server SDKs can return errors for a variety of reasons, such as invalid requests or network interruptions, which should be handled accordingly.

Error fields

statusCode
integer

The HTTP status code returned by the Authsignal Server API.

errorCode
string

A code which identifies a specific error state.

errorDescription
string

A free-text description of the error. This value should only be used for logging or troubleshooting purposes.

Error codes

invalid_configuration

Indicates that the request cannot be handled because the tenant is in an invalid configuration.

invalid_credential

Indicates that the credential (e.g. passkey) referenced by the request is invalid for the given user and cannot be authenticated.

invalid_request

Indicates that the request failed due to an invalid parameter or input.

too_many_requests

Indicates that the server cannot respond as requests have been rate-limited due to exceeding a threshold.

unauthorized

Indicates that the request is unauthorized due to invalid tenant credentials - for example if the API secret key is invalid or if the region doesn’t match.

Was this page helpful?