authenticateCredentials request

The authenticateCredentials request authenticates a user credential or credentials.
Send the request to: https://userservices-auth.vip.symantec.com/vipuserservices/AuthenticationService_1_10
authenticateCredentials
input fields
provides details about the
authenticateCredentials
input fields.
authenticateCredentials
input fields
Input Field
Required?
Type
Purpose
requestId
Y
string
A unique identifier of the request for the enterprise application. The request ID accepts from 4 to 40 alphanumeric characters and underscores.
This identifier may be useful for troubleshooting purposes.
activate
N
boolean
Activates a credential. If
otpAuthData
is provided, it consumes the OTP to authenticate. If
pushAuthData
is used, sends a push notification to the credential for authentication.
credentials
:
credentialId
Y
list
List of credentials, which in turn is an object of
credentialId
and
credentialType
.
credentials
:
credentialType
Y
string
Identifies the credential type:
  • STANDARD_OTP (hardware or software VIP credential, including VIP Access for Mobile)
  • CERTIFICATE (Trusted Device credential)
  • EMAIL_OTP (security code sent to user by email)
  • SMS_OTP (security code sent to device by SMS)
  • VOICE_OTP (security code sent to device by a voice call)
  • SERVICE_OTP (security code generated by the VIP Service)
otpAuthData
:
otp
N
string
The one-time security code that is generated by the user’s credential. You must use this value or
pushAuthData
, but cannot use both.
pushAuthData
:
displayParameters
N
list
Passes and displays content to users in the push notification. You can customize display messages up to 250 characters. The values must be UTF-8 encoded to support internationalization. However, some phones may not display complete messages. The following keys are currently supported:
This input field contains parameters that define the push notification that is sent to the user’s push-capable mobile device. You must use this value or
otpAuthData
, but cannot use both.
  • push.message.text
    : Text of the push notification in Notification Center (iOS) or Notification Drawer (Android). Suggested maximum size 70 characters.
  • display.message.title
    : Title of the push notification. Suggested maximum size 30 characters.
  • display.message.text
    : Text of the push notification. Suggested maximum size 70 characters.
    If you have integrated VIP SDK version 3.0.2 or later with your client app, use
    encryptedDisplayParameters
    instead of
    displayParameters
    to send the encrypted message text.
  • display.message.profile
    : Indicates the logon URL or profile. Suggested maximum size 60 characters.
pushAuthData
:
encryptedDisplayParameters
N
list
Passes and displays content to users in the push notification. Use
encryptedDisplayMessage
instead of
displayParameters
to send the encrypted message only if you have integrated VIP SDK version 3.0.2 or later with your client app.
VIP sends the encrypted version of your transaction message to the user's mobile device. Your client app decrypts it on the mobile device using the private key assigned to that mobile device.
See the
Symantec VIP Credential Development Kit Application Developer's Guide
at the Broadcom TechDocs portal for full details on using the VIP SDK to encrypt transactions.
The following keys are supported:
  • key
    : Enter the value,
    display.message.text
    .
  • cipherData
    : Encrypted transaction message. To encrypt the transaction message:
    • Encrypt the transaction message to display using the public key returned from the
      getCredentialInfo
      or
      getUserInfo
      call. Use the RSA encryption algorithm.
    • Base64-encode the resulting encryption blob.
  • pubkey
    : Hex-encoded version of the public key returned from the
    getCredentialInfo
    or
    getUserInfo
    call
  • algName
    : Enter the value,
    RSA_PKCS1_PADDING
    .
pushAuthData
:
requestParameters
N
list
The following keys are supported:
  • request.timeout
    : Numeric value that indicates the timeout period in seconds of the push authentication request that is sent to the user’s mobile devices.
  • nonactionable.notification
    : Disables actionable push notifications.
    • true
      : Swipe actions are not available in push notifications. Users must open VIP Access to view and act on the push request.
    • false
      : Swipe actions are available in push notifications. Users can act on the push request from the notification, without opening VIP Access.
  • enforceLocalAuth
    : Require the user to authenticate with a local authentication method in addition to the default authentication (mobile devices only).
    • true
      : User authenticates by logging in to the device using the local authentication method (passcode or Touch ID for iOS, PIN, pattern, password, or fingerprint for Android).
    • false
      : User authenticates using the default method (typically a security code).
    If this key is not included, the behavior defaults to false. If the user has not set a local authentication method, an error is displayed to the user and the authentication requests fails. If the local authentication fails, the authentication request fails.
  • supportNumberChallenge
    : Require the user to authenticate with a challenge number.
    If Mobile Push and Require Number Challenge are not enabled in VIP Manager, this flag is ignored.
    • true
      : User authenticates by entering the two-digit challenge number displayed on the Sign In screen into the push notification.
    • false
      : The authentication request fails.
    If this key is not included the behavior defaults to false. If the mobile device does not support number challenge, the authentication requests fails. If the number challenge authentication fails, the authentication request fails.
  • includeDeviceInfo
    : Return information about the device health, if available.
    • true
      : Any available device health information is returned in the pollPushStatus response.
    • false
      : No health information about the device is returned in the response.
    If this key is not included, the behavior defaults to false. The user must have a supported version of the VIP Access client installed to capture device information.
authContext
N
string
A map containing the parameters that control how the authentication is performed. VIP User Services accepts an authentication level for the
authContext
field.
The authentication level defines the credential types that can be validated with this request. This level must match an authentication level configured in VIP Manager.
  • Key: Enter
    authLevel.level
  • Value: Enter the authentication level value (as an integer from 1 - 10).
See: