{
"openapi": "3.0.0",
"info": {
"description": "OneSpan Trusted Identity Platform secures your Web and mobile applications by analyzing vast and disparate data acquired through user actions and events. Based on this analysis, it dynamically assesses which authentication and/or transaction security measures are appropriate for each unique end user.",
"version": "1.0.0",
"title": "OneSpan Trusted Identity Platform"
},
"security": [],
"servers": [
{
"url": "https://tenant.sdb.tid.onespan.cloud/v1"
}
],
"paths": {
"/authenticators": {
"get": {
"tags": [
"Authenticators"
],
"summary": "Query authenticators",
"description": "Entry point for querying authenticators.",
"operationId": "queryAuthenticatorsUsingGET",
"parameters": [
{
"name": "serialNumber",
"in": "query",
"required": false,
"description": "Serial number of the authenticator being searched for (supports wildcard).",
"schema": {
"type": "string",
"default": "*",
"maxLength": 13
}
},
{
"name": "domain",
"in": "query",
"required": false,
"description": "Domain wherein to search for authenticators.",
"schema": {
"type": "string",
"maxLength": 255
}
},
{
"name": "type",
"in": "query",
"required": false,
"description": "Authenticator type.",
"schema": {
"type": "string",
"minLength": 5,
"maxLength": 5
}
},
{
"name": "assigned",
"in": "query",
"required": false,
"description": "Assignment status to filter on.",
"schema": {
"type": "boolean"
}
},
{
"name": "description",
"in": "query",
"required": false,
"description": "Reference associated with the authenticator being searched for (supports wildcard).",
"schema": {
"type": "string",
"pattern": "^(?=^\\S)(?=.*\\S$)[^\\x00-\\x1F\\x7F]{1,255}$|^$",
"minLength": 0,
"maxLength": 255
},
"allowEmptyValue": true
},
{
"name": "offset",
"in": "query",
"required": false,
"description": "Index of the first authenticator account returned.",
"schema": {
"type": "integer",
"format": "int32",
"minimum": 0,
"default": 0
}
},
{
"name": "limit",
"in": "query",
"required": false,
"description": "Number of authenticator accounts returned (max = 100).",
"schema": {
"type": "integer",
"format": "int32",
"minimum": 1,
"maximum": 100,
"default": 20
}
}
],
"responses": {
"200": {
"description": "Authenticators returned.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticatorsOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}": {
"parameters": [
{
"$ref": "#/components/parameters/SerialNumber"
}
],
"get": {
"tags": [
"Authenticators"
],
"summary": "View an authenticator",
"description": "Entry point for retrieving authenticator information.",
"operationId": "viewAuthenticatorUsingGET",
"responses": {
"200": {
"description": "Authenticator information returned.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticatorOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
},
"delete": {
"tags": [
"Authenticators"
],
"summary": "Delete an authenticator",
"description": "Entry point for deleting an authenticator.",
"operationId": "deleteAuthenticatorUsingDELETE",
"responses": {
"204": {
"description": "Authenticator deleted."
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Failed to delete authenticator.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
},
"patch": {
"tags": [
"Authenticators"
],
"summary": "Update an authenticator",
"description": "Entry point for updating an authenticator.",
"operationId": "updateAuthenticatorDataUsingPATCH",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateAuthenticatorInput"
},
"example": {
"description": "Authenticator license with 99 activations for user userid1."
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Authenticator updated.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticatorOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}/applications/{applName}": {
"parameters": [
{
"$ref": "#/components/parameters/SerialNumber"
},
{
"$ref": "#/components/parameters/ApplName"
}
],
"patch": {
"tags": [
"Authenticators"
],
"summary": "Update an authenticator application",
"description": "Entry point for updating an authenticator application.",
"operationId": "updateAuthenticatorUsingPATCH",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateApplicationInput"
},
"example": {
"PIN": "1234"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Application updated.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticatorOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator or application not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Application does not support PIN.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}/applications/{applName}/generate-votp": {
"parameters": [
{
"$ref": "#/components/parameters/SerialNumber"
},
{
"$ref": "#/components/parameters/ApplName"
}
],
"post": {
"tags": [
"Authenticators"
],
"summary": "Generate a virtual OTP",
"description": "Entry point for generating a virtual OTP.",
"operationId": "generateVOTPUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateVOTPInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Virtual OTP generated and returned in response (optional Custom VOTP Delivery feature, not recommended).",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateVOTPOutput"
}
}
}
},
"204": {
"description": "Virtual OTP generated.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator or application not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Authenticator or application does not support generation of a virtual OTP.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}/applications/{applName}/reset-pin": {
"parameters": [
{
"$ref": "#/components/parameters/SerialNumber"
},
{
"$ref": "#/components/parameters/ApplName"
}
],
"post": {
"tags": [
"Authenticators"
],
"summary": "Reset PIN for an authenticator application",
"description": "Entry point for resetting a PIN code.",
"operationId": "resetPINUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"responses": {
"204": {
"description": "PIN reset.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator or application not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "DPA pin could not be reset: The operation is not supported.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}/applications/{applName}/unlock": {
"parameters": [
{
"$ref": "#/components/parameters/SerialNumber"
},
{
"$ref": "#/components/parameters/ApplName"
}
],
"post": {
"tags": [
"Authenticators"
],
"summary": "Unlock an authenticator application",
"description": "Entry point for generating an unlock code for an authenticator application.",
"operationId": "unlockUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UnlockChallengeInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Unlock code generated and returned in response.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UnlockCodeOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator or application not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Invalid unlock challenge.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}/applications/{applName}/test": {
"parameters": [
{
"$ref": "#/components/parameters/SerialNumber"
},
{
"$ref": "#/components/parameters/ApplName"
}
],
"post": {
"tags": [
"Authenticators"
],
"summary": "Test an authenticator application",
"description": "Entry point for testing an application.",
"operationId": "testApplicationUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/TestApplicationInput"
},
"example": {
"OTP": {
"response": "123456"
}
}
}
},
"required": true
},
"responses": {
"202": {
"description": "Test completed.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/TestApplicationOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator or application not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}/assign": {
"parameters": [
{
"name": "serialNumber",
"in": "path",
"required": true,
"description": "Serial number of the authenticator. Authenticator instances are automatically assigned to the same user account as the related license.",
"schema": {
"type": "string",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
}
}
],
"post": {
"tags": [
"Authenticators"
],
"summary": "Assign an authenticator to a user",
"description": "Entry point for authenticator assignment.",
"operationId": "assignAuthenticatorUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AssignAuthenticatorInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Authenticator assigned.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticatorOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Authenticator already assigned or user not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}/bind": {
"parameters": [
{
"name": "serialNumber",
"in": "path",
"required": true,
"description": "Serial number of the authenticator. Device binding is only supported for single-device license software authenticators.",
"schema": {
"type": "string",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
}
}
],
"post": {
"tags": [
"Authenticators"
],
"summary": "Bind a software authenticator to a mobile device",
"description": "Entry point for device binding.",
"operationId": "bindAuthenticatorUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/BindAuthenticatorInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Authenticator bound to device.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticatorOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Failed to bind authenticator to device. Authenticator does not support device binding, authenticator already bound or incorrect derivation code.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}/decrypt-information-message": {
"parameters": [
{
"name": "serialNumber",
"in": "path",
"required": true,
"description": "Serial number of the authenticator.",
"schema": {
"type": "string",
"pattern": "^[A-Z0-9]{3}[0-9]{7}-[0-9]{1,2}$",
"minLength": 12,
"maxLength": 13,
"example": "VDS1234567-1"
}
}
],
"post": {
"tags": [
"Authenticators"
],
"summary": "Decrypts the body of a Secure Channel Information Message encrypted with the payload key of a MDL authenticator instance",
"description": "Entry point for decrypting information message.",
"operationId": "decryptInformationMessageUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DecryptInformationMessageInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Decrypted information message.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/DecryptInformationMessageOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Failed to decode information message.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}/generate-activation-data": {
"parameters": [
{
"name": "serialNumber",
"in": "path",
"required": true,
"description": "Serial number of the authenticator. Activation data can only be generated for single device license software authenticators.",
"schema": {
"type": "string",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
}
}
],
"post": {
"tags": [
"Authenticators"
],
"summary": "Generate activation data for an authenticator",
"description": "Entry point for generating activation data.",
"operationId": "generateActivationDataUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"responses": {
"200": {
"description": "Activation data returned.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ActivationDataOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Authenticator does not support activation.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}/generate-activation-message": {
"parameters": [
{
"name": "serialNumber",
"in": "path",
"required": true,
"description": "Serial number of the authenticator. Activation messages can only be generated for authenticator licenses.",
"schema": {
"type": "string",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
}
}
],
"post": {
"tags": [
"Authenticators"
],
"summary": "Generate an activation message for an authenticator",
"description": "Entry point for generating an activation message.",
"operationId": "generateActivationMessageUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"responses": {
"200": {
"description": "Activation message returned.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ActivationMessageOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Authenticator does not support activation.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}/move": {
"parameters": [
{
"name": "serialNumber",
"in": "path",
"required": true,
"description": "Serial number of the authenticator. Only unassigned authenticators can be moved.",
"schema": {
"type": "string",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
}
}
],
"post": {
"tags": [
"Authenticators"
],
"summary": "Move an authenticator",
"description": "Entry point for moving an authenticator.",
"operationId": "moveAuthenticatorUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/MoveAuthenticatorInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Authenticator moved.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticatorOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Authenticator is assigned or domain not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}/reset-activation": {
"parameters": [
{
"name": "serialNumber",
"in": "path",
"required": true,
"description": "Serial number of the authenticator. Resets MDL authenticator licenses and authenticators compliant with standard activation.",
"schema": {
"type": "string",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
}
}
],
"post": {
"tags": [
"Authenticators"
],
"summary": "Resets the activation information for the specified authenticator",
"description": "Entry point for resetting the authenticator's activation information.",
"operationId": "resetActivationUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"responses": {
"200": {
"description": "Activation reset.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticatorOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Failed to reset the activation.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}/unassign": {
"parameters": [
{
"name": "serialNumber",
"in": "path",
"required": true,
"description": "Serial number of the authenticator. You cannot unassign authenticator instances; you must unassign the related license instead.",
"schema": {
"type": "string",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
}
}
],
"post": {
"tags": [
"Authenticators"
],
"summary": "Unassign an authenticator from a user",
"description": "Entry point for unassigning an authenticator.",
"operationId": "unassignAuthenticatorUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"responses": {
"204": {
"description": "Authenticator unassigned.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Authenticator is not assigned.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/authenticators/{serialNumber}/unbind": {
"parameters": [
{
"name": "serialNumber",
"in": "path",
"required": true,
"description": "Serial number of the authenticator. Device binding is only supported for single-device license software authenticators.",
"schema": {
"type": "string",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
}
}
],
"post": {
"tags": [
"Authenticators"
],
"summary": "Unbind a software authenticator",
"description": "Entry point for device unbinding.",
"operationId": "unbindAuthenticatorUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-Authenticator"
}
],
"responses": {
"200": {
"description": "Authenticator unbound.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticatorOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Authenticator not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Authenticator does not support device binding or authenticator not bound.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/bulkfiles": {
"post": {
"tags": [
"Bulkfile Upload"
],
"summary": "Upload a bulk file",
"description": "Entry point for the bulk file upload.",
"operationId": "uploadBulkfileUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/RiskAnalyticsEnvironment"
}
],
"requestBody": {
"content": {
"multipart/form-data": {
"schema": {
"type": "object",
"required": [
"file"
],
"properties": {
"file": {
"type": "string",
"format": "binary",
"description": "Bulk file to upload."
},
"sha256": {
"type": "string",
"description": "SHA-256 checksum for the bulk file."
}
}
}
}
}
},
"responses": {
"200": {
"description": "Bulk file succesfully uploaded.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/BulkfileOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"413": {
"description": "Uploaded file size exceeds maximum file size limit.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/bulkfiles/{uuid}": {
"parameters": [
{
"name": "uuid",
"in": "path",
"description": "Unique identifier of the bulk file.",
"required": true,
"schema": {
"type": "string"
}
}
],
"get": {
"tags": [
"Bulkfile Upload"
],
"summary": "Get the processing status of a bulk file",
"description": "Entry point for the bulk file status.",
"operationId": "getBulkfileStatusUsingGET",
"parameters": [
{
"$ref": "#/components/parameters/RiskAnalyticsEnvironment"
}
],
"responses": {
"200": {
"description": "Bulk file status returned.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/BulkfileStatusOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Bulk file not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/bulkfiles/{uuid}/resume": {
"parameters": [
{
"name": "uuid",
"in": "path",
"description": "Unique identifier of the bulk file.",
"required": true,
"schema": {
"type": "string"
}
}
],
"post": {
"tags": [
"Bulkfile Upload"
],
"summary": "Resume processing a bulk file",
"description": "Entry point for the bulk file resume.",
"operationId": "resumeBulkfileProcessingUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/RiskAnalyticsEnvironment"
}
],
"responses": {
"200": {
"description": "Bulk file processing resumed.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ResumeBulkfileOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Bulk file not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Bulk file status not resumable.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/orchestration-commands": {
"post": {
"tags": [
"Device Commands"
],
"summary": "Execute a orchestration command from a trusted device",
"description": "Network communication between client applications built with the Orchestration SDK and the TID platform is transmitted using this resource. This resource must be proxied by the application server; the input payload integrally forwarded to this resource; the output returned in full (header + payload) to the client application. The contents of the input/output payloads are not elaborated in this API specification, but adhere to the Orchestration SDK protocol.",
"operationId": "trustedDeviceCmdUsingPOST",
"responses": {
"1XX": {
"description": "Informational response."
},
"2XX": {
"description": "Success."
},
"3XX": {
"description": "Redirection."
},
"4XX": {
"description": "Client errors."
},
"5XX": {
"description": "Server errors."
}
}
}
},
"/mobile-commands/**": {
"post": {
"tags": [
"Device Commands"
],
"summary": "Execute a command from a Mobile Authenticator Studio application",
"description": "Network communication between client applications built with the Mobile Authenticator Studio and the TID platform is transmitted using this resource. This resource and all paths below must be proxied by the application server; the input payload integrally forwarded to these resources; the output returned in full (header + payload) to the client application. The complete list of resources and the contents of the input/output payloads are not elaborated in this API specification, but can be found in the Mobile Authenticator Studio documentation.",
"operationId": "mobileCmdUsingPOST",
"responses": {
"1XX": {
"description": "Informational response."
},
"2XX": {
"description": "Success."
},
"3XX": {
"description": "Redirection."
},
"4XX": {
"description": "Client errors."
},
"5XX": {
"description": "Server errors."
}
}
}
},
"/events": {
"post": {
"tags": [
"Events"
],
"summary": "Insert a non-monetary event",
"description": "Entry point for Risk Analytics non-monetary event insertion.",
"operationId": "insertEventUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/RiskAnalyticsEnvironment"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EventInput"
}
}
},
"required": true
},
"responses": {
"201": {
"description": "Event inserted successfully.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EventOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/registrations": {
"post": {
"tags": [
"Provisioning"
],
"summary": "Start a new session and register or add a device",
"description": "If the provisioning process was not started by userregister then TID does not have a session yet. The client must call this service to continue and provide all necessary information to (re-)start the registration and activation process.",
"operationId": "registrationUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RegistrationInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Device registered or added.",
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"$ref": "#/components/schemas/OnlineRegisterDeviceOutput"
},
{
"$ref": "#/components/schemas/OfflineRegisterDeviceOutput"
},
{
"$ref": "#/components/schemas/AddDeviceOutput"
}
]
},
"examples": {
"success online": {
"summary": "Device registered via onlineMDL",
"value": {
"activationPassword": "9h2679Q8",
"registrationID": "vjO1THY2s7qtt99YjyHldWWF",
"serialNumber": "VDS1234567"
}
},
"success offline without deviceCode": {
"summary": "Device registered via offlineMDL",
"value": {
"activationMessage": "1234567890ABCDEF",
"registrationID": "vjO1THY2s7qtt99YjyHldWWF",
"serialNumber": "VDS1234567"
}
},
"success offline with deviceCode": {
"summary": "Device added via offlineMDL",
"value": {
"activationMessage2": "1234567890ABCDEF",
"activationType": "offlineMDL",
"deviceStatus": "registered",
"deviceType": "iOS",
"domain": "domain1",
"registrationID": "vjO1THY2s7qtt99YjyHldWWF",
"serialNumber": "VDS1234567-1",
"userID": "userid1"
}
}
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "No registrations found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "No device registered.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/registrations/check-status": {
"post": {
"tags": [
"Provisioning"
],
"summary": "Check the status of an activation",
"operationId": "checkActivationStatusUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CheckActivationStatusInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Activation status returned.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CheckActivationStatusOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/registrations/{registrationID}/activate": {
"parameters": [
{
"$ref": "#/components/parameters/RegistrationID"
}
],
"post": {
"tags": [
"Provisioning"
],
"summary": "Activate a device",
"description": "Clients must call this service to finalize the activation and provisioning process.",
"operationId": "activateUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ActivationInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Device activated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ActivationOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Registration not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Failed to activate device.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/registrations/{registrationID}/add-device": {
"parameters": [
{
"$ref": "#/components/parameters/RegistrationID"
}
],
"post": {
"tags": [
"Provisioning"
],
"summary": "Add a device for an existing User Registration session",
"description": "If the provisioning process was started by userregister, then clients must call this service to continue the process. The session created by userregister is represented as a REST resource in this service. The client must provide the addDeviceInput which in turn was provided by the DIGIPASS authenticator.",
"operationId": "addDeviceUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AddDeviceInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Device added.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AddDeviceOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Registration not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "No device added.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/registrations/{registrationID}/generate-ephemeral-key": {
"parameters": [
{
"$ref": "#/components/parameters/RegistrationID"
}
],
"post": {
"tags": [
"Provisioning"
],
"summary": "Generate ephemeral key for an existing registration session",
"description": "This endpoint provides the second step of the onlineMDL activation flow started via /registrations.",
"operationId": "generateEphemeralKeyUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateEphemeralKeyInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Ephemeral key generated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateEphemeralKeyOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "The registration session was not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Key generation failed.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Unexpected server error.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/registrations/{registrationID}/generate-activation-message": {
"parameters": [
{
"$ref": "#/components/parameters/RegistrationID"
}
],
"post": {
"tags": [
"Provisioning"
],
"summary": "Generate activation message for an existing registration session",
"description": "This endpoint provides the third step of the onlineMDL activation flow started via /registrations.",
"operationId": "registrationGenerateActivationMessageUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateActivationMessageInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Activation message generated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateActivationMessageOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "The registration session was not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Message generation failed.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Unexpected server error.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/fido2-relying-parties": {
"post": {
"tags": [
"FIDO2 Relying Parties"
],
"summary": "Create a new FIDO2 Relying Party and set it as default",
"description": "Entry point for creating a new FIDO2 Relying Party resource.
Note that in case you use a request with only the mandatory fields, default values will be assigned to all the optional fields which are not explicitly provided via the request body.
Note that the first created FIDO2 Relying Party is set as default automatically, therefore it is in use by your tenant when performing the FIDO2 operations.
