getCredentialInfo response

The getCredentialnfo response returns the status of the request to obtain information about the credential.
getCredentialInfo output fields provides details about the
getCredentialInfo
output fields.
getCredentialInfo
output fields
Output Field
Required?
Type
Purpose
requestId
Y
string
The
requestId
sent with the
getCredentialInfoRequest
request.
status
Y
hex string
Unique status code.
0000=Success
. Any other value is an error.
statusMessage
Y
string
Message corresponding to the status of the request. If the status is not
0000
(success), an error message displays.
credentialId
Y
string
Unique identifier of the credential.
credentialType
Y
string
Identifies the credential type:
  • STANDARD_OTP (hardware or software VIP credential, including VIP Access for Mobile)
  • CERTIFICATE (Trusted Device credential)
  • EMAIL_OTP (security code sent to user by email)
  • SMS_OTP (security code sent to device by SMS)
  • VOICE_OTP (security code sent to device by a voice call)
  • SERVICE_OTP (security code generated by the VIP Service)
  • BIOMETRIC (biometric-based FIDO authentication)
  • SECURITY_KEY (USB-based or passkey-based FIDO authentication)
credentialStatus
N
string
Status of the credential:
  • ENABLED
  • DISABLED
  • INACTIVE
  • LOCKED
See Credential states for details.
Certificate includes REVOKED and PROVISIONED
numBindings
Y
string
Number of
bindingDetail
elements in this response.
Can be multiple
bindingDetail
elements, if the user has multiple credentials bound.
push
Attributes
N
key value
The following attributes are returned for all getCredentialInfo responses:
  • CLIENT_VERSION
    Client version of VIP Access mobile application.
  • PUSH_PLATFORM
    Operating system used by the device.
    • Iphone
    • Android
  • PUSH_ENABLED
    Identifies whether the user has enabled push notifications on the device.
    • True
    • False
The following attributes are returned for getCredentialInfo responses with VIP Access Push-based authentication through VIP Login:
  • BIO_FINGERPRINT_ENABLED
    Identifies whether the user has enabled biometric fingerprints as second-factor authentication.
    • True
    • False
  • FIRST_FACTOR_CAPABLE
    Identifies if the device is capable of using PINs as first-factor authentication. PINs are the fallback option for biometric fingerprint-based authentication.
    • True
    • False
  • BIO_FINGERPRINT_CAPABLE
    Identifies if the device is capable of using biometric fingerprints as second-factor authentication.
    • True
    • False
userBindingDetail
N
Returns the
userBindingDetail
attributes.
SupportPushEncryption
Y
boolean
Identifies whether the credential is registered for end-to-end encryption (PUSH_ENCRYPTION_ENABLED is set to true).
publicKeys
Y
string
Contains the base64-encoded public key for the credential, if it is registered for end-to-end encryption. This field is only returned if:
  • The credential is a custom app using VIP Mobile SDK 3.0.2 or later with encryption enabled.
    See VIP Software Development Kit (SDK) Developer's Guide for information on the VIP SDK and encrypting transactions.
  • includePushEncryptKey
    is set to true in the
    getCredentialInfo
    request.
getCredentialInfo output fields for the userBindingDetail provides details about the
getCredentialInfo
output fields for the
userBindingDetail
.
getCredentialInfo
output fields for the
userBindingDetail
Output Field
Required?
Type
Purpose
userId
Y
string
Unique ID for the user (for example, the user email address, the user's logon name, or a unique ID that maps to user's logon name). The user ID accepts 1 to 128 international characters.
The user ID is not case-sensitive in look-up operations.
userStatus
string
Status of the user:
  • ACTIVE
  • DISABLED
lastAuthnId
N
string
A unique identifier for the most recent successful authentication, if the credential has been used to authenticate the user.
bindingDetail
N
Returns the
bindingDetail
attributes.
getCredentialInfo
output fields for
for
tokenCategory
provides details about the
getCredentialInfo
output fields for
tokenCategory
.
getCredentialInfo
output fields for
tokenCategory
Output Field
Required?
