Overview

miniOrange User APIs can be used to setup Google Authenticator as Mfa method.

Pre-requisites

  • You need to create a free trial account with miniOrange.
  • Login to miniOrange console and Click on the Settings provided on the right top corner of the console.
  • Copy your Api Key and follow the steps below to generate the Authentication Header.

1. Setup to Register Google Authenticator as Mfa

To Register, Make a POST method with the following url(use your custom branding):

Request

Method URL
POST The transaction ID for which request was generated.
status https://login.xecurify.com/moas/api/auth/google-auth-secret

Please note that instead of the URL being in the format : https://login.xecurify.com/moas/api/*It will change to https://<your-server-base-url>/api/*You can find the server base url, by logging into the admin console and going to product settings to the top right. If it is localhost, then you can use server-ip:8080 as the server base url.

Request Headers:

Type Params Values
HEAD Content-Type application/json
HEAD Customer-Key int
HEAD Timestamp int
HEAD Authorization String

Customer­Key
Customer­Key​ is customer key for your account and must be sent with all client requests.

Timestamp
Timestamp​ specifies current time in milliseconds e.g 1474522813982.

Authorization
Authorization​ specifies SHA 512 hash value of string concatenated with customerKey, time in milliseconds and api key for your account e.g sha512(customerKey + timeInMillis + apiKey).

Sample Code for Request Headers:

  • Java
  • PHP
    /* The customer Key provided to you */
    String customerKey = "<YOUR_CUSTOMER_KEY>";
    /* The customer API Key provided to you */
    String apiKey = "<YOUR_API_KEY>";
    /* Current time in milliseconds since
    midnight, January 1, 1970 UTC. */
    String currentTimeInMillis = String.valueOf(System.currentTimeMillis());
    /* Creating the Hash using
    SHA-512 algorithm (Apache Shiro library) */
    String stringToHash = customerKey + currentTimeInMillis + apiKey;
    String hashValue = new Sha512Hash(stringToHash).toHex().toLowerCase();
    HttpPost postRequest = new HttpPost("<URL for calling API>");
    /* Setting the Authorization Header values */
    postRequest.setHeader("Customer-Key", customerKey);
    postRequest.setHeader("Timestamp", currentTimeInMillis);
    postRequest.setHeader("Authorization", hashValue)
    /* The customer Key provided to you */
    $customerKey = "&lt;YOUR_CUSTOMER_KEY&gt;";
    /* The customer API Key provided to you */
    $apiKey = "&lt;YOUR_API_KEY&gt;";
    /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
    $currentTimeInMillis = round(microtime(true) * 1000);
    /* Creating the Hash using SHA-512 algorithm */
    $stringToHash = $customerKey . number_format ( $currentTimeInMillis, 0, '', '' ) . $apiKey;
    $hashValue = hash("sha512", $stringToHash);
    $customerKeyHeader = "Customer-Key: " . $customerKey;
    $timestampHeader = "Timestamp: " . number_format ( $currentTimeInMillis, 0, '', '' );
    $authorizationHeader = "Authorization: " . $hashValue;
    /* Add $customerKeyHeader,$timestampHeader and $authorizationHeader
    in the httpheader */

Request Parameters:

Params Type
customerKey (required) String
username (required) String
questionAnswerList (optional) List
registrationType (optional) String
otpToken (optional) String
secret(optional) String
authenticatorName (optional) String
authenticatorType (required) String

Example Request Body

    {
          "customerKey" : 11627,
          "username" : "xyz123",
          "authenticatorType" : "GOOGLE AUTHENTICATOR",

    }

Example Response

    {

      "txID" : 12345,
      "responseType" : "GOOGLE_AUTHENTICATOR",
      "status" : "SUCESS",
      "message" : "Please scan the QR code from your Authenticator app.",
      "qrCodeData" : "/9j/sneui3ge28gdbxiwelad'ad,adas/asdca/sfcs/c............c",
      "secret": "sqagebaldjsdsd"
    }

2. Validate API :

You need to make a HTTP POST request to Validate the above response for google authenticator as MFA method for our API. Our API accepts the JSON input.

Request

Method URL
POST https://login.xecurify.com/moas/api/auth/validate-google-auth-secret

Please note that instead of the URL being in the format : https://login.xecurify.com/moas/api/*It will change to https://<your-server-base-url>/api/*You can find the server base url, by logging into the admin console and going to product settings to the top right. If it is localhost, then you can use server-ip:8080 as the server base url.

Request Headers:

Same as above

Request Parameters:

Params Type
customerKey (required) String
username (required) String
questionAnswerList (optional) List
registrationType (optional) String
otpToken (required) String
secret(required) String
authenticatorName (optional) String
authenticatorType (required) String

Example Request Body


    {
          "customerKey" : 11627,
          "username" : "xyz123",
          "authenticatorType" : "GOOGLE AUTHENTICATOR",
          "otpToken": "302910",
          "secret": "sqagebaldjsdsd"

    }

Example Response

      "txID" : 12345-qw3e-e-32r2-rsdacew23,
      "responseType" : "GOOGLE_AUTHENTICATOR",
      "status" : "SUCESS",