To change the default to a subsequently created FIDO2 Relying Party, use the /fido2-relying-parties/{id}/make-default endpoint.",
"operationId": "createRelyingPartyUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Fido2RelyingPartyInput"
},
"examples": {
"ExampleRequestWithMandatoryFields": {
"value": {
"origins": [
"https://www.yourwebapp.example-tenant.com"
],
"publicKeyCredentialRpEntity": {
"id": "yourwebapp.example-tenant.com",
"name": "OneSpan",
"icon": "https://www.onespan.com/themes/custom/onespan/images/logo.svg"
}
}
},
"ExampleRequestWithAllFields": {
"value": {
"origins": [
"https://www.yourwebapp.example-tenant.com"
],
"publicKeyCredentialRpEntity": {
"id": "yourwebapp.example-tenant.com",
"name": "OneSpan",
"icon": "https://www.onespan.com/themes/custom/onespan/images/logo.svg"
},
"enableRegisteringWithExistingAuthenticator": false,
"publicKeyCredentialParameters": [
{
"type": "public-key",
"alg": "-65535"
},
{
"type": "public-key",
"alg": "-257"
}
],
"signCounterHandleMethod": "throw_exception",
"timeout": 15000
}
}
}
}
},
"required": true
},
"responses": {
"201": {
"description": "FIDO2 Relying Party created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Fido2RelyingPartyOutput"
}
}
}
},
"400": {
"description": "Input data errors.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
},
"get": {
"tags": [
"FIDO2 Relying Parties"
],
"summary": "Query all FIDO2 Relying Parties",
"description": "Entry point for retrieving all FIDO2 Relying Parties.",
"operationId": "retrieveRelyingPartiesUsingGET",
"parameters": [
{
"name": "offset",
"in": "query",
"required": false,
"description": "Index of the first FIDO2 Relying Party returned.",
"example": 0,
"schema": {
"type": "integer",
"format": "int32",
"minimum": 0,
"default": 0
}
},
{
"name": "limit",
"in": "query",
"required": false,
"description": "Number of FIDO2 Relying Parties returned.",
"example": 20,
"schema": {
"type": "integer",
"format": "int32",
"minimum": 1,
"default": 20
}
}
],
"responses": {
"200": {
"description": "FIDO2 Relying Parties retrieved successfully.",
"content": {
"application/json": {
"schema": {
"type": "object",
"description": "Output object representation of the FIDO2 Relying Party resource.",
"properties": {
"total": {
"type": "integer",
"format": "int32",
"example": 1,
"description": "Total number of FIDO2 Relying Parties that match the query parameters."
},
"offset": {
"type": "integer",
"format": "int32",
"example": 0,
"description": "Index of first FIDO2 Relying Party returned."
},
"limit": {
"type": "integer",
"format": "int32",
"example": 20,
"description": "Maximum number of FIDO2 Relying Parties requested."
},
"count": {
"type": "integer",
"format": "int32",
"example": 1,
"description": "Number of FIDO2 Relying Parties returned."
},
"fido2RelyingParties": {
"type": "array",
"description": "List of the FIDO2 Relying Parties matching the pagination parameters.",
"items": {
"$ref": "#/components/schemas/Fido2RelyingPartyOutput"
}
}
}
}
}
}
},
"400": {
"description": "Input data errors.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/fido2-relying-parties/{uuid}": {
"parameters": [
{
"name": "uuid",
"in": "path",
"required": true,
"description": "Unique identifier of the Relying Party.",
"example": "b181a5f3-ea71-4331-8280-dc9ackc77d09",
"schema": {
"type": "string"
}
}
],
"get": {
"tags": [
"FIDO2 Relying Parties"
],
"summary": "View a FIDO2 Relying Party",
"description": "Entry point for retrieving a specific FIDO2 Relying Party by id.",
"operationId": "retrieveRelyingPartyByIdUsingGET",
"responses": {
"200": {
"description": "FIDO2 Relying Party retrieved successfully.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Fido2RelyingPartyOutput"
}
}
}
},
"400": {
"description": "Input data errors.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "FIDO2 Relying Party not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
},
"delete": {
"tags": [
"FIDO2 Relying Parties"
],
"summary": "Delete a FIDO2 Relying Party",
"description": "Entry point for deleting a FIDO2 Relying Party.",
"operationId": "deleteRelyingPartyByIdUsingDELETE",
"responses": {
"204": {
"description": "Delete operation succcessful."
},
"400": {
"description": "Input data errors.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "FIDO2 Relying Party not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
},
"patch": {
"tags": [
"FIDO2 Relying Parties"
],
"summary": "Update a FIDO2 Relying Party",
"description": "Entry point for updating an existing FIDO2 Relying Party resource.
CAUTION: Changing publicKeyCredentialRpEntity.id or origins will cause problems with the existing registrations and they will not work anymore.
Please keep the old values before applying the PATCH, as it will allow you to restore them in case of problems.",
"operationId": "updateRelyingPartyByIdUsingPATCH",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Fido2RelyingPartyOutput"
},
"examples": {
"ExampleRequestWithMandatoryFields": {
"value": {
"origins": [
"https://www.yourwebapp.example-tenant.com"
],
"publicKeyCredentialRpEntity": {
"id": "yourwebapp.example-tenant.com",
"name": "OneSpan",
"icon": "https://www.onespan.com/themes/custom/onespan/images/logo.svg"
}
}
},
"ExampleRequestWithAllFields": {
"value": {
"origins": [
"https://www.yourwebapp.example-tenant.com"
],
"publicKeyCredentialRpEntity": {
"id": "yourwebapp.example-tenant.com",
"name": "OneSpan",
"icon": "https://www.onespan.com/themes/custom/onespan/images/logo.svg"
},
"enableRegisteringWithExistingAuthenticator": false,
"publicKeyCredentialParameters": [
{
"type": "public-key",
"alg": "-65535"
},
{
"type": "public-key",
"alg": "-257"
}
],
"signCounterHandleMethod": "throw_exception",
"timeout": 15000
}
}
}
}
},
"required": true
},
"responses": {
"200": {
"description": "FIDO2 Relying Party update successful.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Fido2RelyingPartyOutput"
}
}
}
},
"400": {
"description": "Input data errors.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "FIDO2 Reyling Party not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/fido2-relying-parties/{uuid}/make-default": {
"parameters": [
{
"name": "uuid",
"in": "path",
"required": true,
"description": "Unique identifier of the Relying Party.",
"example": "b181a5f3-ea71-4331-8280-dc9ackc77d09",
"schema": {
"type": "string"
}
}
],
"post": {
"tags": [
"FIDO2 Relying Parties"
],
"summary": "Set a FIDO2 Relying Party as default in the tenant configuration",
"description": "Entry point for setting the default FIDO2 Relying Party in the tenant configuration.",
"operationId": "setDefaultRelyingPartyPost",
"responses": {
"204": {
"description": "Make default operation successful."
},
"400": {
"description": "Input data errors.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "FIDO2 Reyling Party not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/sessions/{requestID}": {
"parameters": [
{
"$ref": "#/components/parameters/RequestID"
}
],
"get": {
"tags": [
"Sessions"
],
"summary": "View the status of a session",
"description": "Entry point for viewing the status for a session.",
"operationId": "checkSessionUsingGET",
"responses": {
"200": {
"description": "Session status returned.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CheckSessionStatusOutput"
}
}
}
},
"400": {
"$ref": "#/components/responses/CheckSessionStatus-400-InvalidRequestID"
},
"404": {
"$ref": "#/components/responses/CheckSessionStatus-404-SessionNotFound"
},
"500": {
"$ref": "#/components/responses/CheckSessionStatus-500-InternalServerError"
}
}
}
},
"/transactions": {
"post": {
"tags": [
"Transactions"
],
"summary": "Insert a transaction",
"description": "Entry point for Risk Analytics transaction insertion.",
"operationId": "insertTransactionUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/RiskAnalyticsEnvironment"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/TransactionInput"
}
}
},
"required": true
},
"responses": {
"201": {
"description": "Transaction inserted successfully.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/TransactionOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users": {
"get": {
"tags": [
"Users"
],
"summary": "Query users",
"description": "Entry point for querying users.",
"operationId": "queryUsersUsingGET",
"parameters": [
{
"name": "userID",
"in": "query",
"required": false,
"description": "User ID of the user to search for (supports wildcard).",
"schema": {
"type": "string",
"maxLength": 255,
"default": "*"
}
},
{
"name": "displayName",
"in": "query",
"required": false,
"description": "Display name of the user(s) to search for.",
"schema": {
"type": "string",
"maxLength": 255,
"default": "*"
}
},
{
"name": "domain",
"in": "query",
"required": false,
"description": "Domain wherein to search for user accounts.",
"schema": {
"type": "string",
"maxLength": 255
}
},
{
"name": "emailAddress",
"in": "query",
"required": false,
"description": "E-mail address of the user.",
"schema": {
"type": "string",
"maxLength": 254,
"default": "*"
}
},
{
"name": "hasAdminPrivileges",
"in": "query",
"required": false,
"description": "Indicates whether the user has admin privileges.",
"schema": {
"type": "boolean"
}
},
{
"name": "hasAuthenticatorAssigned",
"in": "query",
"required": false,
"description": "Indicates whether to search for users with assigned authenticator.",
"schema": {
"type": "boolean"
}
},
{
"name": "expired",
"in": "query",
"required": false,
"description": "Indicates whether the user's account expired.",
"schema": {
"type": "boolean"
}
},
{
"name": "locked",
"in": "query",
"required": false,
"description": "User account lock status.",
"schema": {
"type": "boolean"
}
},
{
"name": "enabled",
"in": "query",
"required": false,
"description": "User account enabled status.",
"schema": {
"type": "boolean"
}
},
{
"name": "offset",
"in": "query",
"required": false,
"description": "Index of the first user account returned.",
"schema": {
"type": "integer",
"format": "int32",
"minimum": 0,
"default": 0
}
},
{
"name": "limit",
"in": "query",
"required": false,
"description": "Number of user accounts returned (max = 100).",
"schema": {
"type": "integer",
"format": "int32",
"minimum": 1,
"maximum": 100,
"default": 20
}
}
],
"responses": {
"200": {
"description": "User accounts returned.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UsersOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/register": {
"post": {
"tags": [
"Users",
"Provisioning"
],
"summary": "Register a new user account",
"operationId": "userRegisterUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/RiskAnalyticsEnvironment"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"$ref": "#/components/schemas/RegisterUserInputEx"
},
{
"$ref": "#/components/schemas/AdaptiveRegisterUserInput"
},
{
"$ref": "#/components/schemas/RegisterUserInput"
}
],
"discriminator": {
"propertyName": "objectType"
}
},
"examples": {
"RegisterUserInputEx": {
"value": {
"objectType": "RegisterUserInputEx",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"clientIP": "192.168.0.1",
"staticPassword": "Test1234",
"userID": "userid1"
}
},
"AdaptiveRegisterUserInput": {
"value": {
"objectType": "AdaptiveRegisterUserInput",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"clientIP": "192.168.0.1",
"relationshipRef": "userid1",
"staticPassword": "Test1234",
"sessionID": "4ED23EA44F23",
"userID": "userid1"
}
},
"RegisterUserInput": {
"value": {
"clientIP": "192.168.0.1",
"login": "userid1",
"passKey": "Test1234",
"sessionIdentifier": "4ED23EA44F23",
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
}
}
}
}
},
"required": true
},
"responses": {
"200": {
"description": "User account registered.",
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"$ref": "#/components/schemas/RegisterUserOutputFido"
},
{
"$ref": "#/components/schemas/RegisterUserOutputEx"
},
{
"$ref": "#/components/schemas/RegisterUserOutput"
}
]
},
"example": {
"activationPassword": "9h2679Q8",
"riskResponseCode": 0,
"serialNumber": "VDS1234567"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 400,
"error": "Bad Request",
"message": "Input data validation failed",
"service": "userregister",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000",
"validationErrors": [
{
"object": "ObjectType",
"field": "objectType",
"message": "Field must be present"
}
]
}
}
}
},
"403": {
"$ref": "#/components/responses/UserRegister-403-Forbidden"
},
"409": {
"description": "User account could not be registered.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"examples": {
"Password Validation Failure": {
"$ref": "#/components/examples/UserRegister-409-PasswordValidationFailure"
},
"User Account Locked": {
"$ref": "#/components/examples/UserRegister-409-UserAccountLocked"
},
"User Account Disabled": {
"$ref": "#/components/examples/UserRegister-409-UserAccountDisabled"
}
}
}
}
},
"500": {
"$ref": "#/components/responses/UserRegister-500-InternalServerError"
}
}
}
},
"/users/unregister": {
"post": {
"deprecated": true,
"tags": [
"Users"
],
"summary": "Delete a user account",
"operationId": "userUnregisterUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/RiskAnalyticsEnvironment"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UnregisterUserInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "User account unregistered.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UnregisterUserOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "User account could not be unregistered.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/generate-fido-registration-request": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users",
"FIDO Registration"
],
"summary": "Generate RegistrationRequest for requested FIDO protocol",
"operationId": "generateFidoRegistrationRequest",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FidoRegistrationRequestGenerateInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "RegistrationRequest generated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FidoRegistrationRequestInput"
}
}
}
},
"400": {
"description": "Input data errors.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/generate-fido-authentication-request": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users",
"FIDO Authentication"
],
"summary": "Generate AuthenticationRequest for requested FIDO protocol",
"operationId": "generateFidoAuthenticationRequest",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FidoAuthenticationRequestGenerateInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "AuthenticationRequest generated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FidoAuthenticationRequestInput"
}
}
}
},
"400": {
"description": "Input data errors.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/deregister-fido-uaf-keys": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users",
"FIDO UAF Deregistration"
],
"summary": "Deregister keys for FIDO UAF protocol",
"operationId": "deregisterFidoUafKeysUserUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"type": "object",
"description": "Parameters used to deregister a key for a given user.",
"required": [
"aaid",
"keyID"
],
"properties": {
"aaid": {
"type": "string",
"description": "Authenticator Attestation ID.",
"maxLength": 9
},
"keyID": {
"type": "string",
"description": "Registration key identifier."
}
}
}
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Keys successfully deregistered.",
"content": {
"application/json": {
"schema": {
"type": "object",
"description": "Object used to transfer UAF DeregistrationRequest.",
"required": [
"deregistrationRequest",
"uafStatusCode"
],
"properties": {
"deregistrationRequest": {
"type": "string",
"description": "DeregistrationRequest from respective FIDO UAF protocol."
},
"uafStatusCode": {
"description": "Status code indicating the result of the UAF protocol operation.",
"type": "integer",
"format": "int32"
}
}
}
}
}
},
"400": {
"description": "Input data errors.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Deregistration failed.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/deregister-fido-uaf-authenticators": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users",
"FIDO UAF Deregistration"
],
"summary": "Deregister authenticators for FIDO UAF protocol",
"description": "Deregistering authenticators by a valid AAID or all authenticators of a user by an empty JSON object request '{}'.",
"operationId": "deregisterFidoUafAuthenticatorsUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"type": "object",
"description": "Parameters to delete either all authenticators for a certain user(aaid not provided), or all authenticators for user/aaid combination.",
"properties": {
"aaid": {
"type": "string",
"description": "Authenticator Attestation ID.",
"maxLength": 9
}
}
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Authenticators successfully deregistered.",
"content": {
"application/json": {
"schema": {
"type": "object",
"description": "Object used to transfer UAF DeregistrationRequest.",
"required": [
"deregistrationRequest",
"uafStatusCode"
],
"properties": {
"deregistrationRequest": {
"type": "string",
"description": "DeregistrationRequest from respective FIDO UAF protocol."
},
"uafStatusCode": {
"description": "Status code indicating the result of the UAF protocol operation.",
"type": "integer",
"format": "int32"
}
}
}
}
}
},
"400": {
"description": "Input data errors.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Deregistration failed.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/fido-uaf-app-facets": {
"get": {
"tags": [
"FIDO UAF Trusted Facet List"
],
"summary": "Retrieving trusted facets list for Fido UAF protocol",
"description": "Retrieving trusted facets list for Fido UAF protocol.",
"operationId": "fidoTrustedFacetsListUsingGET",
"responses": {
"200": {
"description": "List of trusted facets successfully retrieved.",
"content": {
"application/fido.trusted-apps+json": {
"schema": {
"type": "object",
"description": "Object used to return Trusted Facet ID-s List.",
"required": [
"trustedFacets"
],
"properties": {
"trustedFacets": {
"type": "array",
"description": "List of Trusted Facets",
"items": {
"type": "object",
"required": [
"version",
"ids"
],
"properties": {
"version": {
"type": "object",
"required": [
"major",
"minor"
],
"properties": {
"major": {
"type": "integer",
"description": "Version major number",
"example": 1
},
"minor": {
"type": "integer",
"description": "Version minor nummber",
"example": 0
}
}
},
"ids": {
"type": "array",
"description": "List of Trusted Facet ID-s",
"items": {
"type": "string",
"example": "https://register.example.com"
}
}
}
}
}
}
}
}
}
},
"404": {
"description": "UAF trusted facets list not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal Server Error.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/unregister": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users"
],
"summary": "Delete a user account",
"operationId": "userUnregisterExUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/RiskAnalyticsEnvironment"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"$ref": "#/components/schemas/UnregisterUserInputEx"
},
{
"$ref": "#/components/schemas/AdaptiveUnregisterUserInput"
}
],
"discriminator": {
"propertyName": "objectType"
}
},
"examples": {
"UnregisterUserInputEx": {
"value": {
"objectType": "UnregisterUserInputEx",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"clientIP": "192.168.0.1"
}
},
"AdaptiveUnregisterUserInput": {
"value": {
"objectType": "AdaptiveUnregisterUserInput",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"clientIP": "192.168.0.1",
"relationshipRef": "userid1",
"sessionID": "4ED23EA44F23"
}
}
}
}
},
"required": true
},
"responses": {
"200": {
"description": "User account unregistered.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UnregisterUserOutputEx"
}
}
}
},
"204": {
"description": "User account unregistered."
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "User account could not be unregistered.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"get": {
"tags": [
"Users"
],
"summary": "View a user",
"description": "Entry point for retrieving user information.",
"operationId": "viewUserUsingGET",
"responses": {
"200": {
"description": "User account returned.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
},
"head": {
"tags": [
"Users"
],
"summary": "Check if a user account exists",
"description": "Entry point for checking if a user account exists.",
"operationId": "checkUserExistsUsingHEAD",
"responses": {
"204": {
"description": "User account exists.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
}
},
"400": {
"description": "The input is invalid."
},
"403": {
"description": "The command is prohibited for the tenant admin account."
},
"404": {
"description": "User account not found."
},
"500": {
"description": "Internal error, sub service failure, server crash."
}
}
},
"put": {
"tags": [
"Users"
],
"summary": "Create a user",
"description": "Entry point for user creation.",
"operationId": "createUserUsingPUT",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateUserInput"
}
}
},
"required": true
},
"responses": {
"201": {
"description": "User account created.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "Domain does not exist.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "User account already exists.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
},
"delete": {
"tags": [
"Users"
],
"summary": "Delete a user",
"description": "Entry point for user deletion.",
"operationId": "deleteUserUsingDELETE",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-User"
}
],
"responses": {
"204": {
"description": "User account deleted."
