Symbol-to-Accept API endpoints

Updated June 4, 2021

Use this guide to enable the Authentication API to generate and validate symbol-to-accept login requests for end user access to applications.

Prerequisites

  • Configure the SecureAuth® Identity Platform to use "Login notification," enable the API for a SecureAuth Identity Platform realm, and configure a request header. See the Authentication API guide.

  • If you use a load balancer:

    When you use the Symbol-to-Accept MFA method, you must enable session persistence ("sticky sessions") on the load balancer to maintain state with the Identity Platform. The client applications (Login for Endpoints, RADIUS Server) support cookie-based persistence only. Additionally, only the SecureAuth Java SDK supports cookies.

GET /factors

Use the GET /factors method to access the end user's profile and generate a symbol-to-accept response.

The following factors are returned if you use /api/v2 and the user status in Active Directory matches one of the following:

  • InvalidGroup

  • Disabled

  • Lockout

  • PasswordExpired

  • AccountExpired

HTTP Method

URI

Example

SecureAuth product version

GET

/api/v2/users/<username>/factors

https://secureauth.company.com/api/v2/users/jsmith/factors

version 19.07 or later

GET

/api/v2/users/<domain>/<username>/factors

https://secureauth.company.com/api/v2/users/acme.com/jsmith/factors

version 19.07 or later

GET

/api/v2/users/factors?username=<usernames>[&domain=<domains>]

https://secureauth.company.com/api/v2/users/factors?username=jsmith&domain=acme.com

version 19.07 or later

POST /auth

The POST method validates the end user symbol-to-accept response.

HTTP Method

URI

Example

SecureAuth product version

POST

/api/v2/auth

https://secureauth.company.com/api/v2/auth

version 19.07 or later

Request POST payload
Response payload