Mfa Auth API

Hello there!

Need Help? We are right here!

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Your Contact E-mail

What are you looking for

How can we help you?

Overview

miniOrange User APIs can be used to setup Google Authenticator as Mfa method.

Pre-requisites

You need to create a free trial account with miniOrange.
Login to miniOrange console and Click on the Settings provided on the right top corner of the console.
Copy your Api Key and follow the steps below to generate the Authentication Header.

1. Setup to Register Google Authenticator as Mfa

To Register, Make a POST method with the following url(use your custom branding):

Request

Method	URL
POST	The transaction ID for which request was generated.
status	https://login.xecurify.com/moas/api/auth/google-auth-secret

Please note that instead of the URL being in the format : https://login.xecurify.com/moas/api/*It will change to https://<your-server-base-url>/api/*You can find the server base url, by logging into the admin console and going to product settings to the top right. If it is localhost, then you can use server-ip:8080 as the server base url.

Request Headers:

Type	Params	Values
HEAD	Content-Type	application/json
HEAD	Customer-Key	int
HEAD	Timestamp	int
HEAD	Authorization	String

CustomerKey
CustomerKey is customer key for your account and must be sent with all client requests.

Timestamp
Timestamp specifies current time in milliseconds e.g 1474522813982.

Authorization
Authorization specifies SHA 512 hash value of string concatenated with customerKey, time in milliseconds and api key for your account e.g sha512(customerKey + timeInMillis + apiKey).

Sample Code for Request Headers:

Java
PHP

    /* The customer Key provided to you */
    String customerKey = "<YOUR_CUSTOMER_KEY>";
    /* The customer API Key provided to you */
    String apiKey = "<YOUR_API_KEY>";
    /* Current time in milliseconds since
    midnight, January 1, 1970 UTC. */
    String currentTimeInMillis = String.valueOf(System.currentTimeMillis());
    /* Creating the Hash using
    SHA-512 algorithm (Apache Shiro library) */
    String stringToHash = customerKey + currentTimeInMillis + apiKey;
    String hashValue = new Sha512Hash(stringToHash).toHex().toLowerCase();
    HttpPost postRequest = new HttpPost("<URL for calling API>");
    /* Setting the Authorization Header values */
    postRequest.setHeader("Customer-Key", customerKey);
    postRequest.setHeader("Timestamp", currentTimeInMillis);
    postRequest.setHeader("Authorization", hashValue)

    /* The customer Key provided to you */
    $customerKey = "&lt;YOUR_CUSTOMER_KEY&gt;";
    /* The customer API Key provided to you */
    $apiKey = "&lt;YOUR_API_KEY&gt;";
    /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
    $currentTimeInMillis = round(microtime(true) * 1000);
    /* Creating the Hash using SHA-512 algorithm */
    $stringToHash = $customerKey . number_format ( $currentTimeInMillis, 0, '', '' ) . $apiKey;
    $hashValue = hash("sha512", $stringToHash);
    $customerKeyHeader = "Customer-Key: " . $customerKey;
    $timestampHeader = "Timestamp: " . number_format ( $currentTimeInMillis, 0, '', '' );
    $authorizationHeader = "Authorization: " . $hashValue;
    /* Add $customerKeyHeader,$timestampHeader and $authorizationHeader
    in the httpheader */

Request Parameters:

Params	Type
customerKey (required)	String
username (required)	String
questionAnswerList (optional)	List
registrationType (optional)	String
otpToken (optional)	String
secret(optional)	String
authenticatorName (optional)	String
authenticatorType (required)	String

Example Request Body

    {
          "customerKey" : 11627,
          "username" : "xyz123",
          "authenticatorType" : "GOOGLE AUTHENTICATOR",

    }

Example Response

    {

      "txID" : 12345,
      "responseType" : "GOOGLE_AUTHENTICATOR",
      "status" : "SUCESS",
      "message" : "Please scan the QR code from your Authenticator app.",
      "qrCodeData" : "/9j/sneui3ge28gdbxiwelad'ad,adas/asdca/sfcs/c............c",
      "secret": "sqagebaldjsdsd"
    }

2. Validate API :

You need to make a HTTP POST request to Validate the above response for google authenticator as MFA method for our API. Our API accepts the JSON input.

Request

Method	URL
POST	https://login.xecurify.com/moas/api/auth/validate-google-auth-secret

Request Headers:

Same as above

Request Parameters:

Params	Type
customerKey (required)	String
username (required)	String
questionAnswerList (optional)	List
registrationType (optional)	String
otpToken (required)	String
secret(required)	String
authenticatorName (optional)	String
authenticatorType (required)	String

Example Request Body


    {
          "customerKey" : 11627,
          "username" : "xyz123",
          "authenticatorType" : "GOOGLE AUTHENTICATOR",
          "otpToken": "302910",
          "secret": "sqagebaldjsdsd"

    }

Example Response

      "txID" : 12345-qw3e-e-32r2-rsdacew23,
      "responseType" : "GOOGLE_AUTHENTICATOR",
      "status" : "SUCESS",

Overview
Pre-requisites
1. Setup to Register Google Authenticator as Mfa
2. Validate API :