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
},
"patch": {
"tags": [
"Users"
],
"summary": "Update a user",
"description": "Entry point for updating a user.",
"operationId": "updateUserUsingPATCH",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-User"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateUserInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "User account updated.",
"headers": {
"ETag": {
"description": "Current entity state version. Should be treated as opaque and used to make conditional follow-up requests.",
"schema": {
"type": "string"
}
}
},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Failed to update user account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/assign": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users"
],
"summary": "Assign an authenticator to a user",
"description": "Entry point for authenticator assignment.",
"operationId": "assignUserUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AssignUserInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Authenticator assigned.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticatorOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Authenticator already assigned or not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/register-fido-device": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users",
"FIDO Registration"
],
"summary": "Assign (register) a FIDO authenticator to a user",
"description": "Entry point for FIDO authenticator assignment.",
"operationId": "registerFidoDeviceUserUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/FidoRegistrationResponseOutput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Authenticator assigned.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RegisterFidoDeviceOutput"
}
}
}
},
"400": {
"description": "Input data errors.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Registration failed or authenticator already assigned.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/events/validate": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users",
"Events"
],
"summary": "Validate a non-monetary event",
"description": "Entry point for Intelligent Adaptive Authentication non-monetary event validation.",
"operationId": "eventValidationUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/RiskAnalyticsEnvironment"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AdaptiveEventValidationInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Event validation request successful.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EventValidationOutput"
}
}
}
},
"202": {
"description": "Asynchronous event validation request accepted. Push notification has been sent.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/EventValidationOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Failed to validate event.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/login": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users"
],
"summary": "Login a user",
"description": "Entry point for user login.",
"operationId": "loginUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/RiskAnalyticsEnvironment"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"$ref": "#/components/schemas/LoginInput"
},
{
"$ref": "#/components/schemas/AdaptiveLoginInput"
}
],
"discriminator": {
"propertyName": "objectType"
}
},
"examples": {
"LoginInput": {
"value": {
"objectType": "LoginInput",
"credentials": {
"authenticator": {
"PIN": "1234",
"OTP": "123456",
"serialNumber": "VDS1234567"
}
},
"requestID": "413b2c39-2d67-4293-9adb-25601731b062"
}
},
"AdaptiveLoginInput": {
"value": {
"objectType": "AdaptiveLoginInput",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"relationshipRef": "userid1",
"sessionID": "4ED23EA44F23",
"clientIP": "192.168.0.1",
"credentials": {
"authenticator": {
"PIN": "1234",
"OTP": "123456",
"serialNumber": "VDS1234567"
}
},
"requestID": "413b2c39-2d67-4293-9adb-25601731b062"
}
}
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Login request successful.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/LoginOutput"
}
}
}
},
"202": {
"description": "Asynchronous login request accepted. Push notification has been sent.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/LoginOutput"
}
}
}
},
"400": {
"$ref": "#/components/responses/Event-400-LoginInputInvalid"
},
"403": {
"$ref": "#/components/responses/Event-403-Forbidden"
},
"404": {
"$ref": "#/components/responses/Event-404-UserNotFound"
},
"409": {
"description": "Failed to login user.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"$ref": "#/components/responses/Event-500-InternalServerError"
}
}
}
},
"/users/{userID@domain}/generate-challenge": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users"
],
"summary": "Generate a challenge",
"description": "Entry point for generating a challenge.",
"operationId": "generateChallengeUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateChallengeInput"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Challenge generated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateChallengeOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "No applicable authenticator found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/generate-secure-challenge": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users"
],
"summary": "Generate a secure challenge",
"description": "Entry point for generating a secure challenge message.",
"operationId": "generateSecureChallengeUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateSecureChallengeInput"
},
"example": {
"serialNumber": "VDS1234567",
"request": {
"body": {
"challenge": "Are you trying to login?",
"title": {
"text": "TID",
"formatting": {
"bold": true,
"italic": false,
"inverse": false,
"color": "blue",
"alignment": "center",
"fontTable": "ISO-8859-15"
}
},
"options": {
"askPIN": true,
"cryptoAppIndex": 1,
"fontTable": "ISO-8859-15",
"templateNumber": 0
}
}
}
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Secure challenge generated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateRequestMessageOutput"
},
"example": {
"requestID": "413b2c39-2d67-4293-9adb-25601731b062",
"requestMessage": "000090B81DEF372C37266CF4E1F4BFF4DDE71F1F1F129F3E5E3E5E5D9E31872C8727FCF4BCF4BFF4B7F4B9F4BEF447"
}
}
}
},
"400": {
"$ref": "#/components/responses/SecureMessaging-400-GenerateSecureChallengeInvalid"
},
"403": {
"$ref": "#/components/responses/SecureMessaging-403-Forbidden"
},
"404": {
"$ref": "#/components/responses/SecureMessaging-404-UserNotFound"
},
"409": {
"description": "Failed to generate secure challenge.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"examples": {
"No Applicable Digipass Found": {
"$ref": "#/components/examples/SecureMessaging-409-NoApplicableDigipassFound"
},
"User Locked": {
"$ref": "#/components/examples/SecureMessaging-409-UserLocked"
},
"User Disabled": {
"$ref": "#/components/examples/SecureMessaging-409-UserDisabled"
},
"User Expired": {
"$ref": "#/components/examples/SecureMessaging-409-UserExpired"
},
"Temporary User Expired": {
"$ref": "#/components/examples/SecureMessaging-409-TempUserExpired"
}
}
}
}
},
"500": {
"$ref": "#/components/responses/SecureMessaging-500-InternalServerError"
}
}
}
},
"/users/{userID@domain}/generate-signing-request": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users"
],
"summary": "Generate a signing request",
"description": "Entry point for generating a signing request message.",
"operationId": "generateSigningRequestUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateSigningRequestInput"
},
"example": {
"serialNumber": "VDS1234567",
"request": {
"body": {
"dataFields": [
{
"key": {
"text": "Amount",
"formatting": {
"bold": true,
"italic": true,
"inverse": false,
"color": "deviceDefault",
"alignment": "deviceDefault",
"fontTable": "ISO-8859-15"
}
},
"value": {
"text": "1064.99",
"formatting": {
"bold": false,
"italic": false,
"inverse": false,
"color": "red",
"alignment": "left",
"fontTable": "ISO-8859-15"
}
}
}
],
"title": {
"text": "Transaction request",
"formatting": {
"bold": true,
"italic": false,
"inverse": false,
"color": "blue",
"alignment": "center",
"fontTable": "ISO-8859-15"
}
},
"options": {
"askApproval": true,
"askPIN": true,
"cryptoAppIndex": 1,
"fontTable": "ISO-8859-15",
"showData": true,
"showMAC": true,
"showWarning": false,
"templateNumber": 0
}
}
}
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Signing request generated.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateRequestMessageOutput"
},
"example": {
"requestID": "413b2c39-2d67-4293-9adb-25601731b062",
"requestMessage": "0000F8B81DF22F270F27AF266D0D1F1451061B3F51EF872C37266F2647270F2C8727FF2C3546F632CB38402C8C2BC31EFAF4BDF4BFF4DDF4BEF4DCE76826470EB93E04"
}
}
}
},
"400": {
"$ref": "#/components/responses/SecureMessaging-400-GenerateSigningRequestInvalid"
},
"403": {
"$ref": "#/components/responses/SecureMessaging-403-Forbidden"
},
"404": {
"$ref": "#/components/responses/SecureMessaging-404-UserNotFound"
},
"409": {
"description": "Failed to generate secure challenge.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"examples": {
"No Applicable Digipass Found": {
"$ref": "#/components/examples/SecureMessaging-409-NoApplicableDigipassFound"
},
"User Locked": {
"$ref": "#/components/examples/SecureMessaging-409-UserLocked"
},
"User Disabled": {
"$ref": "#/components/examples/SecureMessaging-409-UserDisabled"
},
"User Expired": {
"$ref": "#/components/examples/SecureMessaging-409-UserExpired"
},
"Temporary User Expired": {
"$ref": "#/components/examples/SecureMessaging-409-TempUserExpired"
}
}
}
}
},
"500": {
"$ref": "#/components/responses/SecureMessaging-500-InternalServerError"
}
}
}
},
"/users/{userID@domain}/reset-password": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users"
],
"summary": "Reset password for a user",
"description": "Entry point to reset the password for a user.",
"operationId": "resetPasswordUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-User"
}
],
"responses": {
"204": {
"description": "Password reset.",
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/transactions/validate": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users",
"Transactions"
],
"summary": "Validate a transaction",
"description": "Entry point for Intelligent Adaptive Authentication transaction validation.",
"operationId": "transactionValidationUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/RiskAnalyticsEnvironment"
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"$ref": "#/components/schemas/TransactionValidationInput"
},
{
"$ref": "#/components/schemas/AdaptiveTransactionValidationInput"
}
],
"discriminator": {
"propertyName": "objectType"
}
},
"examples": {
"TransactionValidationInput": {
"value": {
"objectType": "TransactionValidationInput",
"data": {
"secureChannel": {
"requestID": "413b2c39-2d67-4293-9adb-25601731b062",
"signature": "123456"
}
},
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"clientIP": "192.168.0.1"
}
},
"AdaptiveTransactionValidationInput": {
"value": {
"objectType": "AdaptiveTransactionValidationInput",
"accountRef": "ACC123",
"amount": "1064.99",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"currency": "EUR",
"data": {
"transactionMessage": {
"dataFields": [
{
"key": {
"text": "Transaction Value"
},
"value": {
"text": "EUR 1064.99"
}
}
]
}
},
"relationshipRef": "userid1",
"sessionID": "4ED23EA44F23",
"transactionType": "ExternalTransfer",
"clientIP": "192.168.0.1",
"creditorBank": "MYBANK",
"creditorIBAN": "BE68539007547034",
"creditorName": "John Doe",
"creditorOtherInstruction": "0",
"debtorIBAN": "BE71096123456769",
"timeout": 60
}
}
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Transaction validation request successful.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/TransactionValidationOutput"
}
}
}
},
"202": {
"description": "Asynchronous transaction validation request accepted. Push notification has been sent.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/TransactionValidationOutput"
}
}
}
},
"400": {
"$ref": "#/components/responses/Transaction-400-ObjectTypeMissing"
},
"403": {
"$ref": "#/components/responses/Transaction-403-Forbidden"
},
"404": {
"$ref": "#/components/responses/Transaction-404-UserNotFound"
},
"409": {
"description": "Failed to validate transaction.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"$ref": "#/components/responses/Transaction-500-InternalServerError"
}
}
}
},
"/users/{userID@domain}/unlock": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users"
],
"summary": "Unlock a user",
"description": "Entry point for unlocking a user.",
"operationId": "unlockUserUsingPOST",
"parameters": [
{
"$ref": "#/components/parameters/IfMatch-User"
}
],
"responses": {
"204": {
"description": "User account unlocked.",
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "User account is not in locked state.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/send-push-notification": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users"
],
"summary": "Send a push notification message to a user's device",
"description": "Entry point for sending push notifications.",
"operationId": "sendPushNotificationUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SendPushNotificationInput"
}
}
},
"required": true
},
"responses": {
"204": {
"description": "Push notification message sent.",
"content": {
"application/json": {
"schema": {
"type": "object"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Failed to send push notification message.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/sync-authenticator": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users"
],
"summary": "Synchronize the host time with the authenticator time",
"description": "Based on two contiguous OTP's, this endpoint synchronizes the host time with the authenticator time, and/or the host event counter with the authenticator event counter.",
"operationId": "syncAuthenticatorUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"oneOf": [
{
"$ref": "#/components/schemas/SyncAuthenticatorInput"
}
],
"discriminator": {
"propertyName": "objectType"
}
},
"examples": {
"SyncAuthenticatorInput": {
"value": {
"objectType": "SyncAuthenticatorInput",
"serialNumber": "VDS1234567",
"OTP1": "123456",
"OTP2": "123459",
"PIN": "1234"
}
}
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Sync host time based on authenticator time successful.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/SyncAuthenticatorOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Conflict error.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/authenticators/{serialNumber}/update-pnid": {
"post": {
"deprecated": false,
"tags": [
"Users",
"Provisioning"
],
"summary": "Update device PNID",
"description": "This endpoint updates the push notification ID for specified a user and authenticator, it provides the sixth optional step of the onlineMDL activation flow started via /registrations.",
"operationId": "updateDevicePnidUsingPOST",
"parameters": [
{
"name": "userID@domain",
"in": "path",
"required": true,
"description": "Unique identifier for the user formatted as userID@domain.",
"schema": {
"type": "string",
"pattern": "^.{1,255}@.{1,255}$",
"minLength": 1,
"maxLength": 511,
"example": "userid1@domain1"
}
},
{
"name": "serialNumber",
"in": "path",
"required": true,
"description": "Serial number of the authenticator.",
"schema": {
"type": "string",
"pattern": "^[A-Z0-9]{3}[0-9]{7}(-[0-9]{1,2})?$",
"minLength": 10,
"maxLength": 13,
"example": "VDS1234567-1"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UpdateDevicePnidInput"
}
}
},
"required": true
},
"responses": {
"204": {
"description": "Push notification ID updated."
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "The user account or authenticator was not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Failed to update the PNID for the authenticator.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Unexpected server error.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/users/{userID@domain}/generate-virtual-signature": {
"parameters": [
{
"$ref": "#/components/parameters/UserIdDomain"
}
],
"post": {
"tags": [
"Users"
],
"summary": "Generate a virtual signature",
"description": "Entry point for generating a virtual signature.",
"operationId": "generateVirtualSignatureRequestUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/GenerateVirtualSignatureInput"
}
}
},
"required": true
},
"responses": {
"204": {
"description": "Virtual signature generated."
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"403": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"404": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"409": {
"description": "Failed to generate or deliver a virtual signature.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
},
"/visualcodes/render": {
"get": {
"tags": [
"Visual Codes"
],
"summary": "Render a visual code and get raw access to the image URI",
"operationId": "renderVisualCodeUsingGET",
"parameters": [
{
"name": "message",
"in": "query",
"description": "Hexadecimal encoded message to be embedded in the image.",
"required": false,
"schema": {
"type": "string",
"pattern": "^([0-9a-fA-F]{2})+$",
"minLength": 2,
"example": "4F6E655370616E"
}
},
{
"name": "format",
"in": "query",
"description": "Output format.",
"required": false,
"schema": {
"type": "string",
"enum": [
"CRONTO",
"QRCODE"
],
"default": "CRONTO",
"example": "CRONTO"
}
},
{
"name": "imageSize",
"in": "query",
"description": "Image size. When the image format is CRONTO, this will be truncated to the lower multiple of 35.",
"required": false,
"schema": {
"type": "integer",
"format": "int32",
"minimum": 35,
"maximum": 700,
"default": 175,
"example": 210
}
}
],
"responses": {
"200": {
"description": "Visual code returned.",
"content": {
"image/png": {
"schema": {
"type": "string",
"format": "binary"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
},
"post": {
"tags": [
"Visual Codes"
],
"summary": "Render a visual code",
"operationId": "renderVisualCodeUsingPOST",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RenderInput"
}
}
},
"description": "Input payload for visual code rendering."
},
"responses": {
"200": {
"description": "Visual code returned.",
"content": {
"image/png": {
"schema": {
"type": "string",
"format": "binary"
}
},
"image/jpeg": {
"schema": {
"type": "string",
"format": "binary"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/RenderDataUriOutput"
}
}
}
},
"400": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
},
"500": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
}
}
}
}
}
}
}
},
"components": {
"schemas": {
"ActivationDataOutput": {
"type": "object",
"required": [
"activationData"
],
"properties": {
"activationData": {
"type": "string",
"description": "Full activation data for the authenticator.",
"example": "E2A6382DFF892E0232748752A0BCA2D23"
},
"eventReactivationCounter": {
"type": "string",
"description": "Number of times the authenticator has been activated.",
"example": "1"
}
}
},
"ActivationInput": {
"type": "object",
"required": [
"signature"
],
"properties": {
"signature": {
"type": "string",
"description": "The signature generated by the authenticator upon processing the second activation message.",
"minLength": 6,
"maxLength": 16,
"example": "123456"
}
},
"description": "The request payload for activating the device."
},
"ActivationMessageOutput": {
"type": "object",
"required": [
"activationMessage"
],
"properties": {
"activationMessage": {
"type": "string",
"description": "Activation message for compliant devices.",
"example": "0000C3E40165135320716417A9801601D1CD08BF5F9B7A08565C8A6B27F90AB2BC0AF541446CF3FCFC8F1B10B2DE733F95381"
}
}
},
"ActivationOutput": {
"type": "object",
"properties": {
"domain": {
"type": "string",
"description": "The domain in which the user account resides.",
"maxLength": 255,
"example": "domain1"
},
"serialNumber": {
"type": "string",
"description": "Serial number of the activated authenticator instance.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}(-[0-9]{1,2})?$",
"minLength": 10,
"maxLength": 13,
"example": "VDS1234567-1"
},
"userID": {
"type": "string",
"description": "Identifier for the user the activated authenticator is assigned to.",
"maxLength": 255,
"example": "userid1"
}
},
"description": "The activation output object."
