Overview
miniOrange User APIs can be used to setup Google Authenticator as Mfa method.
Pre-requisites
- You need to create a free trial account with miniOrange.
- Login to miniOrange console and Click on the Settings provided on the right top corner of the console.
- Copy your Api Key and follow the steps below to generate the Authentication Header.
1. Setup to Register Google Authenticator as Mfa
To Register, Make a POST method with the following url(use your custom branding):
Request
Method | URL |
---|---|
POST | The transaction ID for which request was generated. |
status | https://login.xecurify.com/moas/api/auth/google-auth-secret |
Please note that instead of the URL being in the format : https://login.xecurify.com/moas/api/*It will change to https://<your-server-base-url>/api/*You can find the server base url, by logging into the admin console and going to product settings to the top right. If it is localhost, then you can use server-ip:8080 as the server base url.
Request Headers:
Type | Params | Values |
---|---|---|
HEAD | Content-Type | application/json |
HEAD | Customer-Key | int |
HEAD | Timestamp | int |
HEAD | Authorization | String |
CustomerKey
CustomerKey is customer key for your account and must be sent with all client requests.
Timestamp
Timestamp specifies current time in milliseconds e.g 1474522813982.
Authorization
Authorization specifies SHA 512 hash value of string concatenated with customerKey, time in milliseconds and api key for your account e.g sha512(customerKey + timeInMillis + apiKey).
Sample Code for Request Headers:
- Java
- PHP
/* The customer Key provided to you */
String customerKey = "<YOUR_CUSTOMER_KEY>";
/* The customer API Key provided to you */
String apiKey = "<YOUR_API_KEY>";
/* Current time in milliseconds since
midnight, January 1, 1970 UTC. */
String currentTimeInMillis = String.valueOf(System.currentTimeMillis());
/* Creating the Hash using
SHA-512 algorithm (Apache Shiro library) */
String stringToHash = customerKey + currentTimeInMillis + apiKey;
String hashValue = new Sha512Hash(stringToHash).toHex().toLowerCase();
HttpPost postRequest = new HttpPost("<URL for calling API>");
/* Setting the Authorization Header values */
postRequest.setHeader("Customer-Key", customerKey);
postRequest.setHeader("Timestamp", currentTimeInMillis);
postRequest.setHeader("Authorization", hashValue)
/* The customer Key provided to you */
$customerKey = "<YOUR_CUSTOMER_KEY>";
/* The customer API Key provided to you */
$apiKey = "<YOUR_API_KEY>";
/* Current time in milliseconds since midnight, January 1, 1970 UTC. */
$currentTimeInMillis = round(microtime(true) * 1000);
/* Creating the Hash using SHA-512 algorithm */
$stringToHash = $customerKey . number_format ( $currentTimeInMillis, 0, '', '' ) . $apiKey;
$hashValue = hash("sha512", $stringToHash);
$customerKeyHeader = "Customer-Key: " . $customerKey;
$timestampHeader = "Timestamp: " . number_format ( $currentTimeInMillis, 0, '', '' );
$authorizationHeader = "Authorization: " . $hashValue;
/* Add $customerKeyHeader,$timestampHeader and $authorizationHeader
in the httpheader */
Request Parameters:
Params | Type |
---|---|
customerKey (required) | String |
username (required) | String |
questionAnswerList (optional) | List |
registrationType (optional) | String |
otpToken (optional) | String |
secret(optional) | String |
authenticatorName (optional) | String |
authenticatorType (required) | String |
Example Request Body
{
"customerKey" : 11627,
"username" : "xyz123",
"authenticatorType" : "GOOGLE AUTHENTICATOR",
}
Example Response
{
"txID" : 12345,
"responseType" : "GOOGLE_AUTHENTICATOR",
"status" : "SUCESS",
"message" : "Please scan the QR code from your Authenticator app.",
"qrCodeData" : "/9j/sneui3ge28gdbxiwelad'ad,adas/asdca/sfcs/c............c",
"secret": "sqagebaldjsdsd"
}
2. Validate API :
You need to make a HTTP POST request to Validate the above response for google authenticator as MFA method for our API. Our API accepts the JSON input.
Request
Method | URL |
---|---|
POST | https://login.xecurify.com/moas/api/auth/validate-google-auth-secret |
Please note that instead of the URL being in the format : https://login.xecurify.com/moas/api/*It will change to https://<your-server-base-url>/api/*You can find the server base url, by logging into the admin console and going to product settings to the top right. If it is localhost, then you can use server-ip:8080 as the server base url.
Request Headers:
Same as above
Request Parameters:
Params | Type |
---|---|
customerKey (required) | String |
username (required) | String |
questionAnswerList (optional) | List |
registrationType (optional) | String |
otpToken (required) | String |
secret(required) | String |
authenticatorName (optional) | String |
authenticatorType (required) | String |
Example Request Body
{
"customerKey" : 11627,
"username" : "xyz123",
"authenticatorType" : "GOOGLE AUTHENTICATOR",
"otpToken": "302910",
"secret": "sqagebaldjsdsd"
}
Example Response
"txID" : 12345-qw3e-e-32r2-rsdacew23,
"responseType" : "GOOGLE_AUTHENTICATOR",
"status" : "SUCESS",