getUserInfo response

The getUserInfo response returns information about the user.
getUserInfo
output fields
provides details about the
getUserInfo
output fields.
getUserInfo
output fields
Output Field
Required?
Type
Purpose
requestId
Y
string
The
requestId
sent with the
getUserInfoRequest
request.
status
Y
hex string
Unique status code.
0000=Success
. Any other value is an error.
statusMessage
Y
string
Message corresponding to the status of the request. If the status is not
0000
(success), an error message displays.
userId
Y
string
Unique ID for the user (for example, the user email address, the user's logon name, or a unique ID that maps to user's logon name). The user ID accepts 1 to 128 international characters.
The user ID is not case-sensitive in look-up operations.
userCreationTime
Y
string
Identifies when the user was created.
userStatus
Y
string
Status of the user:
  • ACTIVE
  • DISABLED
  • LOCKED
numBindings
Y
string
Number of
bindingDetail
elements in this response.
Can be multiple
bindingDetail
elements, if the user has multiple credentials bound.
isPinExpired
N
boolean
If a PIN is set for this user, identifies if the PIN has expired.
  • True: PIN has expired
  • False: PIN is still valid
pinExpirationTime
N
dateTime
If a user PIN is set, this field identifies the date and time (in GMT format) that the PIN expires.
getUserInfo
output fields for
credentialBindingDetail
provides details about the
getUserInfo
output fields for
credentialBindingDetail
.
getUserInfo
output fields for
credentialBindingDetail
Output Field
Required?
Type
Purpose
credentialId
Y
string
Unique identifier of the credential.
credentialType
Y
string
Identifies the credential type:
  • STANDARD_OTP (hardware or software VIP credential, including VIP Access for Mobile)
  • CERTIFICATE (Trusted Device credential)
  • EMAIL_OTP (security code sent to user by email)
  • SMS_OTP (security code sent to device by SMS)
  • VOICE_OTP (security code sent to device by a voice call)
  • SERVICE_OTP (security code generated by the VIP Service)
  • BIOMETRIC (biometric-based FIDO authentication)
  • SECURITY_KEY (USB-based or passkey-based FIDO authentication)
credentialStatus
N
string
Status of the credential:
  • ENABLED
  • DISABLED
  • INACTIVE
  • LOCKED
Certificate includes REVOKED and PROVISIONED.
getUserInfo
output fields for
for
tokenCategory
provides details about the
getUserInfo
output fields for
tokenCategory
.
getUserInfo
output fields for
tokenCategory
Output Field
Required?
Type
Purpose
CategoryId
Y
string
Unique identifier of the credential category.
FormFactor
Y
string
FormFactor
further identifies the credential type. Each credential is one of the following:
  • CONNECTED
  • DESKTOP
  • DISPLAYCARD
  • EMAIL
  • KEYFOB
  • MOBILE
  • SERVICE
  • SMS
  • TMPPWD
  • VOICE
MovingFactor
Y
string
Identifies the security code generation method. Each credential generates security codes by one of the following methods:
  • TIME
  • EVENT
  • NONE (returned for temporary security codes only)
OtpGeneratedBy
Y
string
Identifies whether the security code is generated in hardware or software.
getUserInfo
output fields for
tokenInfo
provides details about the
getUserInfo
output fields for
tokenInfo
.
getUserInfo
output fields for
tokenInfo
Output Field
Required
Type
Purpose
TokenId
Y
string
Unique identifier of the token.
TokenKind
Y
string
Identifies the token type:
  • Hardware
  • Software
Adapter
Y
string
Identifies the type of adapter used.
TokenStatus
Y
string
Shows the credential state:
  • ENABLED
  • DISABLED
  • INACTIVE
  • LOCKED
  • NEW
ExpirationDate
Y
datetime
Shows the credential expiration date.
LastUpdate
Y
datetime
Identifies when the credential was last updated.
Owner
Y
boolean
Shows whether the API call came from the same party that issued the credential.
  • true
  • false
SupportPushEncryption
Y
boolean
Identifies whether the credential is registered for end-to-end encryption (PUSH_ENCRYPTION_ENABLED is set to true).
publicKeys
Y
string
Contains the base64-encoded public key for each credential that is registered for end-to-end encryption, listed by credential ID.  This field is only returned if:
  • The credential is a custom app using VIP Mobile SDK 3.0.2 or later with encryption enabled. See VIP Software Development Kit (SDK) Developer's Guide for information on the VIP SDK and encrypting transactions.
  • includePushEncryptKey
    is set to true in the
    getUserInfo
    request
getUserInfo
output fields for
bindingDetail
provides details about the
getUserInfo
output fields for
bindingDetail
.
getUserInfo
output fields for
bindingDetail
Output Field
Required?
Type
Purpose
bindStatus
N
string
Status of the credential binding:
  • ENABLED
  • DISABLED (deprecated)
friendlyName
N
string
A user-defined name to identify the credential.
trustedDevice
N
boolean
Identifies if the credential is a Trusted Device.
Do not use this flag for mobile credentials. Mobile credentials cannot be set as Trusted Devices.
  • true
  • false
clientVersion
N
string
Identifies the version of the Trusted Device credential, if the credential is a Trusted Device.
clientType
N
string
Identifies who set the Trusted Device credential for the user.
  • USER
  • SYSTEM
lastBindTime
Y
string
Identifies when the credential was bound to this user.
lastAuthnTime
N
string
The time (in GMT format) of the most recent successful authentication, if the credential has been used to authenticate the user.
lastAuthnId
N
string
A unique identifier for the most recent successful authentication, if the credential has been used to authenticate the user.
isPinSet
N
boolean
If the user PIN is enabled and has been set, the value is set to TRUE.
pushAttributes
N
key value
The following attributes are returned in getUserInfo responses with VIP Access for Mobile applications:
  • CLIENT_VERSION
    Client version of the VIP Access for Mobile application (also returned for the VIP Access for Desktop application)
  • PUSH_PLATFORM
    Operating system used by the device.
    • iPhone
    • Android
  • PUSH_ENABLED
    Identifies whether the user has enabled push notifications on the device.
    • True
    • False
    If a threshold number of push notifications are sent and not acted upon by the user, User Services temporarily suspends the credential and returns a SUSPENDED value.
The following attributes are returned in getUserInfo responses with VIP Access Push-based authentication through VIP Login:
  • BIO_FINGERPRINT_ENABLED
    Identifies whether the user has enabled biometric fingerprints as second-factor authentication.
    • True
    • False
  • FIRST_FACTOR_CAPABLE
    Identifies if the device is capable of using PINs as first-factor authentication. PINs are the fallback option for biometric fingerprint-based authentication.
    • True
    • False
  • BIO_FINGERPRINT_CAPABLE
    Identifies if the device is capable of using biometric fingerprints as second-factor authentication.
    • True
    • False