},
"AdaptiveEventValidationInput": {
"type": "object",
"required": [
"cddc",
"eventType",
"relationshipRef",
"sessionID"
],
"properties": {
"cddc": {
"type": "object",
"description": "Client device data collector meta data. The two fields browserCDDC and mobileCDDC are mutually exclusive and collectively exhaustive.",
"properties": {
"browserCDDC": {
"$ref": "#/components/schemas/BrowserCDDC"
},
"mobileCDDC": {
"$ref": "#/components/schemas/MobileCDDC"
}
},
"minProperties": 1,
"maxProperties": 1
},
"eventType": {
"type": "string",
"description": "Name of the non-monetary event type. String values for numeric keys related to custom event types are additionally accepted.",
"enum": [
"AddChequePrintingPayeeAttempt",
"AddChequePrintingPayeeFailed",
"AddChequePrintingPayeeSuccess",
"AlertSetupAttempt",
"AlertSetupFailed",
"AlertSetupSuccess",
"AmendBeneficiaryAttempt",
"AmendBeneficiaryFailed",
"AmendBeneficiarySuccess",
"AmendBillBeneficiaryAttempt",
"AmendBillBeneficiaryFailed",
"AmendBillBeneficiarySuccess",
"App2ActionStart",
"AppStart",
"BlockCardAttempt",
"BlockCardFailed",
"BlockCardSuccess",
"BulkTransactions",
"BulkTransactionsApprove",
"BulkTransactionsInput",
"BulkTransactionsRelease",
"CardActivateAttempt",
"CardActivateFail",
"CardActivateSuccess",
"ChangeAddressAttempt",
"ChangeAddressFailed",
"ChangeAddressInvalid",
"ChangeAddressSuccess",
"ChangeAlertDeliveryAttempt",
"ChangeAlertDeliveryFailed",
"ChangeAlertDeliverySuccess",
"ChangeCardPINAttempt",
"ChangeCardPINFailed",
"ChangeCardPINSuccess",
"ChangeEmailAttempt",
"ChangeEmailFailed",
"ChangeEmailSuccess",
"ChangeLimitAttempt",
"ChangeLimitFailed",
"ChangeLimitSuccess",
"ChangePasswordAttempt",
"ChangePasswordFailed",
"ChangePasswordInvalid",
"ChangePasswordSuccess",
"ChangePayeeGroupAttempt",
"ChangePayeeGroupFailed",
"ChangePayeeGroupSuccess",
"ChangePhoneNumberAttempt",
"ChangePhoneNumberFailed",
"ChangePhoneNumberSuccess",
"CheckBalance",
"CheckBalanceDetail",
"ChequePrintingRequestAttempt",
"ChequePrintingRequestFailed",
"ChequePrintingRequestSuccess",
"CreateNewCorporateUserAttempt",
"CreateNewCorporateUserFailed",
"CreateNewCorporateUserSuccess",
"DownloadAccountInformation",
"DPActivation",
"DPInstDeletion",
"GetTransactions",
"LoginAttempt",
"LoginAttemptBlocked",
"LoginAttemptInvalid",
"LoginAttemptOTP",
"LoginFailed",
"LoginSuccess",
"LoginWithChangePasswordBlocked",
"LoginWithChangePasswordFail",
"LoginWithChangePasswordSuccess",
"MobileAddChequePrintingPayeeAttempt",
"MobileAddChequePrintingPayeeFailed",
"MobileAddChequePrintingPayeeSuccess",
"MobileAlertSetupAttempt",
"MobileAlertSetupFailed",
"MobileAlertSetupSuccess",
"MobileAmendBeneficiaryAttempt",
"MobileAmendBeneficiaryFailed",
"MobileAmendBeneficiarySuccess",
"MobileAmendBillBeneficiaryAttempt",
"MobileAmendBillBeneficiaryFailed",
"MobileAmendBillBeneficiarySuccess",
"MobileBlockCardAttempt",
"MobileBlockCardFailed",
"MobileBlockCardSuccess",
"MobileBulkTransactions",
"MobileCardActivateAttempt",
"MobileCardActivateFail",
"MobileCardActivateSuccess",
"MobileChangeAddressAttempt",
"MobileChangeAddressFailed",
"MobileChangeAddressInvalid",
"MobileChangeAddressSuccess",
"MobileChangeAlertDeliveryAttempt",
"MobileChangeAlertDeliveryFailed",
"MobileChangeAlertDeliverySuccess",
"MobileChangeCardPINAttempt",
"MobileChangeCardPINFailed",
"MobileChangeCardPINSuccess",
"MobileChangeEmailAttempt",
"MobileChangeEmailFailed",
"MobileChangeEmailSuccess",
"MobileChangeLimitAttempt",
"MobileChangeLimitFailed",
"MobileChangeLimitSuccess",
"MobileChangePasswordAttempt",
"MobileChangePasswordFailed",
"MobileChangePasswordInvalid",
"MobileChangePasswordSuccess",
"MobileChangePayeeGroupAttempt",
"MobileChangePayeeGroupFailed",
"MobileChangePayeeGroupSuccess",
"MobileChangePhoneNumberAttempt",
"MobileChangePhoneNumberFailed",
"MobileChangePhoneNumberSuccess",
"MobileCheckBalance",
"MobileCheckBalanceDetail",
"MobileChequePrintingRequestAttempt",
"MobileChequePrintingRequestFailed",
"MobileChequePrintingRequestSuccess",
"MobileCreateNewCorporateUserAttempt",
"MobileCreateNewCorporateUserFailed",
"MobileCreateNewCorporateUserSuccess",
"MobileDownloadAccountInformation",
"MobileGetTransactions",
"MobileLoginAttempt",
"MobileLoginAttemptInvalid",
"MobileLoginAttemptOTP",
"MobileLoginFailed",
"MobileLoginSuccess",
"MobileNewBeneficiaryAttempt",
"MobileNewBeneficiaryFailed",
"MobileNewBeneficiarySuccess",
"MobileNewBillBeneficiaryAttempt",
"MobileNewBillBeneficiaryFailed",
"MobileNewBillBeneficiarySuccess",
"MobileNewPayeeGroupAttempt",
"MobileNewPayeeGroupFailed",
"MobileNewPayeeGroupSuccess",
"MobilePasswordRecoveryAttempt",
"MobilePasswordRecoveryFailed",
"MobilePasswordRecoverySuccess",
"MobileRegisterUser",
"MobileRegisterUserFail",
"MobileRegisterUserSuccess",
"MobileRegisterUserValidation",
"MobileRemoveBeneficiaryAttempt",
"MobileRemoveBeneficiaryFailed",
"MobileRemoveBeneficiarySuccess",
"MobileRemoveBillBeneficiaryAttempt",
"MobileRemoveBillBeneficiaryFailed",
"MobileRemoveBillBeneficiarySuccess",
"MobileRemovePayeeGroupAttempt",
"MobileRemovePayeeGroupFailed",
"MobileRemovePayeeGroupSuccess",
"MobileRevokeNewCorporateUserAttempt",
"MobileRevokeNewCorporateUserFailed",
"MobileRevokeNewCorporateUserSuccess",
"MobileSignedAddChequePrintingPayeeAttempt",
"MobileSignedAlertSetupAttempt",
"MobileSignedAmendBeneficiaryAttempt",
"MobileSignedAmendBillBeneficiaryAttempt",
"MobileSignedBlockCardAttempt",
"MobileSignedBulkTransactions",
"MobileSignedCardActivateAttempt",
"MobileSignedChangeAddressAttempt",
"MobileSignedChangeAlertDeliveryAttempt",
"MobileSignedChangeCardPINAttempt",
"MobileSignedChangeEmailAttempt",
"MobileSignedChangeLimitAttempt",
"MobileSignedChangePasswordAttempt",
"MobileSignedChangePayeeGroupAttempt",
"MobileSignedChangePhoneNumberAttempt",
"MobileSignedCheckBalance",
"MobileSignedCheckBalanceDetail",
"MobileSignedChequePrintingRequestAttempt",
"MobileSignedCreateNewCorporateUserAttempt",
"MobileSignedDownloadAccountInformation",
"MobileSignedGetTransactions",
"MobileSignedNewBeneficiaryAttempt",
"MobileSignedNewBillBeneficiaryAttempt",
"MobileSignedNewPayeeGroupAttempt",
"MobileSignedPasswordRecoveryAttempt",
"MobileSignedRemoveBeneficiaryAttempt",
"MobileSignedRemoveBillBeneficiaryAttempt",
"MobileSignedRemovePayeeGroupAttempt",
"MobileSignedRevokeNewCorporateUserAttempt",
"MobileSignedUnlockNewCorporateUserAttempt",
"MobileSignedUserIDRecoveryAttempt",
"MobileUnlockNewCorporateUserAttempt",
"MobileUnlockNewCorporateUserFailed",
"MobileUnlockNewCorporateUserSuccess",
"MobileUnregisterUser",
"MobileUnregisterUserFail",
"MobileUnregisterUserSuccess",
"MobileUnregisterUserValidation",
"MobileUserIDRecoveryAttempt",
"MobileUserIDRecoveryFailed",
"MobileUserIDRecoverySuccess",
"NewBeneficiaryAttempt",
"NewBeneficiaryFailed",
"NewBeneficiarySuccess",
"NewBillBeneficiaryAttempt",
"NewBillBeneficiaryFailed",
"NewBillBeneficiarySuccess",
"NewPayeeGroupAttempt",
"NewPayeeGroupFailed",
"NewPayeeGroupSuccess",
"NotifActionStart",
"OfflineTimeSync",
"OnlineTimeSync",
"PasswordRecoveryAttempt",
"PasswordRecoveryFailed",
"PasswordRecoverySuccess",
"PinChanged",
"RegisterUser",
"RegisterUserFail",
"RegisterUserSuccess",
"RegisterUserValidation",
"RemoveBeneficiaryAttempt",
"RemoveBeneficiaryFailed",
"RemoveBeneficiarySuccess",
"RemoveBillBeneficiaryAttempt",
"RemoveBillBeneficiaryFailed",
"RemoveBillBeneficiarySuccess",
"RemovePayeeGroupAttempt",
"RemovePayeeGroupFailed",
"RemovePayeeGroupSuccess",
"RevokeNewCorporateUserAttempt",
"RevokeNewCorporateUserFailed",
"RevokeNewCorporateUserSuccess",
"SetBiometric",
"SignedAddChequePrintingPayeeAttempt",
"SignedAlertSetupAttempt",
"SignedAmendBeneficiaryAttempt",
"SignedAmendBillBeneficiaryAttempt",
"SignedBlockCardAttempt",
"SignedBulkTransactions",
"SignedBulkTransactionsApprove",
"SignedBulkTransactionsInput",
"SignedBulkTransactionsRelease",
"SignedCardActivateAttempt",
"SignedChangeAddressAttempt",
"SignedChangeAlertDeliveryAttempt",
"SignedChangeCardPINAttempt",
"SignedChangeEmailAttempt",
"SignedChangeLimitAttempt",
"SignedChangePasswordAttempt",
"SignedChangePayeeGroupAttempt",
"SignedChangePhoneNumberAttempt",
"SignedCheckBalance",
"SignedCheckBalanceDetail",
"SignedChequePrintingRequestAttempt",
"SignedCreateNewCorporateUserAttempt",
"SignedDownloadAccountInformation",
"SignedGetTransactions",
"SignedNewBeneficiaryAttempt",
"SignedNewBillBeneficiaryAttempt",
"SignedNewPayeeGroupAttempt",
"SignedNewPsuConsent",
"SignedPasswordRecoveryAttempt",
"SignedRemoveBeneficiaryAttempt",
"SignedRemoveBillBeneficiaryAttempt",
"SignedRemovePayeeGroupAttempt",
"SignedRevokeNewCorporateUserAttempt",
"SignedUnlockNewCorporateUserAttempt",
"SignedUserIDRecoveryAttempt",
"TPPCheckBalance",
"TPPCheckBalanceDetail",
"TPPGetAccountDetail",
"TPPGetAccountList",
"TPPGetPSUDetail",
"TPPGetTransactions",
"TPPGetTrustedBeneficiaries",
"TPPNewPsuConsent",
"TPPSignedNewPsuConsent",
"TrustedDeviceAddChequePrintingPayeeValidation",
"TrustedDeviceAlertSetupValidation",
"TrustedDeviceAmendBenefValidation",
"TrustedDeviceAmendBillBeneficiaryValidation",
"TrustedDeviceAuthentication",
"TrustedDeviceBlockCardValidation",
"TrustedDeviceBulkTransactionsValidation",
"TrustedDeviceCardActivateValidation",
"TrustedDeviceChangeAddressValidation",
"TrustedDeviceChangeAlertDeliveryValidation",
"TrustedDeviceChangeCardPINValidation",
"TrustedDeviceChangeEmailValidation",
"TrustedDeviceChangeLimitValidation",
"TrustedDeviceChangePasswordValidation",
"TrustedDeviceChangePayeeGroupValidation",
"TrustedDeviceChangePhoneNumberValidation",
"TrustedDeviceChangeProfileValidation",
"TrustedDeviceCheckBalanceDetailValidation",
"TrustedDeviceCheckBalanceValidation",
"TrustedDeviceChequePrintingRequestValidation",
"TrustedDeviceCreateNewCorporateUserValidation",
"TrustedDeviceDownloadAccountInfoValidation",
"TrustedDeviceGetTransactionsValidation",
"TrustedDeviceLoginValidation",
"TrustedDeviceNewBenefValidation",
"TrustedDeviceNewBillBeneficiaryValidation",
"TrustedDeviceNewPayeeGroupValidation",
"TrustedDeviceNewPsuConsentValidation",
"TrustedDevicePasswordRecoveryValidation",
"TrustedDeviceRegisterNotif",
"TrustedDeviceRemoveBenefValidation",
"TrustedDeviceRemoveBillBenefValidation",
"TrustedDeviceRemovePayeeGroupValidation",
"TrustedDeviceRevokeNewCorporateUserValidation",
"TrustedDeviceUnlockNewCorporateUserValidation",
"TrustedDeviceVerifyPasswordRequest",
"UnlockNewCorporateUserAttempt",
"UnlockNewCorporateUserFailed",
"UnlockNewCorporateUserSuccess",
"UnregisterUser",
"UnregisterUserFail",
"UnregisterUserSuccess",
"UnregisterUserValidation",
"UnsetBiometric",
"UserActionStart",
"UserIDRecoveryAttempt",
"UserIDRecoveryFailed",
"UserIDRecoverySuccess"
],
"example": "LoginSuccess"
},
"relationshipRef": {
"type": "string",
"description": "Relationship reference.",
"minLength": 1,
"maxLength": 150,
"example": "userid1"
},
"sessionID": {
"type": "string",
"description": "Application session identifier formatted as a hexadecimal string; common for all events related to the same session.",
"pattern": "^[0-9a-fA-F]+$",
"minLength": 2,
"maxLength": 100,
"example": "4ED23EA44F23"
},
"accountRef": {
"type": "string",
"description": "Customer (bank) account reference.",
"maxLength": 250,
"example": "ACC123"
},
"after": {
"type": "string",
"description": "Related value after the event.",
"maxLength": 4000,
"example": "1000"
},
"appLanguage": {
"type": "string",
"description": "Application language.",
"maxLength": 50,
"example": "en-CA"
},
"applicationRef": {
"type": "string",
"description": "Application reference.",
"maxLength": 64,
"example": "com.onespan.tid.myapp"
},
"authentMode": {
"type": "string",
"description": "Authentication mode.",
"maxLength": 2,
"example": "CR"
},
"authentStatus": {
"type": "integer",
"format": "int32",
"description": "Result of the user authentication performed externally. Non-zero results indicate failure to authenticate.",
"example": 0
},
"authentType": {
"type": "string",
"description": "Indicates the level of authentication. Strong customer authentication (SCA) requires at least two-factor authentication.",
"enum": [
"none",
"simple",
"strong"
],
"example": "strong"
},
"before": {
"type": "string",
"description": "Related value before the event.",
"maxLength": 4000,
"example": "990"
},
"behaviorTrained": {
"type": "boolean",
"description": "Indicates whether the behavior server is trained enough for the current user profile to perform an adequate behavioral scoring.",
"example": true
},
"behaviorScore": {
"type": "number",
"format": "double",
"description": "Behavioral score, as computed by the behavior server.",
"minimum": 0,
"maximum": 1,
"example": 0.5
},
"behaviorConfidence": {
"type": "number",
"format": "double",
"description": "Confidence in the behavioral score, as computed by the behavior server.",
"minimum": 0,
"maximum": 1,
"example": 0.5
},
"beneficiaryBank": {
"type": "string",
"description": "Name of the beneficiary bank.",
"maxLength": 50,
"example": "MYBANK"
},
"beneficiaryBankCountry": {
"$ref": "#/components/schemas/CountryCode"
},
"beneficiaryIBAN": {
"type": "string",
"description": "Beneficiary international bank account number (IBAN).",
"maxLength": 96,
"example": "BE68539007547034"
},
"beneficiaryName": {
"type": "string",
"description": "Name of the beneficiary.",
"maxLength": 128,
"example": "John Doe"
},
"bin6": {
"type": "string",
"description": "6-digit bank identification number.",
"maxLength": 6,
"example": "012345"
},
"bin9": {
"type": "string",
"description": "9-digit bank identification number.",
"maxLength": 9,
"example": "012345678"
},
"bin12": {
"type": "string",
"description": "12-digit bank identification number.",
"maxLength": 12,
"example": "012345678901"
},
"branchLocation": {
"type": "string",
"description": "Branch location reference.",
"maxLength": 100,
"example": "City-center"
},
"bulkActionDate": {
"type": "string",
"description": "Date of the action on the bulk payment.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"bulkAmount": {
"type": "string",
"description": "Total amount of a bulk payment.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "3541.54"
},
"bulkHash": {
"type": "string",
"description": "Hash value for a bulk payment.",
"maxLength": 256,
"example": "E3E75B2D51DC91F8B0CC182FFAB159EC2D3AC4CF"
},
"bulkRef": {
"type": "string",
"description": "Bulk payment reference.",
"maxLength": 128,
"example": "BLK123"
},
"challengeResponse": {
"type": "object",
"description": "Challenge generation parameters for standard Challenge-Response authentication.",
"properties": {
"checkDigit": {
"type": "boolean",
"description": "Signifies if a check digit must be appended to the challenge.",
"default": false,
"example": false
},
"length": {
"type": "number",
"description": "Length of the challenge excluding the optional check digit.",
"minimum": 4,
"maximum": 16,
"default": 6,
"example": 6
}
}
},
"clientIP": {
"type": "string",
"description": "IP address where the event originates from formatted in dot-decimal notation. This field is strongly recommended in case the event originates from a web banking application.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"contractRef": {
"type": "string",
"description": "Corporate banking reference for a contract belonging to an external entity for which the corporate user is indirectly acting.",
"maxLength": 150,
"example": "contractid1"
},
"cookieID": {
"type": "string",
"description": "Most persistent cookie from the banking website.",
"maxLength": 250,
"example": "custID=userid1; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Secure; HttpOnly"
},
"cookieSession": {
"type": "string",
"description": "Any other cookies related to the session.",
"maxLength": 4000,
"example": "sessionToken=abc123; MaxAge=1200; Secure; HttpOnly"
},
"credentials": {
"allOf": [
{
"$ref": "#/components/schemas/AuthenticationCredentials"
},
{
"type": "object"
}
]
},
"customDate1": {
"type": "string",
"description": "A customizable date to pass bank information to Risk Analytics.",
"maxLength": 20,
"example": "12-Dec-1988 13:04:55"
},
"customNumber1": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customNumber2": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customNumber3": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customString1": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString2": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString3": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString4": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString5": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString6": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"maxLength": 254,
"example": "devfeedbacktid@onespan.com"
},
"entityRef": {
"type": "string",
"description": "Corporate banking reference for an external entity/company for which the corporate user is indirectly acting.",
"maxLength": 150,
"example": "entityid1"
},
"eventDate": {
"type": "string",
"description": "Date of the event.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"eventMessage": {
"type": "object",
"description": "Message to be displayed on the trusted device.",
"properties": {
"challenge": {
"type": "string",
"description": "Challenge to be displayed on the device.",
"minLength": 1,
"maxLength": 350,
"default": "Please approve this request",
"example": "Please approve this request"
},
"subject": {
"type": "string",
"description": "Subject of the notification message to be displayed on the device.",
"pattern": "[^\\s]",
"minLength": 1,
"maxLength": 42,
"default": "Tap here to confirm event",
"example": "Tap here to confirm event"
},
"title": {
"type": "object",
"properties": {
"text": {
"type": "string",
"description": "Title of the message to be displayed on the device.",
"minLength": 1,
"maxLength": 30,
"default": "Event validation request",
"example": "Event validation request"
},
"formatting": {
"$ref": "#/components/schemas/Formatting"
}
}
},
"options": {
"type": "object",
"properties": {
"askPIN": {
"description": "Indicates if PIN verification (on the device) is required.",
"type": "boolean",
"default": true,
"example": true
},
"cryptoAppIndex": {
"description": "Index of the DIGIPASS application to use for response generation.",
"type": "integer",
"minimum": 1,
"maximum": 8,
"default": 1,
"example": 1
},
"fontTable": {
"description": "Selects the font table (in case multiple font tables are available) which is used to render text on the device.",
"type": "string",
"enum": [
"ISO-8859-15",
"cee",
"greek",
"katakana"
],
"default": "ISO-8859-15",
"example": "ISO-8859-15"
},
"templateNumber": {
"description": "Specifies the page layout template to be used.",
"type": "integer",
"minimum": 0,
"maximum": 15,
"default": 0,
"example": 0
}
}
}
}
},
"eventSubType": {
"type": "string",
"description": "Name of the non-monetary event sub type. String values for numeric keys related to custom event sub types are additionally accepted.",
"enum": [
"HardTokenAuthent",
"PushAuthent",
"PushAuthent2FA",
"SMSAuthent",
"SoftTokenAuthent",
"SoftTokenAuthent2FA"
],
"example": "SoftTokenAuthent"
},
"externalRef": {
"type": "string",
"description": "External reference.",
"maxLength": 128,
"example": "ABC123"
},
"fidoAuthentication": {
"type": "object",
"description": "Parameters used to create AuthenticationRequests.",
"required": [
"fidoProtocol"
],
"properties": {
"fidoProtocol": {
"type": "string",
"description": "FIDO protocol used in this operation.",
"example": "UAF11",
"enum": [
"UAF11",
"FIDO2"
]
},
"userVerification": {
"$ref": "#/components/schemas/UserVerification"
},
"authenticationMessage": {
"type": "string",
"description": "Optional message associated with event signing. UAF only."
