Skip to main content

Authentication API: Send ad hoc OTP without existing user profile

SecureAuth's Authentication API enables ad hoc OTP delivery via voice, SMS, and email to phone numbers and addresses that are provided in the API call and not stored in the directory.

SecureAuth IdP can also be configured to enable the endpoint to send ad hoc OTPs to unregistered usernames, in use cases where user accounts do not yet exist in the directory.

Prerequisites

  • SecureAuth IdP 9.2 or later

  • Follow the HTTP Header section configuration in the Authentication API Guide.

  • Create a New Realm in the Advanced Settings (formerly Classic Experience) for this directory-free API configuration

Notice

A directory integration is required for the Authentication API endpoint functionalities, with the exception of this use case

If using other API endpoints, then an additional realm must be created specifically for this configuration (steps outlined below)

If the API is being used only for this use case, then only one realm is required with the configuration steps outlined below

SecureAuth Identity Platform configuration steps

  1. In the Advanced Settings (formerly Classic Experience), go to the Data tab.

  2. In the Membership Connection Settings section, and set the Type to No Data Store.

    44827603.png
  3. Save your changes.

  4. Go to the API tab and set the following configurations.

    Enable API for this realm

    Select this check box.

    Generate Credentials

    Click this button to generate credentials.

  5. Copy the Application ID and Application Key, which are used to enable the API calls from the application.

    See the Authentication API Guide for more information on how to use these values.

    44827604.png
  6. In the API Permissions section, select the Enable Authentication API check box.

    44827602.png
  7. Save your changes.

Ad hoc OTP endpoint

Note

Refer to Authentication API Guide for complete information on the /auth (ad hoc) endpoint

Example Parameters and Responses

Function

JSON Parameters

Success Response

ad hoc call

Deliver OTP via phone (voice) call to unregistered username and phone number

{
    "user_id": "<UNREG'D USERNAME>",
    "type": "call",
    "token":"<UNREG'D PH NUMBER>"
}

Example:

{
    "user_id": "new_user_01",
    "type": "call",
    "token":"5557778989"
}
{
  "otp": "3751",
  "status": "valid",
  "message": "",
  "user_id": "new_user_01"
}

ad hoc sms

Deliver OTP via SMS / text message to unregistered username and phone number

{
    "user_id": "<UNREG'D USERNAME>",
    "type": "sms",
    "token":"<UNREG'D PH NUMBER>"
}

Example:

{
    "user_id": "new_user_01",
    "type": "sms",
    "token":"5557778989"
}

ad hoc email

Deliver OTP via email to unregistered username and email address

{
    "user_id": "<UNREG'D USERNAME>",
    "type": "email",
    "token":"<UNREG'D EM ADDRESS>"
}

Example:

{
    "user_id": "new_user_01",
    "type": "sms",
    "token":"newuser@company.com"
}