Type
Purpose
CategoryId
Y
string
Unique identifier of the credential category.
FormFactor
Y
string
FormFactor
further identifies the credential type. Each credential is one of the following:
  • CONNECTED
  • DESKTOP
  • DISPLAYCARD
  • EMAIL
  • KEYFOB
  • MOBILE
  • SERVICE
  • SMS
  • TMPPWD
  • VOICE
MovingFactor
Y
string
Identifies the security code generation method. Each credential generates security codes by one of the following methods:
  • TIME
  • EVENT
  • NONE (returned for temporary security codes only)
OtpGeneratedBy
Y
string
Identifies whether the security code is generated in hardware or software.
getCredentialInfo
output fields for
tokenInfo
provides details about the
getCredentialInfo
output fields for
tokenInfo
.
getCredentialInfo
output fields for
tokenInfo
Output Field
Required
Type
Purpose
TokenId
Y
string
Unique identifier of the token.
TokenKind
Y
string
Identifies the token type:
  • Hardware
  • Software
Adapter
Y
string
Identifies the type of adapter used.
TokenStatus
Y
string
Shows the credential state:
  • ENABLED
  • DISABLED
  • INACTIVE
  • LOCKED
  • NEW
ExpirationDate
Y
datetime
Shows the credential expiration date.
LastUpdate
Y
datetime
Identifies when the credential was last updated.
Owner
Y
boolean
Shows whether the API call came from the same party that issued the credential.
  • true
  • false
SupportPushEncryption
Y
boolean
Identifies whether the credential is registered for end-to-end encryption (PUSH_ENCRYPTION_ENABLED is set to true).
publicKeys
Y
string
Contains the base64-encoded public key for each credential that is registered for end-to-end encryption, listed by credential ID.  This field is only returned if:
  • The credential is a custom app using VIP Mobile SDK 3.0.2 or later with encryption enabled. See VIP Software Development Kit (SDK) Developer's Guide for information on the VIP SDK and encrypting transactions.
  • includePushEncryptKey
    is set to true in the
    getCredentialInfo
    request
getCredentialInfo output fields for the bindingDetail provides details about the
getCredentialInfo
output fields for the
bindingDetail
.
getCredentialInfo
output fields for the
bindingDetail
Output Field
Required?
Type
Purpose
bindStatus
N
string
Status of the credential binding:
  • ENABLED
  • DISABLED
deviceExpired
Y
boolean
Identifies if the Remembered Device is expired.:
  • true
  • false
If the response is
true
, the
device.expired.reason
field is included in the response.
This field is returned for Remembered Devices only.
deviceExpiredReason
N
string
If the
deviceExpired
is
true
, this field identifies the reason that the Remembered Device is marked as expired:
  • DEVICE_EXPIRED_NO_AUTH
    : The device has exceeded the number of days set for the
    No successful authentication for
    setting in the Remembered Devices Policy..
  • DEVICE_EXPIRED_MAX_LIFE
    : The device has exceeded the number of days set for the
    Expires after
    setting in the Remembered Devices Policy.
This field is returned for Remembered Devices only.
friendlyName
N
string
A user-defined name to identify the credential.
trustedDevice
N
boolean
Identifies if the credential is a Trusted Device.
Do not use this flag for mobile credentials. Mobile credentials cannot be set as Trusted Devices.
  • true
  • false
clientVersion
N
string
Identifies the version of the Trusted Device credential, if the credential is a Trusted Device.
clientType
N
string
Identifies who set the Trusted Device credential for the user.
  • USER
  • SYSTEM
lastBindTime
Y
string
Identifies when the credential was bound to this user.
lastAuthnTime
N
string
The time (in GMT format) of the most recent successful authentication, if the credential has been used to authenticate the user.
lastAuthnId
N
string
A unique identifier for the most recent successful authentication, if the credential has been used to authenticate the user.