}
}
},
"httpHeader": {
"type": "string",
"description": "Client request HTTP header.",
"maxLength": 4000,
"example": "Host: www.onespan.com"
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"maxLength": 250,
"example": "+1 (508) 366 3437"
},
"orchestrationDelivery": {
"type": "array",
"description": "Indicates whether a push notification should be sent, and/or if the orchestration command should be included in the response requestMessage.",
"minItems": 1,
"uniqueItems": true,
"items": {
"type": "string",
"enum": [
"pushNotification",
"requestMessage"
]
},
"default": [
"pushNotification",
"requestMessage"
],
"example": [
"pushNotification",
"requestMessage"
]
},
"parentNmeRef": {
"type": "string",
"description": "Corporate banking reference between multiple steps of non-monetary event initiation, approval and release.",
"maxLength": 128,
"example": "PARENT_NME_REF"
},
"processingStepKey": {
"type": "integer",
"format": "int32",
"description": "Corporate banking step indicator for non-monetary events with x-eyes principle processing.",
"enum": [
10,
20,
30,
40,
50,
60
],
"example": 10
},
"referer": {
"type": "string",
"description": "URL of the webpage triggering the event.",
"maxLength": 4000,
"example": "https://www.onespan.com/"
},
"requestID": {
"type": "string",
"description": "Identifier of the related preceding request.",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"minLength": 36,
"maxLength": 36,
"example": "413b2c39-2d67-4293-9adb-25601731b062"
},
"timeout": {
"type": "integer",
"format": "int32",
"description": "Timeout in seconds to wait for the result from the orchestration process when a push notification was sent to the trusted device.",
"default": 0,
"example": 60,
"minimum": 0,
"maximum": 60
},
"tppRef": {
"type": "string",
"description": "Unique identifier for the Third Party Provider.",
"maxLength": 150,
"example": "..."
},
"userRef": {
"type": "string",
"description": "Corporate user reference.",
"maxLength": 150,
"example": "USER01"
},
"votpDeliveryOverride": {
"type": "string",
"description": "Override for the Virtual OTP delivery method. Value 'session' usable only as part of the optional Custom VOTP Delivery feature (not recommended).",
"enum": [
"session"
],
"example": "session"
}
},
"description": "Input payload for Intelligent Adaptive Authentication non-monetary event requests.",
"example": {
"eventType": "LoginSuccess",
"relationshipRef": "userid1",
"sessionID": "4ED23EA44F23",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"clientIP": "192.168.0.1"
}
},
"AdaptiveLoginInput": {
"type": "object",
"required": [
"objectType",
"cddc",
"relationshipRef",
"sessionID"
],
"properties": {
"objectType": {
"type": "string",
"description": "Input payload object type.",
"enum": [
"AdaptiveLoginInput"
],
"example": "AdaptiveLoginInput"
},
"cddc": {
"type": "object",
"description": "Client device data collector meta data. The two fields browserCDDC and mobileCDDC are mutually exclusive and collectively exhaustive.",
"properties": {
"browserCDDC": {
"$ref": "#/components/schemas/BrowserCDDC"
},
"mobileCDDC": {
"$ref": "#/components/schemas/MobileCDDC"
}
},
"minProperties": 1,
"maxProperties": 1
},
"relationshipRef": {
"type": "string",
"description": "Relationship reference.",
"minLength": 1,
"maxLength": 150,
"example": "userid1"
},
"sessionID": {
"type": "string",
"description": "Application session identifier formatted as a hexadecimal string; common for all events related to the same session.",
"pattern": "^[0-9a-fA-F]+$",
"minLength": 2,
"maxLength": 100,
"example": "4ED23EA44F23"
},
"accountRef": {
"type": "string",
"description": "Customer (bank) account reference.",
"maxLength": 250,
"example": "ACC123"
},
"appLanguage": {
"type": "string",
"description": "Application language.",
"maxLength": 50,
"example": "en-CA"
},
"applicationRef": {
"type": "string",
"description": "Application reference.",
"maxLength": 64,
"example": "com.onespan.tid.myapp"
},
"authentMode": {
"type": "string",
"description": "Authentication mode.",
"maxLength": 2,
"example": "CR"
},
"authentStatus": {
"type": "integer",
"format": "int32",
"description": "Result of the user authentication performed externally. Non-zero results indicate failure to authenticate.",
"example": 0
},
"authentType": {
"type": "string",
"description": "Indicates the level of authentication. Strong customer authentication (SCA) requires at least two-factor authentication.",
"enum": [
"none",
"simple",
"strong"
],
"example": "strong"
},
"behaviorTrained": {
"type": "boolean",
"description": "Indicates whether the behavior server is trained enough for the current user profile to perform an adequate behavioral scoring.",
"example": true
},
"behaviorScore": {
"type": "number",
"format": "double",
"description": "Behavioral score, as computed by the behavior server.",
"minimum": 0,
"maximum": 1,
"example": 0.5
},
"behaviorConfidence": {
"type": "number",
"format": "double",
"description": "Confidence in the behavioral score, as computed by the behavior server.",
"minimum": 0,
"maximum": 1,
"example": 0.5
},
"branchAgent": {
"type": "string",
"description": "Branch agent reference.",
"maxLength": 50
},
"branchLocation": {
"type": "string",
"description": "Branch location reference.",
"maxLength": 100,
"example": "City-center"
},
"challengeResponse": {
"type": "object",
"description": "Challenge generation parameters for standard Challenge-Response authentication.",
"properties": {
"checkDigit": {
"type": "boolean",
"description": "Signifies if a check digit must be appended to the challenge.",
"default": false,
"example": false
},
"length": {
"type": "number",
"description": "Length of the challenge excluding the optional check digit.",
"minimum": 4,
"maximum": 16,
"default": 6,
"example": 6
}
}
},
"clientIP": {
"type": "string",
"description": "IP address where the event originates from formatted in dot-decimal notation. This field is strongly recommended in case the event originates from a web banking application.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"contractRef": {
"type": "string",
"description": "Corporate banking reference for a contract belonging to an external entity for which the corporate user is indirectly acting.",
"maxLength": 150,
"example": "contractid1"
},
"cookieID": {
"type": "string",
"description": "Most persistent cookie from the banking website.",
"maxLength": 250,
"example": "custID=userid1; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Secure; HttpOnly"
},
"cookieSession": {
"type": "string",
"description": "Any other cookies related to the session.",
"maxLength": 4000,
"example": "sessionToken=abc123; MaxAge=1200; Secure; HttpOnly"
},
"credentials": {
"allOf": [
{
"$ref": "#/components/schemas/AuthenticationCredentials"
},
{
"type": "object"
}
]
},
"customDate1": {
"type": "string",
"description": "Custom date field to pass bank information.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"customNumber1": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customNumber2": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customNumber3": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customString1": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString2": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString3": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString4": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString5": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString6": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"maxLength": 254,
"example": "devfeedbacktid@onespan.com"
},
"entityRef": {
"type": "string",
"description": "Corporate banking reference for an external entity/company for which the corporate user is indirectly acting.",
"maxLength": 150,
"example": "entityid1"
},
"eventDate": {
"type": "string",
"description": "Date of the event.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"eventSubType": {
"type": "string",
"description": "Type of authenticator used for the event. String values for numeric keys related to custom event sub types are additionally accepted.",
"enum": [
"HardTokenAuthent",
"PushAuthent",
"PushAuthent2FA",
"SMSAuthent",
"SoftTokenAuthent",
"SoftTokenAuthent2FA"
],
"example": "SoftTokenAuthent"
},
"externalRef": {
"type": "string",
"description": "External reference.",
"maxLength": 128,
"example": "ABC123"
},
"fidoAuthentication": {
"type": "object",
"description": "Parameters used to create AuthenticationRequests.",
"required": [
"fidoProtocol"
],
"properties": {
"fidoProtocol": {
"type": "string",
"description": "FIDO protocol used in this operation.",
"example": "UAF11",
"enum": [
"UAF11",
"FIDO2"
]
},
"userVerification": {
"$ref": "#/components/schemas/UserVerification"
},
"authenticationMessage": {
"type": "string",
"description": "Optional message associated with authentication. UAF only."
}
}
},
"httpHeader": {
"type": "string",
"description": "Client request HTTP header.",
"maxLength": 4000,
"example": "Host: www.onespan.com"
},
"loginMessage": {
"type": "object",
"description": "Message to be displayed on the trusted device.",
"properties": {
"challenge": {
"type": "string",
"description": "Challenge to be displayed on the device.",
"minLength": 1,
"maxLength": 350,
"default": "Are you trying to log in?",
"example": "Are you trying to log in?"
},
"subject": {
"type": "string",
"description": "Subject of the notification message to be displayed on the device.",
"pattern": "[^\\s]",
"minLength": 1,
"maxLength": 42,
"default": "Tap here to confirm login",
"example": "Tap here to confirm login"
},
"title": {
"type": "object",
"properties": {
"text": {
"type": "string",
"description": "Title of the message to be displayed on the device.",
"minLength": 1,
"maxLength": 30,
"default": "Login request",
"example": "Login request"
},
"formatting": {
"$ref": "#/components/schemas/Formatting"
}
}
},
"options": {
"type": "object",
"properties": {
"askPIN": {
"description": "Indicates if PIN verification (on the device) is required.",
"type": "boolean",
"default": true,
"example": true
},
"cryptoAppIndex": {
"description": "Index of the DIGIPASS application to use for response generation.",
"type": "integer",
"minimum": 1,
"maximum": 8,
"default": 1,
"example": 1
},
"fontTable": {
"description": "Selects the font table (in case multiple font tables are available) which is used to render text on the device.",
"type": "string",
"enum": [
"ISO-8859-15",
"cee",
"greek",
"katakana"
],
"default": "ISO-8859-15",
"example": "ISO-8859-15"
},
"templateNumber": {
"description": "Specifies the page layout template to be used.",
"type": "integer",
"minimum": 0,
"maximum": 15,
"default": 0,
"example": 0
}
}
}
}
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"maxLength": 250,
"example": "+1 (508) 366 3437"
},
"orchestrationDelivery": {
"type": "array",
"description": "Indicates whether a push notification should be sent, and/or if the orchestration command should be included in the response requestMessage.",
"minItems": 1,
"uniqueItems": true,
"items": {
"type": "string",
"enum": [
"pushNotification",
"requestMessage"
]
},
"default": [
"pushNotification",
"requestMessage"
],
"example": [
"pushNotification",
"requestMessage"
]
},
"referer": {
"type": "string",
"description": "URL of the webpage registering the event.",
"maxLength": 4000,
"example": "https://www.onespan.com/"
},
"requestID": {
"type": "string",
"description": "Identifier of the related preceding request.",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"minLength": 36,
"maxLength": 36,
"example": "413b2c39-2d67-4293-9adb-25601731b062"
},
"timeout": {
"type": "integer",
"format": "int32",
"description": "Timeout in seconds to wait for the result from the orchestration process when a push notification was sent to the trusted device.",
"default": 0,
"example": 60,
"minimum": 0,
"maximum": 60
},
"tppRef": {
"type": "string",
"description": "Unique identifier for the Third Party Provider.",
"maxLength": 150,
"example": "..."
},
"userRef": {
"type": "string",
"description": "Corporate user reference.",
"maxLength": 150,
"example": "USER01"
},
"votpDeliveryOverride": {
"type": "string",
"description": "Override for the Virtual OTP delivery method. Value 'session' usable only as part of the optional Custom VOTP Delivery feature (not recommended).",
"enum": [
"session"
],
"example": "session"
}
},
"description": "Input payload for Intelligent Adaptive Authentication login requests.",
"example": {
"objectType": "AdaptiveLoginInput",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"relationshipRef": "userid1",
"sessionID": "4ED23EA44F23",
"clientIP": "192.168.0.1",
"credentials": {
"authenticator": {
"PIN": "1234",
"OTP": "123456",
"serialNumber": "VDS1234567"
}
},
"requestID": "413b2c39-2d67-4293-9adb-25601731b062"
}
},
"AdaptiveRegisterUserInput": {
"type": "object",
"required": [
"objectType",
"cddc",
"relationshipRef",
"sessionID",
"userID"
],
"properties": {
"objectType": {
"type": "string",
"description": "Input payload object type.",
"enum": [
"AdaptiveRegisterUserInput"
],
"example": "AdaptiveRegisterUserInput"
},
"cddc": {
"type": "object",
"description": "Client device data collector meta data. The two fields browserCDDC and mobileCDDC are mutually exclusive and collectively exhaustive.",
"properties": {
"browserCDDC": {
"$ref": "#/components/schemas/BrowserCDDC"
},
"mobileCDDC": {
"$ref": "#/components/schemas/MobileCDDC"
}
},
"minProperties": 1,
"maxProperties": 1
},
"relationshipRef": {
"type": "string",
"description": "Relationship reference.",
"minLength": 1,
"maxLength": 150,
"example": "userid1"
},
"staticPassword": {
"type": "string",
"description": "Static password for the user.",
"minLength": 8,
"maxLength": 255,
"example": "Test1234"
},
"sessionID": {
"type": "string",
"description": "Application session identifier formatted as a hexadecimal string; common for all transactions related to the same session.",
"pattern": "^[0-9a-fA-F]+$",
"minLength": 2,
"maxLength": 100,
"example": "4ED23EA44F23"
},
"userID": {
"type": "string",
"description": "Identifier for the user. Combined with the domain provides a unique identifier for the user.",
"minLength": 1,
"maxLength": 255,
"example": "userid1"
},
"activationType": {
"type": "string",
"description": "Indicates if the authenticator assigned to the user must be activated using online or offline multi-device licensing (MDL) activation.",
"enum": [
"offlineMDL",
"onlineMDL"
],
"default": "onlineMDL"
},
"addressCity": {
"type": "string",
"description": "City/town part of the user address.",
"maxLength": 250,
"example": "Chicago"
},
"addressCountry": {
"$ref": "#/components/schemas/CountryCode"
},
"addressCounty": {
"type": "string",
"description": "County part of the user address.",
"maxLength": 250,
"example": "Cook"
},
"addressDistrict": {
"type": "string",
"description": "District part of the user address.",
"maxLength": 250,
"example": "Loop"
},
"addressName": {
"type": "string",
"description": "Full name of the user.",
"maxLength": 100,
"example": "OneSpan Inc."
},
"addressNumber": {
"type": "string",
"description": "House number part of the user address.",
"maxLength": 100,
"example": "121"
},
"addressPostCode": {
"type": "string",
"description": "Postal code part of the user address.",
"maxLength": 100,
"example": "60601"
},
"addressStreet": {
"type": "string",
"description": "Street part of the user street.",
"maxLength": 250,
"example": "West Wacker Drive"
},
"appLanguage": {
"type": "string",
"description": "Application language.",
"maxLength": 50,
"example": "en-CA"
},
"applicationRef": {
"type": "string",
"description": "Application reference.",
"maxLength": 64,
"example": "com.onespan.tid.myapp"
},
"authenticatorDescription": {
"type": "string",
"description": "Reference associated with the authenticator instances activated for this user account. Applicable only for multi-device licensing (MDL) activation, will be applied only to instances resulting from this call, not the license.",
"pattern": "^(?=^\\S)(?=.*\\S$)[^\\x00-\\x1F\\x7F]{1,255}$",
"minLength": 1,
"maxLength": 255,
"example": "Mobile authenticator for Android activated on 2021-02-11 for userid1"
},
"authentStatus": {
"type": "integer",
"format": "int32",
"description": "Result of the user authentication performed externally. Non-zero results indicate failure to authenticate.",
"example": 0
},
"clientIP": {
"type": "string",
"description": "IP address where the event originates from formatted in dot-decimal notation. This field is strongly recommended in case the event originates from a web banking application.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"cookieID": {
"type": "string",
"description": "Most persistent cookie from the banking website.",
"maxLength": 250,
"example": "custID=userid1; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Secure; HttpOnly"
},
"cookieSession": {
"type": "string",
"description": "Any other cookies related to the session.",
"maxLength": 4000,
"example": "sessionToken=abc123; MaxAge=1200; Secure; HttpOnly"
},
"digipassType": {
"type": "string",
"description": "DIGIPASS type of the authenticator to be assigned.",
"minLength": 5,
"maxLength": 5,
"default": "DAL10",
"example": "DAL10"
},
"domain": {
"type": "string",
"description": "Domain in which the user account resides. If omitted, the default domain is used.",
"maxLength": 255,
"example": "domain1"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"maxLength": 254,
"example": "devfeedbacktid@onespan.com"
},
"eventDate": {
"type": "string",
"description": "Date of the event.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"eventSubType": {
"type": "string",
"description": "Name of the non-monetary event sub type. String values for numeric keys related to custom event sub types are additionally accepted.",
"enum": [
"SMSAuthent",
"SoftTokenAuthent",
"HardTokenAuthent",
"PushAuthent",
"PushAuthent2FA",
"SoftTokenAuthent2FA"
],
"example": "SoftTokenAuthent"
},
"externalRef": {
"type": "string",
"description": "External reference.",
"maxLength": 128,
"example": "ABC123"
},
"httpHeader": {
"type": "string",
"description": "Client request HTTP header.",
"maxLength": 4000,
"example": "Host: www.onespan.com"
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"maxLength": 250,
"example": "+1 (508) 366 3437"
},
"phoneNumber": {
"type": "string",
"description": "Telephone number of the user.",
"pattern": "^[\\+\\-\\(\\)0-9 ]{0,20}$",
"maxLength": 20,
"example": "+1 (508) 366 3437"
},
"postalAddress": {
"type": "string",
"description": "Customer full address.",
"maxLength": 4000,
"example": "121 West Wacker Drive, Suite 2050, Chicago, IL 60601, USA"
},
"referer": {
"type": "string",
"description": "URL of the webpage triggering the transaction.",
"maxLength": 4000,
"example": "https://www.onespan.com/"
},
"serialNumber": {
"type": "string",
"description": "Serial number of the authenticator to be assigned. This field is ignored for online multi-device licensing (MDL) activation.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
},
"userRef": {
"type": "string",
"description": "Corporate user reference.",
"maxLength": 150,
"example": "USER01"
}
},
"description": "Input payload for Intelligent Adaptive Authentication user registration.",
"example": {
"objectType": "AdaptiveRegisterUserInput",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"clientIP": "192.168.0.1",
"relationshipRef": "userid1",
"staticPassword": "Test1234",
"sessionID": "4ED23EA44F23",
"userID": "userid1"
}
},
"AdaptiveTransactionValidationInput": {
"type": "object",
"required": [
"objectType",
"accountRef",
"amount",
"cddc",
"currency",
"data",
"relationshipRef",
"sessionID",
"transactionType"
],
"properties": {
"objectType": {
"type": "string",
"description": "Input payload object type.",
"enum": [
"AdaptiveTransactionValidationInput"
],
"example": "AdaptiveTransactionValidationInput"
},
"accountRef": {
"type": "string",
"description": "Customer (bank) account reference.",
"minLength": 1,
"maxLength": 250,
"example": "ACC123"
},
"amount": {
"type": "string",
"description": "Transaction amount.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "1064.99"
},
"cddc": {
"type": "object",
"description": "Client device data collector meta data. The two fields browserCDDC and mobileCDDC are mutually exclusive and collectively exhaustive.",
"properties": {
"browserCDDC": {
"$ref": "#/components/schemas/BrowserCDDC"
},
"mobileCDDC": {
"$ref": "#/components/schemas/MobileCDDC"
}
},
"minProperties": 1,
"maxProperties": 1
},
"currency": {
"type": "string",
"description": "Transaction currency.",
"minLength": 1,
"maxLength": 3,
"example": "EUR"
},
"data": {
"type": "object",
"description": "Signature validation data. Fields are mutually exclusive and collectively exhaustive.",
"properties": {
"fidoTransactionMessage": {
"type": "object",
"description": "Parameters used to create AuthenticationRequests.",
"required": [
"fidoProtocol"
],
"properties": {
"fidoProtocol": {
"type": "string",
"description": "FIDO protocol used in this operation.",
"example": "UAF11",
"enum": [
"UAF11"
]
},
"authenticationMessage": {
"type": "string",
"description": "A message containing the transaction data that are displayed to the user when signing."
}
}
},
"fido": {
"type": "object",
"description": "Object used to transfer FIDO AuthenticationResponse.",
"required": [
"authenticationResponse",
"requestID"
],
"properties": {
"authenticationResponse": {
"type": "string",
"description": "AuthenticationResponse from respective FIDO protocol."
},
"requestID": {
"description": "Mandatory Identifier of the request which started the session.",
"type": "string",
"example": "413b2c39-2d67-4293-9adb-25601731b062",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"minLength": 36,
"maxLength": 36
},
"cidPublicKey": {
"type": "string",
"description": "Base64url-encoded TLS Channel ID, only applicable for UAF11."
},
"tlsUnique": {
"type": "string",
"description": "Base64url-encoded tls-unique channel binding value, only applicable for UAF11."
}
}
},
"standard": {
"type": "object",
"description": "Standard signature validation input.",
"required": [
"dataFields",
"signature"
],
"properties": {
"dataFields": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 16
},
"minItems": 1,
"maxItems": 8
},
"signature": {
"type": "string",
"description": "Signature for the transaction data.",
"minLength": 6,
"maxLength": 16,
"example": "123456"
}
}
},
"secureChannel": {
"type": "object",
"description": "Secure Channel transaction data signing input. If the signature field is not present, push notification to the mobile device is attempted.",
"required": [
"requestID"
],
"properties": {
"requestID": {
"type": "string",
"description": "Identifier of the related preceding request.",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"example": "413b2c39-2d67-4293-9adb-25601731b062"
},
"signature": {
"type": "string",
"description": "Signature for the transaction data.",
"minLength": 6,
"maxLength": 16,
"example": "123456"
}
}
},
"transactionMessage": {
"type": "object",
"description": "Orchestration transaction data signing input. Delivery method for this transaction message is specified in the orchestrationDelivery field.",
"required": [
"dataFields"
],
"properties": {
"dataFields": {
"description": "Array of key/value pairs representing the data fields of the transaction context.",
"type": "array",
"items": {
"type": "object",
"required": [
"key",
"value"
],
"properties": {
"key": {
"type": "object",
"required": [
"text"
],
"properties": {
"text": {
"type": "string",
"description": "Data field key.",
"minLength": 1
},
"formatting": {
"$ref": "#/components/schemas/Formatting"
}
}
},
"value": {
"type": "object",
"required": [
"text"
],
"properties": {
"text": {
"type": "string",
"description": "Data field value.",
"minLength": 1
},
"formatting": {
"$ref": "#/components/schemas/Formatting"
}
}
}
}
},
"minItems": 1
},
"subject": {
"type": "string",
"description": "Subject of the notification message to be displayed on the device.",
"pattern": "[^\\s]",
"minLength": 1,
"maxLength": 42,
"default": "Tap here to confirm transaction",
"example": "Tap here to confirm transaction"
},
"title": {
"type": "object",
"properties": {
"text": {
"type": "string",
"description": "Title of the message to be displayed on the device.",
"minLength": 1,
"maxLength": 30,
"default": "Transaction validation request",
"example": "Transaction validation request"
},
"formatting": {
"$ref": "#/components/schemas/Formatting"
}
}
},
"options": {
"type": "object",
"properties": {
"askApproval": {
"description": "Indicates if confirmation of the transaction data is required before the MAC is generated.",
"type": "boolean",
"default": true,
"example": true
},
"askPIN": {
"description": "Indicates if PIN verification (on the device) is required.",
"type": "boolean",
"default": true,
"example": true
},
"cryptoAppIndex": {
"description": "Index of the DIGIPASS application to use for response generation.",
"type": "integer",
"minimum": 1,
"maximum": 8,
"default": 1,
"example": 1
},
"fontTable": {
"description": "Selects the font table (in case multiple font tables are available) which is used to render text on the device.",
"type": "string",
"enum": [
"ISO-8859-15",
"cee",
"greek",
"katakana"
],
"default": "ISO-8859-15",
"example": "ISO-8859-15"
},
"showData": {
"description": "Indicates if the transaction context must be rendered on the device.",
"type": "boolean",
"default": true,
"example": true
},
"showMAC": {
"description": "Indicates if the generated MAC must be displayed on the device.",
"type": "boolean",
"default": true,
"example": true
},
"showWarning": {
"description": "Indicates if a predefined warning message must be displayed on the device.",
"type": "boolean",
"default": true,
"example": true
},
"templateNumber": {
"description": "Specifies the page layout template to be used.",
"type": "integer",
"minimum": 0,
"maximum": 15,
"default": 0,
"example": 0
}
}
}
}
}
},
"minProperties": 1,
"maxProperties": 1
},
"relationshipRef": {
"type": "string",
"description": "Relationship reference.",
"minLength": 1,
"maxLength": 150,
"example": "userid1"
},
"sessionID": {
"type": "string",
"description": "Application session identifier formatted as a hexadecimal string; common for all transactions related to the same session.",
"pattern": "^[0-9a-fA-F]+$",
"minLength": 2,
"maxLength": 100,
"example": "4ED23EA44F23"
},
"transactionType": {
"type": "string",
"description": "Name of the transaction type. String values for numeric keys related to custom transaction types are additionally accepted.",
"enum": [
"ExternalCharityTransfer",
"ExternalCharityTransferPresentment",
"ExternalCharityTransferRelease",
"ExternalTransfer",
"ExternalTransferBillPayments",
"ExternalTransferBillPaymentsPresentment",
"ExternalTransferBillPaymentsRelease",
"ExternalTransferCCPayments",
"ExternalTransferCCPaymentsPresentment",
"ExternalTransferCCPaymentsRelease",
"ExternalTransferInternational",
"ExternalTransferInternationalPresentment",
"ExternalTransferInternationalRelease",
"ExternalTransferInternationalReleaseApprove",
"ExternalTransferInternationalReleaseReject",
"ExternalTransferLocalCountry",
"ExternalTransferLocalCountryPresentment",
"ExternalTransferLocalCountryRelease",
"ExternalTransferLocalCountryReleaseApprove",
"ExternalTransferLocalCountryReleaseReject",
"ExternalTransferP2PPayments",
"ExternalTransferP2PPaymentsPresentment",
"ExternalTransferP2PPaymentsRelease",
"ExternalTransferPresentment",
"ExternalTransferRelease",
"ExternalTransferReleaseApprove",
"ExternalTransferReleaseDefer",
"ExternalTransferReleaseReject",
"GroupPaymentsPresentment",
"GroupPaymentsRelease",
"InternalCharityTransfer",
"InternalCharityTransferPresentment",
"InternalCharityTransferRelease",
"InternalCustomerTransfer",
"InternalCustomerTransferPresentment",
"InternalCustomerTransferRelease",
"InternalCustomerTransferReleaseApprove",
"InternalCustomerTransferReleaseReject",
"InternalTransfer",
"InternalTransferOtherCreditCard",
"InternalTransferOtherCreditCardPresentment",
"InternalTransferOtherCreditCardRelease",
"InternalTransferOwnCreditCard",
"InternalTransferOwnCreditCardPresentment",
"InternalTransferOwnCreditCardRelease",
"InternalTransferOwnPrepaidCard",
"InternalTransferPresentment",
"InternalTransferRelease",
"InternalTransferReleaseApprove",
"InternalTransferReleaseReject",
"MobileExternalCharityTransfer",
"MobileExternalTransfer",
"MobileExternalTransferBillPayments",
"MobileExternalTransferCCPayments",
"MobileExternalTransferInternational",
"MobileExternalTransferLocalCountry",
"MobileExternalTransferP2PPayments",
"MobileInternalCharityTransfer",
"MobileInternalCustomerTransfer",
"MobileInternalTransfer",
"MobileInternalTransferOtherCreditCard",
"MobileInternalTransferOwnCreditCard",
"MobileInternalTransferOwnPrepaidCard",
"MobileSignedExternalCharityTransfer",
"MobileSignedExternalTransfer",
"MobileSignedExternalTransferBillPayments",
"MobileSignedExternalTransferCCPayments",
"MobileSignedExternalTransferInternational",
"MobileSignedExternalTransferLocalCountry",
"MobileSignedExternalTransferP2PPayments",
"MobileSignedInternalCharityTransfer",
"MobileSignedInternalCustomerTransfer",
"MobileSignedInternalTransfer",
"MobileSignedInternalTransferOtherCreditCard",
"MobileSignedInternalTransferOwnCreditCard",
"MobileSignedInternalTransferOwnPrepaidCard",
"SignedExternalCharityTransfer",
"SignedExternalTransfer",
"SignedExternalTransferBillPayments",
"SignedExternalTransferCCPayments",
"SignedExternalTransferInternational",
"SignedExternalTransferInternationalPresentment",
"SignedExternalTransferInternationalRelease",
"SignedExternalTransferInternationalReleaseApprove",
"SignedExternalTransferInternationalReleaseReject",
"SignedExternalTransferLocalCountry",
"SignedExternalTransferLocalCountryPresentment",
"SignedExternalTransferLocalCountryRelease",
"SignedExternalTransferLocalCountryReleaseApprove",
"SignedExternalTransferLocalCountryReleaseReject",
"SignedExternalTransferP2PPayments",
"SignedExternalTransferPresentment",
"SignedExternalTransferRelease",
"SignedExternalTransferReleaseApprove",
"SignedExternalTransferReleaseDefer",
"SignedExternalTransferReleaseReject",
"SignedInternalCharityTransfer",
"SignedInternalCustomerTransfer",
"SignedInternalCustomerTransferPresentment",
"SignedInternalCustomerTransferRelease",
"SignedInternalCustomerTransferReleaseApprove",
"SignedInternalCustomerTransferReleaseReject",
"SignedInternalTransfer",
"SignedInternalTransferOtherCreditCard",
"SignedInternalTransferOwnCreditCard",
"SignedInternalTransferOwnPrepaidCard",
"SignedInternalTransferPresentment",
"SignedInternalTransferRelease",
"SignedInternalTransferReleaseApprove",
"SignedInternalTransferReleaseReject",
"TPPExternalTransfer",
"TPPExternalTransferInternational",
"TPPExternalTransferLocalCountry",
"TPPInternalCustomerTransfer",
"TPPInternalTransfer",
"TPPSignedExternalTransfer",
"TPPSignedExternalTransferInternational",
"TPPSignedExternalTransferLocalCountry",
"TPPSignedInternalCustomerTransfer",
"TPPSignedInternalTransfer",
"TrustedDeviceInternalCustTransferValidation",
"TrustedDeviceTransferValidation"
],
"example": "InternalCustomerTransfer"
},
"addressCity": {
"type": "string",
"description": "City/town part of the user address.",
"maxLength": 250,
"example": "Chicago"
},
"addressCountry": {
"$ref": "#/components/schemas/CountryCode"
},
"addressCounty": {
"type": "string",
"description": "County part of the user address.",
"maxLength": 250,
"example": "Cook"
},
"addressDistrict": {
"type": "string",
"description": "District part of the user address.",
"maxLength": 250,
"example": "Loop"
},
"addressName": {
"type": "string",
"description": "Full name of the user.",
"maxLength": 100,
"example": "OneSpan Inc."
},
"addressNumber": {
"type": "string",
"description": "House number part of the user address.",
"maxLength": 100,
"example": "121"
},
"addressPostCode": {
"type": "string",
"description": "Postal code part of the user address.",
"maxLength": 100,
"example": "60601"
},
"addressStreet": {
"type": "string",
"description": "Street part of the user street.",
"maxLength": 250,
"example": "West Wacker Drive"
},
"amountCashback": {
"type": "string",
"description": "Cash-back amount.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "100"
},
"amountComm": {
"type": "string",
"description": "Commission on the transaction.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "20"
},
"amountSettle": {
"type": "string",
"description": "Transaction settlement amount.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "200"
},
"amountTxn": {
"type": "string",
"description": "Transaction amount in the customer currency.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "1174.49"
},
"appLanguage": {
"type": "string",
"description": "Application language.",
"maxLength": 50,
"example": "en-CA"
},
"applicationRef": {
"type": "string",
"description": "Application reference.",
"maxLength": 64,
"example": "com.onespan.tid.myapp"
},
"authentMode": {
"type": "string",
"description": "Authentication mode.",
"maxLength": 2,
"example": "CR"
},
"authentStatus": {
"type": "integer",
"format": "int32",
"description": "Result of the user authentication performed externally. Non-zero results indicate failure to authenticate.",
"example": 0
},
"authentType": {
"type": "string",
"description": "Indicates the level of authentication. Strong customer authentication (SCA) requires at least two-factor authentication.",
"enum": [
"none",
"simple",
"strong"
],
"example": "strong"
},
"availableAmount": {
"type": "string",
"description": "Amount available.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "99999"
},
"behaviorTrained": {
"type": "boolean",
"description": "Indicates whether the behavior server is trained enough for the current user profile to perform an adequate behavioral scoring.",
"example": true
},
"behaviorScore": {
"type": "number",
"format": "double",
"description": "Behavioral score, as computed by the behavior server.",
"minimum": 0,
"maximum": 1,
"example": 0.5
},
"behaviorConfidence": {
"type": "number",
"format": "double",
"description": "Confidence in the behavioral score, as computed by the behavior server.",
"minimum": 0,
"maximum": 1,
"example": 0.5
},
"bin6": {
"type": "string",
"description": "6-digit bank identification number.",
"maxLength": 6,
"example": "012345"
},
"bin7": {
"type": "string",
"description": "7-digit bank identification number.",
"maxLength": 7,
"example": "0123456"
},
"bin8": {
"type": "string",
"description": "8-digit bank identification number.",
"maxLength": 8,
"example": "01234567"
},
"bin9": {
"type": "string",
"description": "9-digit bank identification number.",
"maxLength": 9,
"example": "012345678"
},
"bin12": {
"type": "string",
"description": "12-digit bank identification number.",
"maxLength": 12,
"example": "012345678901"
},
"branchLocation": {
"type": "string",
"description": "Branch location reference.",
"maxLength": 100,
"example": "City-center"
},
"bulkActionDate": {
"type": "string",
"description": "Date of the action on the bulk payment.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"bulkRef": {
"type": "string",
"description": "Bulk payment reference.",
"maxLength": 128,
"example": "BLK123"
},
"clientIP": {
"type": "string",
"description": "IP address where the event originates from formatted in dot-decimal notation. This field is strongly recommended in case the event originates from a web banking application.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"contractRef": {
"type": "string",
"description": "Corporate banking reference for a contract belonging to an external entity for which the corporate user is indirectly acting.",
"maxLength": 150,
"example": "contractid1"
},
"cookieID": {
"type": "string",
"description": "Most persistent cookie from the banking website.",
"maxLength": 250,
"example": "custID=userid1; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Secure; HttpOnly"
},
"cookieSession": {
"type": "string",
"description": "Any other cookies related to the session.",
"maxLength": 4000,
"example": "sessionToken=abc123; MaxAge=1200; Secure; HttpOnly"
},
"creditorBank": {
"type": "string",
"description": "Name of the creditor bank.",
"maxLength": 50,
"example": "MYBANK"
},
"creditorBankCountry": {
"$ref": "#/components/schemas/CountryCode"
},
"creditorIBAN": {
"type": "string",
"description": "Creditor international bank account number (IBAN).",
"maxLength": 96,
"example": "BE68539007547034"
},
"creditorName": {
"type": "string",
"description": "Name of the creditor.",
"maxLength": 128,
"example": "John Doe"
},
"creditorOtherInstruction": {
"type": "string",
"description": "Field used to identify if beneficiary account is located in customer address book (0: not in address book, 1: in address book).",
"maxLength": 1000,
"example": "0"
},
"creditorRef": {
"type": "string",
"description": "Creditor bank account reference.",
"maxLength": 128,
"example": "ACC123"
},
"currencyConvRate": {
"type": "string",
"description": "Currency conversion rate.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "1.1"
},
"currencySettle": {
"type": "string",
"description": "Currency settlement.",
"maxLength": 3,
"example": "EUR"
},
"currencyTxn": {
"type": "string",
"description": "Customer currency.",
"maxLength": 3,
"example": "USD"
},
"customDate1": {
"type": "string",
"description": "A customizable date to pass bank information to Risk Analytics.",
"maxLength": 20,
"example": "12-Dec-1988 13:04:55"
},
"customNumber1": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customNumber2": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customNumber3": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customString1": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString2": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString3": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString4": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString5": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString6": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"debtorCountry": {
"$ref": "#/components/schemas/CountryCode"
},
"debtorIBAN": {
"type": "string",
"description": "Debtor international bank account number (IBAN).",
"maxLength": 96,
"example": "BE71096123456769"
},
"debtorName": {
"type": "string",
"description": "Name of the debtor.",
"maxLength": 128,
"example": "Jane Doe"
},
"debtorRef": {
"type": "string",
"description": "Debtor bank account reference.",
"maxLength": 128,
"example": "AC12345678902"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"maxLength": 254,
"example": "devfeedbacktid@onespan.com"
},
"entityRef": {
"type": "string",
"description": "Corporate banking reference for an external entity/company for which the corporate user is indirectly acting.",
"maxLength": 150,
"example": "entityid1"
},
"executionDate": {
"type": "string",
"description": "Transaction execution date.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"externalRef": {
"type": "string",
"description": "External reference.",
"maxLength": 128,
"example": "ABC123"
},
"httpHeader": {
"type": "string",
"description": "Client request HTTP header.",
"maxLength": 4000,
"example": "Host: www.onespan.com"
},
"localDate": {
"type": "string",
"description": "Local date and time that can represent the local terminal transaction time (dd-mmm-yyyy hh:mm:ss).",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"maxLength": 250,
"example": "+1 (508) 366 3437"
},
"orchestrationDelivery": {
"type": "array",
"description": "Indicates whether a push notification should be sent, and/or if the orchestration command should be included in the response requestMessage.",
"minItems": 1,
"uniqueItems": true,
"items": {
"type": "string",
"enum": [
"pushNotification",
"requestMessage"
]
},
"default": [
"pushNotification",
"requestMessage"
],
"example": [
"pushNotification",
"requestMessage"
]
},
"PAN": {
"type": "string",
"description": "Primary account number (PAN).",
"maxLength": 2000,
"example": "0123456789876543"
},
"parentTxnRef": {
"type": "string",
"description": "Corporate banking reference between multiple steps of transaction initiation, approval and release.",
"maxLength": 128,
"example": "TX12345678"
},
"paymentMessage": {
"type": "string",
"description": "Reason text or comments related to the transaction.",
"maxLength": 2000,
"example": "Test payment in USD"
},
"postalAddress": {
"type": "string",
"description": "Customer full address.",
"maxLength": 4000,
"example": "121 West Wacker Drive, Suite 2050, Chicago, IL 60601, USA"
},
"processingStepKey": {
"type": "integer",
"format": "int32",
"description": "Corporate banking step indicator for transactions with x-eyes principle processing.",
"enum": [
10,
20,
30,
40,
50,
60
],
"example": 10
},
"reasonCode": {
"type": "string",
"description": "Reason code related to the transaction.",
"maxLength": 50,
"example": "0"
},
"referer": {
"type": "string",
"description": "URL of the webpage triggering the transaction.",
"maxLength": 4000,
"example": "https://www.onespan.com/"
},
"settlementDate": {
"type": "string",
"description": "Transaction settlement date.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"timeout": {
"type": "integer",
"format": "int32",
"description": "Timeout in seconds to wait for the result from the orchestration process when a push notification was sent to the trusted device.",
"default": 0,
"example": 60,
"minimum": 0,
"maximum": 60
},
"tppRef": {
"type": "string",
"description": "Unique identifier for the Third Party Provider.",
"maxLength": 150,
"example": "..."
},
"transactionDate": {
"type": "string",
"description": "Date of the transaction.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"transactionSubType": {
"type": "string",
"description": "Transaction sub type. String values for numeric keys related to custom transaction sub types are additionally accepted.",
"enum": [
"Dated",
"OneTime",
"Recurring",
"RecurringSubsequent"
],
"example": "OneTime"
},
"userRef": {
"type": "string",
"description": "Corporate user reference.",
"maxLength": 150,
"example": "USER01"
}
},
"description": "Input payload for Intelligent Adaptive Authentication transaction requests.",
"example": {
"objectType": "AdaptiveTransactionValidationInput",
"accountRef": "ACC123",
"amount": "1064.99",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"currency": "EUR",
"data": {
"transactionMessage": {
"dataFields": [
{
"key": {
"text": "Transaction Value"
},
"value": {
"text": "EUR 1064.99"
}
}
]
}
},
"relationshipRef": "userid1",
"sessionID": "4ED23EA44F23",
"transactionType": "ExternalTransfer",
"clientIP": "192.168.0.1",
"creditorBank": "MYBANK",
"creditorIBAN": "BE68539007547034",
"creditorName": "John Doe",
"creditorOtherInstruction": "0",
"debtorIBAN": "BE71096123456769",
"timeout": 60
}
},
"AdaptiveUnregisterUserInput": {
"type": "object",
"required": [
"objectType",
"cddc",
"relationshipRef",
"sessionID"
],
"properties": {
"objectType": {
"type": "string",
"description": "Input payload object type.",
"enum": [
"AdaptiveUnregisterUserInput"
],
"example": "AdaptiveUnregisterUserInput"
},
"cddc": {
"type": "object",
"description": "Client device data collector meta data. The two fields browserCDDC and mobileCDDC are mutually exclusive and collectively exhaustive.",
"properties": {
"browserCDDC": {
"$ref": "#/components/schemas/BrowserCDDC"
},
"mobileCDDC": {
"$ref": "#/components/schemas/MobileCDDC"
}
},
"minProperties": 1,
"maxProperties": 1
},
"relationshipRef": {
"type": "string",
"description": "Relationship reference.",
"minLength": 1,
"maxLength": 150,
"example": "userid1"
},
"sessionID": {
"type": "string",
"description": "Application session identifier formatted as a hexadecimal string; common for all transactions related to the same session.",
"pattern": "^[0-9a-fA-F]+$",
"minLength": 2,
"maxLength": 100,
"example": "4ED23EA44F23"
},
"addressCity": {
"type": "string",
"description": "City/town part of the user address.",
"maxLength": 250,
"example": "Chicago"
},
"addressCountry": {
"$ref": "#/components/schemas/CountryCode"
},
"addressCounty": {
"type": "string",
"description": "County part of the user address.",
"maxLength": 250,
"example": "Cook"
},
"addressDistrict": {
"type": "string",
"description": "District part of the user address.",
"maxLength": 250,
"example": "Loop"
},
"addressName": {
"type": "string",
"description": "Full name of the user.",
"maxLength": 100,
"example": "OneSpan Inc."
},
"addressNumber": {
"type": "string",
"description": "House number part of the user address.",
"maxLength": 100,
"example": "121"
},
"addressPostCode": {
"type": "string",
"description": "Postal code part of the user address.",
"maxLength": 100,
"example": "60601"
},
"addressStreet": {
"type": "string",
"description": "Street part of the user street.",
"maxLength": 250,
"example": "West Wacker Drive"
},
"appLanguage": {
"type": "string",
"description": "Application language.",
"maxLength": 50,
"example": "en-CA"
},
"applicationRef": {
"type": "string",
"description": "Application reference.",
"maxLength": 64,
"example": "com.onespan.tid.myapp"
},
"authentStatus": {
"type": "integer",
"format": "int32",
"description": "Result of the user authentication performed externally. Non-zero results indicate failure to authenticate.",
"example": 0
},
"clientIP": {
"type": "string",
"description": "IP address where the event originates from formatted in dot-decimal notation. This field is strongly recommended in case the event originates from a web banking application.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"cookieID": {
"type": "string",
"description": "Most persistent cookie from the banking website.",
"maxLength": 250,
"example": "custID=userid1; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Secure; HttpOnly"
},
"cookieSession": {
"type": "string",
"description": "Any other cookies related to the session.",
"maxLength": 4000,
"example": "sessionToken=abc123; MaxAge=1200; Secure; HttpOnly"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"maxLength": 254,
"example": "devfeedbacktid@onespan.com"
},
"eventDate": {
"type": "string",
"description": "Date of the event.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"eventSubType": {
"type": "string",
"description": "Name of the non-monetary event sub type. String values for numeric keys related to custom event sub types are additionally accepted.",
"enum": [
"SMSAuthent",
"SoftTokenAuthent",
"HardTokenAuthent",
"PushAuthent",
"PushAuthent2FA",
"SoftTokenAuthent2FA"
],
"example": "SoftTokenAuthent"
},
"externalRef": {
"type": "string",
"description": "External reference.",
"maxLength": 128,
"example": "ABC123"
},
"httpHeader": {
"type": "string",
"description": "Client request HTTP header.",
"maxLength": 4000,
"example": "Host: www.onespan.com"
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"maxLength": 250,
"example": "+1 (508) 366 3437"
},
"postalAddress": {
"type": "string",
"description": "Customer full address.",
"maxLength": 4000,
"example": "121 West Wacker Drive, Suite 2050, Chicago, IL 60601, USA"
},
"referer": {
"type": "string",
"description": "URL of the webpage triggering the transaction.",
"maxLength": 4000,
"example": "https://www.onespan.com/"
},
"serialNumber": {
"type": "string",
"description": "Serial number of the authenticator used.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}(-[0-9]{1,2})?$",
"minLength": 10,
"maxLength": 13,
"example": "VDS1234567"
},
"userRef": {
"type": "string",
"description": "Corporate user reference.",
"maxLength": 150,
"example": "USER01"
}
},
"description": "Input payload for Intelligent Adaptive Authentication user unregistration.",
"example": {
"objectType": "AdaptiveUnregisterUserInput",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"clientIP": "192.168.0.1",
"relationshipRef": "userid1",
"sessionID": "4ED23EA44F23"
}
},
"AddDeviceInput": {
"type": "object",
"required": [
"deviceCode"
],
"properties": {
"deviceCode": {
"type": "string",
"description": "Device code generated by the authenticator upon processing the first activation message.",
"minLength": 5,
"maxLength": 26,
"example": "1234567890"
}
},
"description": "The request payload for adding the device."
},
"AddDeviceOutput": {
"type": "object",
"properties": {
"activationMessage2": {
"type": "string",
"description": "Second activation message for multi-device licensing (MDL) activation.",
"example": "1234567890ABCDEF"
},
"activationType": {
"type": "string",
"description": "Indicates whether online or offline activation was used.",
"enum": [
"onlineMDL",
"offlineMDL"
],
"example": "offlineMDL"
},
"deviceStatus": {
"type": "string",
"description": "The registration status of the authenticator.",
"enum": [
"registered",
"added"
],
"example": "registered"
},
"deviceType": {
"type": "string",
"description": "Type of device to be activated.",
"example": "iOS"
},
"domain": {
"type": "string",
"description": "Domain in which the user account resides.",
"maxLength": 255,
"example": "domain1"
},
"registrationID": {
"type": "string",
"description": "Registration identifier.",
"maxLength": 40,
"example": "vjO1THY2s7qtt99YjyHldWWF"
},
"serialNumber": {
"type": "string",
"description": "Serial number of the added authenticator instance.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}(-[0-9]{1,2})?$",
"minLength": 10,
"maxLength": 13,
"example": "VDS1234567-1"
},
"userID": {
"type": "string",
"description": "Identifier for the user the authenticator is assigned to.",
"maxLength": 255,
"example": "userid1"
}
},
"description": "The registration output object."
},
"AssignAuthenticatorInput": {
"type": "object",
"required": [
"domain",
"userID"
],
"properties": {
"domain": {
"type": "string",
"description": "Domain in which the user account resides.",
"minLength": 1,
"maxLength": 255,
"example": "domain1"
},
"userID": {
"type": "string",
"description": "User account to assign this authenticator to.",
"minLength": 1,
"maxLength": 255,
"example": "userid1"
}
}
},
"AssignUserInput": {
"type": "object",
"required": [
"authenticator"
],
"properties": {
"authenticator": {
"type": "object",
"properties": {
"serialNumber": {
"type": "string",
"description": "Serial number of the authenticator to be assigned.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
},
"digipassType": {
"type": "string",
"description": "DIGIPASS type of the authenticator to be assigned.",
"minLength": 5,
"maxLength": 5,
"example": "DAL10"
}
},
"minProperties": 1,
"maxProperties": 1
}
}
},
"AuthenticationCredentials": {
"type": "object",
"description": "Credentials to authenticate the user.",
"properties": {
"authenticator": {
"type": "object",
"required": [
"OTP"
],
"properties": {
"PIN": {
"type": "string",
"description": "PIN code related to the authenticator.",
"minLength": 4,
"maxLength": 8,
"example": "1234"
},
"OTP": {
"type": "string",
"description": "One-time password generated by the authenticator.",
"minLength": 6,
"maxLength": 16,
"example": "123456"
},
"serialNumber": {
"type": "string",
"description": "Serial number of the authenticator used. Limited to single device license authenticators; leave empty for multi-device licensing authenticators.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
}
}
},
"fidoAuthenticator": {
"allOf": [
{
"$ref": "#/components/schemas/FidoAuthenticationResponseOutput"
},
{
"type": "object"
}
]
},
"passKey": {
"type": "string",
"description": "Static password for the user or keyword to trigger out-of-band authentication.
When it's a part of request to OCA:
Use the following keywords to trigger orchestrated authentication on the trusted device: NoPIN, PIN, Fingerprint, Face.",
"minLength": 1,
"maxLength": 255,
"example": "Test1234"
}
},
"minProperties": 1
},
"AuthenticatorOutput": {
"type": "object",
"required": [
"applications",
"created",
"domain",
"lastModified",
"serialNumber"
],
"properties": {
"applications": {
"type": "array",
"description": "List of applications supported by the authenticator.",
"items": {
"type": "object",
"required": [
"name",
"type"
],
"properties": {
"name": {
"type": "string",
"description": "Application name.",
"example": "RO OFFLINE"
},
"type": {
"type": "string",
"description": "Application type.",
"example": "RO"
}
},
"description": "Applications supported by the authenticator."
}
},
"assigned": {
"type": "boolean",
"description": "Signifies if this authenticator is assigned to a user."
},
"created": {
"type": "string",
"description": "Creation timestamp for the authenticator.",
"example": "2019-02-04T11:42:39Z"
},
"domain": {
"type": "string",
"description": "Domain in which the user account resides.",
"example": "domain1"
},
"lastModified": {
"type": "string",
"description": "Last modified timestamp for the authenticator.",
"example": "2019-02-04T11:42:39Z"
},
"serialNumber": {
"type": "string",
"description": "Serial number of the authenticator.",
"example": "0034599648"
},
"activation": {
"type": "object",
"properties": {
"bound": {
"type": "boolean",
"description": "Signifies if the authenticator is bound to a specific device."
},
"activationsCount": {
"type": "string",
"description": "Number of activations.",
"example": "1"
},
"lastActivated": {
"type": "string",
"description": "Last activated timestamp for the authenticator.",
"example": "2019-02-04T11:42:39Z"
},
"locationsCount": {
"type": "string",
"description": "Number of activation locations.",
"example": "2"
},
"maxActivations": {
"type": "integer",
"format": "int32",
"minimum": 0,
"maximum": 99,
"description": "Number of total available activations.",
"example": 99
},
"provisioningActivationCount": {
"type": "integer",
"format": "int32",
"description": "Number of provisioning activations.",
"example": 2
}
}
},
"assignedUserID": {
"type": "string",
"description": "User this authenticator is assigned to.",
"example": "userid1"
},
"authenticatorType": {
"type": "string",
"description": "Authenticator type.",
"example": "DAL10"
},
"description": {
"type": "string",
"description": "Reference associated with the authenticator.",
"pattern": "^(?=^\\S)(?=.*\\S$)[^\\x00-\\x1F\\x7F]{1,255}$",
"minLength": 1,
"maxLength": 255,
"example": "Mobile authenticator for Android activated on 2021-02-11 for userid1."
}
}
},
"AuthenticatorsOutput": {
"type": "object",
"required": [
"authenticators",
"count",
"limit",
"offset",
"total"
],
"properties": {
"authenticators": {
"type": "array",
"description": "List of authenticators.",
"items": {
"$ref": "#/components/schemas/AuthenticatorOutput"
}
},
"count": {
"type": "integer",
"format": "int32",
"description": "Number of authenticators returned.",
"example": 1
},
"limit": {
"type": "integer",
"format": "int32",
"description": "Maximum number of authenticators requested.",
"example": 20
},
"offset": {
"type": "integer",
"format": "int32",
"description": "Index of the first authenticator returned.",
"example": 0
},
"total": {
"type": "integer",
"format": "int32",
"description": "Total number of authenticators that match the query input parameters.",
"example": 1
}
}
},
"BindAuthenticatorInput": {
"type": "object",
"required": [
"derivationCode"
],
"properties": {
"derivationCode": {
"type": "string",
"description": "Derivation code.",
"minLength": 1,
"maxLength": 27,
"example": "ABCD1234"
}
}
},
"BrowserCDDC": {
"type": "object",
"required": [
"fingerprintHash",
"fingerprintRaw"
],
"properties": {
"fingerprintRaw": {
"type": "string",
"description": "Browser fingerprint raw.",
"minLength": 1,
"example": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}"
},
"fingerprintHash": {
"type": "string",
"description": "Browser fingerprint hash.",
"minLength": 1,
"maxLength": 2000,
"example": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"description": "Browser client device data collector structure. When present, both browser and mobile event/transaction types are accepted."
},
"BulkfileOutput": {
"type": "object",
"required": [
"message",
"retcode"
],
"properties": {
"retcode": {
"type": "string",
"description": "'0' if successful; an error code otherwise."
},
"message": {
"type": "string",
"description": "\"Success\" if successful; a description of the error that occurred otherwise."
},
"uuid": {
"type": "string",
"description": "UUID generated for the upload file."
}
}
},
"BulkfileStatusOutput": {
"type": "object",
"required": [
"message",
"retcode"
],
"properties": {
"retcode": {
"type": "string",
"description": "'0' if successful; an error code otherwise."
},
"message": {
"type": "string",
"description": "\"Success\" if successful; a description of the error that occurred otherwise."
},
"status": {
"type": "string",
"description": "Status of the file"
},
"logs": {
"type": "array",
"description": "Logs of the file",
"items": {
"type": "string"
}
}
}
},
"CheckActivationStatusInput": {
"type": "object",
"required": [
"login"
],
"properties": {
"login": {
"type": "string",
"description": "Identifier for the user for whom to perform an activation check.",
"minLength": 1,
"maxLength": 255,
"example": "userid1"
},
"domain": {
"type": "string",
"description": "Domain in which the user account resides.",
"maxLength": 255,
"example": "domain1"
},
"timeoutSeconds": {
"type": "integer",
"format": "int64",
"description": "Timeout",
"example": 10
}
},
"example": {
"login": "userid1",
"timeoutSeconds": 10
}
},
"CheckActivationStatusOutput": {
"type": "object",
"properties": {
"activationStatus": {
"type": "string",
"enum": [
"unknown",
"pending",
"activated",
"timeout"
],
"description": "Status of the device activation. Supported values are: 'unknown' = No pending activation found the user, 'pending' = Activation in progress, 'activated' = Device succesfully activated, 'timeout' = Timeout waiting for activation check to complete.",
"example": "unknown"
}
}
},
"CheckSessionStatusOutput": {
"type": "object",
"required": [
"sessionStatus"
],
"properties": {
"sessionStatus": {
"type": "string",
"description": "Status of the session. Supported values are: \n * 'unknown' = Unknown status: handle response externally\n * 'pending' = Pending action by user\n * 'accepted' = Successfully completed validation\n * 'refused' = Refused by user\n * 'timeout' = Timeout waiting for validation to complete\n * 'failed' = Failed to validate",
"enum": [
"unknown",
"pending",
"accepted",
"refused",
"timeout",
"failed"
],
"example": "accepted"
},
"riskResponseCode": {
"type": "integer",
"format": "int32",
"description": "Risk Analytics response code. Standard supported values are: 0 = Accept, 1 = Decline, 2 = Challenge, 3 = ChallengeSMS, 5 = ChallengeDevice2FA, 8 = ChallengeEmail, 11 = ChallengeCronto, 14 = ChallengeFido, 21 = ChallengeNoPIN, 22 = ChallengePIN, 23 = ChallengeFingerprint, 24 = ChallengeFace. Additional values can be configured through the Risk Analytics Presentation Service.",
"example": 0
},
"votpResponse": {
"type": "string",
"description": "Generated Virtual OTP value. Returned on 'pending' status for sessions that triggered the Custom VOTP Delivery feature (optional, not recommended).",
"example": "123456"
}
}
},
"CountryCode": {
"type": "string",
"description": "Country in ISO 3166-1 alpha-2 two-letter country code format.",
"enum": [
"AD",
"AE",
"AF",
"AG",
"AI",
"AL",
"AM",
"AN",
"AO",
"AQ",
"AR",
"AS",
"AT",
"AU",
"AW",
"AX",
"AZ",
"BA",
"BB",
"BD",
"BE",
"BF",
"BG",
"BH",
"BI",
"BJ",
"BL",
"BM",
"BN",
"BO",
"BQ",
"BR",
"BS",
"BT",
"BV",
"BW",
"BY",
"BZ",
"CA",
"CC",
"CD",
"CF",
"CG",
"CH",
"CI",
"CK",
"CL",
"CM",
"CN",
"CO",
"CR",
"CS",
"CU",
"CV",
"CW",
"CX",
"CY",
"CZ",
"DE",
"DJ",
"DK",
"DM",
"DO",
"DZ",
"EC",
"EE",
"EG",
"EH",
"ER",
"ES",
"ET",
"FI",
"FJ",
"FK",
"FM",
"FO",
"FR",
"GA",
"GB",
"GD",
"GE",
"GF",
"GG",
"GH",
"GI",
"GL",
"GM",
"GN",
"GP",
"GQ",
"GR",
"GS",
"GT",
"GU",
"GW",
"GY",
"HK",
"HM",
"HN",
"HR",
"HT",
"HU",
"ID",
"IE",
"IL",
"IM",
"IN",
"IO",
"IQ",
"IR",
"IS",
"IT",
"JE",
"JM",
"JO",
"JP",
"KE",
"KG",
"KH",
"KI",
"KM",
"KN",
"KP",
"KR",
"KW",
"KY",
"KZ",
"LA",
"LB",
"LC",
"LI",
"LK",
"LR",
"LS",
"LT",
"LU",
"LV",
"LY",
"MA",
"MC",
"MD",
"ME",
"MF",
"MG",
"MH",
"MK",
"ML",
"MM",
"MN",
"MO",
"MP",
"MQ",
"MR",
"MS",
"MT",
"MU",
"MV",
"MW",
"MX",
"MY",
"MZ",
"NA",
"NC",
"NE",
"NF",
"NG",
"NI",
"NL",
"NO",
"NP",
"NR",
"NU",
"NZ",
"OM",
"PA",
"PE",
"PF",
"PG",
"PH",
"PK",
"PL",
"PM",
"PN",
"PR",
"PS",
"PT",
"PW",
"PY",
"QA",
"RE",
"RO",
"RS",
"RU",
"RW",
"SA",
"SB",
"SC",
"SD",
"SE",
"SG",
"SH",
"SI",
"SJ",
"SK",
"SL",
"SM",
"SN",
"SO",
"SR",
"SS",
"ST",
"SV",
"SX",
"SY",
"SZ",
"TC",
"TD",
"TF",
"TG",
"TH",
"TJ",
"TK",
"TL",
"TM",
"TN",
"TO",
"TR",
"TT",
"TV",
"TW",
"TZ",
"UA",
"UG",
"UM",
"US",
"UY",
"UZ",
"VA",
"VC",
"VE",
"VG",
"VI",
"VN",
"VU",
"WF",
"WS",
"YE",
"YT",
"ZA",
"ZM",
"ZW"
],
"example": "US"
},
"CreateUserInput": {
"type": "object",
"properties": {
"staticPassword": {
"type": "string",
"description": "Static password for the user.",
"minLength": 8,
"maxLength": 255,
"example": "Test1234"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"maxLength": 64,
"example": "devfeedbacktid@onespan.com"
},
"enabled": {
"type": "boolean",
"description": "Specifies whether the user account is enabled immediately after creation.",
"example": true
},
"locked": {
"type": "boolean",
"description": "Specifies whether the user account is created in a locked state or not.",
"example": false
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"maxLength": 64,
"example": "+1 (508) 366 3437"
},
"phoneNumber": {
"type": "string",
"description": "Telephone number of the user.",
"pattern": "^[\\+\\-\\(\\)0-9 ]{0,20}$",
"maxLength": 20,
"example": "+1 (508) 366 3437"
},
"vdpDeliveryMethod": {
"type": "string",
"description": "Delivery method for sending Virtual DIGIPASS.",
"enum": [
"Default",
"SMS",
"Email",
"Voice"
],
"example": "Email"
}
}
},
"DecryptInformationMessageInput": {
"type": "object",
"required": [
"informationMessage"
],
"properties": {
"informationMessage": {
"type": "string",
"description": "Information message.",
"maxLength": 1070,
"pattern": "^([0-9a-fA-F]{2})+$",
"example": "AB3A1AA8029388FFB11F176DF9529E86CCA08894D5DBCD9EC9238FE5139A8FF39DA2"
}
}
},
"DecryptInformationMessageOutput": {
"type": "object",
"required": [
"informationBody",
"domain",
"serialNumber"
],
"properties": {
"informationBody": {
"type": "string",
"description": "Information body.",
"minLength": 2,
"maxLength": 1024,
"pattern": "^([0-9a-fA-F]{2}){1,512}$",
"example": "68656C6C6F20776F726C64"
},
"domain": {
"type": "string",
"description": "The domain the relevant authenticator belongs to.",
"minLength": 1,
"maxLength": 255,
"example": "domain1"
},
"serialNumber": {
"type": "string",
"pattern": "^[A-Z0-9]{3}[0-9]{7}-[0-9]{1,2}$",
"minLength": 12,
"maxLength": 13,
"description": "Serial number of the authenticator used.",
"example": "VDS1000120-1"
}
}
},
"ErrorOutput": {
"type": "object",
"required": [
"status",
"error",
"message",
"service",
"logCorrelationID",
"timestamp"
],
"properties": {
"status": {
"type": "integer",
"format": "int32",
"example": 999,
"description": "HTTP status code."
},
"error": {
"type": "string",
"example": "HTTP status code associated reason phrase",
"description": "HTTP reason phrase; the description associated with the HTTP status code."
},
"message": {
"type": "string",
"example": "Error associated response text",
"description": "Human readable description of the error and/or cause of the error."
},
"service": {
"type": "string",
"example": "associated-service",
"description": "Name of the webservice returning this response."
},
"logCorrelationID": {
"type": "string",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"minLength": 36,
"maxLength": 36,
"example": "df177869-cffc-4a40-8997-8612f05bff0b",
"description": "Log correlation ID."
},
"timestamp": {
"type": "string",
"format": "date-time",
"example": "2019-02-04T11:42:39Z",
"description": "ISO 8601 timestamp."
},
"uafStatusCode": {
"type": "integer",
"format": "int32",
"description": "Status code indicating the result of the UAF11 protocol operation. Applicable only to FIDO UAF protocol operations.",
"example": 1491
},
"validationErrors": {
"type": "array",
"description": "For input validation errors: a list of tuples (object, field, message) describing the fields that did not pass input validation, plus the required syntax.",
"items": {
"$ref": "#/components/schemas/ValidationError"
}
}
}
},
"EventInput": {
"type": "object",
"required": [
"eventType",
"relationshipRef",
"sessionID"
],
"properties": {
"eventType": {
"type": "string",
"description": "Name of the non-monetary event type. String values for numeric keys related to custom event types are additionally accepted.",
"enum": [
"AddChequePrintingPayeeAttempt",
"AddChequePrintingPayeeFailed",
"AddChequePrintingPayeeSuccess",
"AlertSetupAttempt",
"AlertSetupFailed",
"AlertSetupSuccess",
"AmendBeneficiaryAttempt",
"AmendBeneficiaryFailed",
"AmendBeneficiarySuccess",
"AmendBillBeneficiaryAttempt",
"AmendBillBeneficiaryFailed",
"AmendBillBeneficiarySuccess",
"App2ActionStart",
"AppStart",
"BlockCardAttempt",
"BlockCardFailed",
"BlockCardSuccess",
"BulkTransactions",
"BulkTransactionsApprove",
"BulkTransactionsInput",
"BulkTransactionsRelease",
"CardActivateAttempt",
"CardActivateFail",
"CardActivateSuccess",
"ChangeAddressAttempt",
"ChangeAddressFailed",
"ChangeAddressInvalid",
"ChangeAddressSuccess",
"ChangeAlertDeliveryAttempt",
"ChangeAlertDeliveryFailed",
"ChangeAlertDeliverySuccess",
"ChangeCardPINAttempt",
"ChangeCardPINFailed",
"ChangeCardPINSuccess",
"ChangeEmailAttempt",
"ChangeEmailFailed",
"ChangeEmailSuccess",
"ChangeLimitAttempt",
"ChangeLimitFailed",
"ChangeLimitSuccess",
"ChangePasswordAttempt",
"ChangePasswordFailed",
"ChangePasswordInvalid",
"ChangePasswordSuccess",
"ChangePayeeGroupAttempt",
"ChangePayeeGroupFailed",
"ChangePayeeGroupSuccess",
"ChangePhoneNumberAttempt",
"ChangePhoneNumberFailed",
"ChangePhoneNumberSuccess",
"CheckBalance",
"CheckBalanceDetail",
"ChequePrintingRequestAttempt",
"ChequePrintingRequestFailed",
"ChequePrintingRequestSuccess",
"CreateNewCorporateUserAttempt",
"CreateNewCorporateUserFailed",
"CreateNewCorporateUserSuccess",
"DownloadAccountInformation",
"DPActivation",
"DPInstDeletion",
"GetTransactions",
"LoginAttempt",
"LoginAttemptBlocked",
"LoginAttemptInvalid",
"LoginAttemptOTP",
"LoginFailed",
"LoginSuccess",
"LoginWithChangePasswordBlocked",
"LoginWithChangePasswordFail",
"LoginWithChangePasswordSuccess",
"MobileAddChequePrintingPayeeAttempt",
"MobileAddChequePrintingPayeeFailed",
"MobileAddChequePrintingPayeeSuccess",
"MobileAlertSetupAttempt",
"MobileAlertSetupFailed",
"MobileAlertSetupSuccess",
"MobileAmendBeneficiaryAttempt",
"MobileAmendBeneficiaryFailed",
"MobileAmendBeneficiarySuccess",
"MobileAmendBillBeneficiaryAttempt",
"MobileAmendBillBeneficiaryFailed",
"MobileAmendBillBeneficiarySuccess",
"MobileBlockCardAttempt",
"MobileBlockCardFailed",
"MobileBlockCardSuccess",
"MobileBulkTransactions",
"MobileCardActivateAttempt",
"MobileCardActivateFail",
"MobileCardActivateSuccess",
"MobileChangeAddressAttempt",
"MobileChangeAddressFailed",
"MobileChangeAddressInvalid",
"MobileChangeAddressSuccess",
"MobileChangeAlertDeliveryAttempt",
"MobileChangeAlertDeliveryFailed",
"MobileChangeAlertDeliverySuccess",
"MobileChangeCardPINAttempt",
"MobileChangeCardPINFailed",
"MobileChangeCardPINSuccess",
"MobileChangeEmailAttempt",
"MobileChangeEmailFailed",
"MobileChangeEmailSuccess",
"MobileChangeLimitAttempt",
"MobileChangeLimitFailed",
"MobileChangeLimitSuccess",
"MobileChangePasswordAttempt",
"MobileChangePasswordFailed",
"MobileChangePasswordInvalid",
"MobileChangePasswordSuccess",
"MobileChangePayeeGroupAttempt",
"MobileChangePayeeGroupFailed",
"MobileChangePayeeGroupSuccess",
"MobileChangePhoneNumberAttempt",
"MobileChangePhoneNumberFailed",
"MobileChangePhoneNumberSuccess",
"MobileCheckBalance",
"MobileCheckBalanceDetail",
"MobileChequePrintingRequestAttempt",
"MobileChequePrintingRequestFailed",
"MobileChequePrintingRequestSuccess",
"MobileCreateNewCorporateUserAttempt",
"MobileCreateNewCorporateUserFailed",
"MobileCreateNewCorporateUserSuccess",
"MobileDownloadAccountInformation",
"MobileGetTransactions",
"MobileLoginAttempt",
"MobileLoginAttemptInvalid",
"MobileLoginAttemptOTP",
"MobileLoginFailed",
"MobileLoginSuccess",
"MobileNewBeneficiaryAttempt",
"MobileNewBeneficiaryFailed",
"MobileNewBeneficiarySuccess",
"MobileNewBillBeneficiaryAttempt",
"MobileNewBillBeneficiaryFailed",
"MobileNewBillBeneficiarySuccess",
"MobileNewPayeeGroupAttempt",
"MobileNewPayeeGroupFailed",
"MobileNewPayeeGroupSuccess",
"MobilePasswordRecoveryAttempt",
"MobilePasswordRecoveryFailed",
"MobilePasswordRecoverySuccess",
"MobileRegisterUser",
"MobileRegisterUserFail",
"MobileRegisterUserSuccess",
"MobileRegisterUserValidation",
"MobileRemoveBeneficiaryAttempt",
"MobileRemoveBeneficiaryFailed",
"MobileRemoveBeneficiarySuccess",
"MobileRemoveBillBeneficiaryAttempt",
"MobileRemoveBillBeneficiaryFailed",
"MobileRemoveBillBeneficiarySuccess",
"MobileRemovePayeeGroupAttempt",
"MobileRemovePayeeGroupFailed",
"MobileRemovePayeeGroupSuccess",
"MobileRevokeNewCorporateUserAttempt",
"MobileRevokeNewCorporateUserFailed",
"MobileRevokeNewCorporateUserSuccess",
"MobileSignedAddChequePrintingPayeeAttempt",
"MobileSignedAlertSetupAttempt",
"MobileSignedAmendBeneficiaryAttempt",
"MobileSignedAmendBillBeneficiaryAttempt",
"MobileSignedBlockCardAttempt",
"MobileSignedBulkTransactions",
"MobileSignedCardActivateAttempt",
"MobileSignedChangeAddressAttempt",
"MobileSignedChangeAlertDeliveryAttempt",
"MobileSignedChangeCardPINAttempt",
"MobileSignedChangeEmailAttempt",
"MobileSignedChangeLimitAttempt",
"MobileSignedChangePasswordAttempt",
"MobileSignedChangePayeeGroupAttempt",
"MobileSignedChangePhoneNumberAttempt",
"MobileSignedCheckBalance",
"MobileSignedCheckBalanceDetail",
"MobileSignedChequePrintingRequestAttempt",
"MobileSignedCreateNewCorporateUserAttempt",
"MobileSignedDownloadAccountInformation",
"MobileSignedGetTransactions",
"MobileSignedNewBeneficiaryAttempt",
"MobileSignedNewBillBeneficiaryAttempt",
"MobileSignedNewPayeeGroupAttempt",
"MobileSignedPasswordRecoveryAttempt",
"MobileSignedRemoveBeneficiaryAttempt",
"MobileSignedRemoveBillBeneficiaryAttempt",
"MobileSignedRemovePayeeGroupAttempt",
"MobileSignedRevokeNewCorporateUserAttempt",
"MobileSignedUnlockNewCorporateUserAttempt",
"MobileSignedUserIDRecoveryAttempt",
"MobileUnlockNewCorporateUserAttempt",
"MobileUnlockNewCorporateUserFailed",
"MobileUnlockNewCorporateUserSuccess",
"MobileUnregisterUser",
"MobileUnregisterUserFail",
"MobileUnregisterUserSuccess",
"MobileUnregisterUserValidation",
"MobileUserIDRecoveryAttempt",
"MobileUserIDRecoveryFailed",
"MobileUserIDRecoverySuccess",
"NewBeneficiaryAttempt",
"NewBeneficiaryFailed",
"NewBeneficiarySuccess",
"NewBillBeneficiaryAttempt",
"NewBillBeneficiaryFailed",
"NewBillBeneficiarySuccess",
"NewPayeeGroupAttempt",
"NewPayeeGroupFailed",
"NewPayeeGroupSuccess",
"NotifActionStart",
"OfflineTimeSync",
"OnlineTimeSync",
"PasswordRecoveryAttempt",
"PasswordRecoveryFailed",
"PasswordRecoverySuccess",
"PinChanged",
"RegisterUser",
"RegisterUserFail",
"RegisterUserSuccess",
"RegisterUserValidation",
"RemoveBeneficiaryAttempt",
"RemoveBeneficiaryFailed",
"RemoveBeneficiarySuccess",
"RemoveBillBeneficiaryAttempt",
"RemoveBillBeneficiaryFailed",
"RemoveBillBeneficiarySuccess",
"RemovePayeeGroupAttempt",
"RemovePayeeGroupFailed",
"RemovePayeeGroupSuccess",
"RevokeNewCorporateUserAttempt",
"RevokeNewCorporateUserFailed",
"RevokeNewCorporateUserSuccess",
"SetBiometric",
"SignedAddChequePrintingPayeeAttempt",
"SignedAlertSetupAttempt",
"SignedAmendBeneficiaryAttempt",
"SignedAmendBillBeneficiaryAttempt",
"SignedBlockCardAttempt",
"SignedBulkTransactions",
"SignedBulkTransactionsApprove",
"SignedBulkTransactionsInput",
"SignedBulkTransactionsRelease",
"SignedCardActivateAttempt",
"SignedChangeAddressAttempt",
"SignedChangeAlertDeliveryAttempt",
"SignedChangeCardPINAttempt",
"SignedChangeEmailAttempt",
"SignedChangeLimitAttempt",
"SignedChangePasswordAttempt",
"SignedChangePayeeGroupAttempt",
"SignedChangePhoneNumberAttempt",
"SignedCheckBalance",
"SignedCheckBalanceDetail",
"SignedChequePrintingRequestAttempt",
"SignedCreateNewCorporateUserAttempt",
"SignedDownloadAccountInformation",
"SignedGetTransactions",
"SignedNewBeneficiaryAttempt",
"SignedNewBillBeneficiaryAttempt",
"SignedNewPayeeGroupAttempt",
"SignedNewPsuConsent",
"SignedPasswordRecoveryAttempt",
"SignedRemoveBeneficiaryAttempt",
"SignedRemoveBillBeneficiaryAttempt",
"SignedRemovePayeeGroupAttempt",
"SignedRevokeNewCorporateUserAttempt",
"SignedUnlockNewCorporateUserAttempt",
"SignedUserIDRecoveryAttempt",
"TPPCheckBalance",
"TPPCheckBalanceDetail",
"TPPGetAccountDetail",
"TPPGetAccountList",
"TPPGetPSUDetail",
"TPPGetTransactions",
"TPPGetTrustedBeneficiaries",
"TPPNewPsuConsent",
"TPPSignedNewPsuConsent",
"TrustedDeviceAddChequePrintingPayeeValidation",
"TrustedDeviceAlertSetupValidation",
"TrustedDeviceAmendBenefValidation",
"TrustedDeviceAmendBillBeneficiaryValidation",
"TrustedDeviceAuthentication",
"TrustedDeviceBlockCardValidation",
"TrustedDeviceBulkTransactionsValidation",
"TrustedDeviceCardActivateValidation",
"TrustedDeviceChangeAddressValidation",
"TrustedDeviceChangeAlertDeliveryValidation",
"TrustedDeviceChangeCardPINValidation",
"TrustedDeviceChangeEmailValidation",
"TrustedDeviceChangeLimitValidation",
"TrustedDeviceChangePasswordValidation",
"TrustedDeviceChangePayeeGroupValidation",
"TrustedDeviceChangePhoneNumberValidation",
"TrustedDeviceChangeProfileValidation",
"TrustedDeviceCheckBalanceDetailValidation",
"TrustedDeviceCheckBalanceValidation",
"TrustedDeviceChequePrintingRequestValidation",
"TrustedDeviceCreateNewCorporateUserValidation",
"TrustedDeviceDownloadAccountInfoValidation",
"TrustedDeviceGetTransactionsValidation",
"TrustedDeviceLoginValidation",
"TrustedDeviceNewBenefValidation",
"TrustedDeviceNewBillBeneficiaryValidation",
"TrustedDeviceNewPayeeGroupValidation",
"TrustedDeviceNewPsuConsentValidation",
"TrustedDevicePasswordRecoveryValidation",
"TrustedDeviceRegisterNotif",
"TrustedDeviceRemoveBenefValidation",
"TrustedDeviceRemoveBillBenefValidation",
"TrustedDeviceRemovePayeeGroupValidation",
"TrustedDeviceRevokeNewCorporateUserValidation",
"TrustedDeviceUnlockNewCorporateUserValidation",
"TrustedDeviceVerifyPasswordRequest",
"UnlockNewCorporateUserAttempt",
"UnlockNewCorporateUserFailed",
"UnlockNewCorporateUserSuccess",
"UnregisterUser",
"UnregisterUserFail",
"UnregisterUserSuccess",
"UnregisterUserValidation",
"UnsetBiometric",
"UserActionStart",
"UserIDRecoveryAttempt",
"UserIDRecoveryFailed",
"UserIDRecoverySuccess"
],
"example": "LoginSuccess"
},
"relationshipRef": {
"type": "string",
"description": "Relationship reference.",
"minLength": 1,
"maxLength": 150,
"example": "userid1"
},
"sessionID": {
"type": "string",
"description": "Application session identifier formatted as a hexadecimal string; common for all transactions related to the same session.",
"pattern": "^[0-9a-fA-F]+$",
"minLength": 2,
"maxLength": 100,
"example": "4ED23EA44F23"
},
"accountRef": {
"type": "string",
"description": "Customer (bank) account reference.",
"maxLength": 250,
"example": "ACC123"
},
"after": {
"type": "string",
"description": "Related value after the event.",
"maxLength": 4000,
"example": "1000"
},
"appLanguage": {
"type": "string",
"description": "Application language.",
"maxLength": 50,
"example": "en-CA"
},
"applicationRef": {
"type": "string",
"description": "Application reference.",
"maxLength": 64,
"example": "com.onespan.tid.myapp"
},
"authentMode": {
"type": "string",
"description": "Authentication mode.",
"maxLength": 2,
"example": "CR"
},
"authentStatus": {
"type": "integer",
"format": "int32",
"description": "Result of the user authentication performed externally. Non-zero results indicate failure to authenticate.",
"example": 0
},
"authentType": {
"type": "string",
"description": "Indicates the level of authentication. Strong customer authentication (SCA) requires at least two-factor authentication.",
"enum": [
"none",
"simple",
"strong"
],
"example": "strong"
},
"before": {
"type": "string",
"description": "Related value before the event.",
"maxLength": 4000,
"example": "990"
},
"behaviorTrained": {
"type": "boolean",
"description": "Indicates whether the behavior server is trained enough for the current user profile to perform an adequate behavioral scoring.",
"example": true
},
"behaviorScore": {
"type": "number",
"format": "double",
"description": "Behavioral score, as computed by the behavior server.",
"minimum": 0,
"maximum": 1,
"example": 0.5
},
"behaviorConfidence": {
"type": "number",
"format": "double",
"description": "Confidence in the behavioral score, as computed by the behavior server.",
"minimum": 0,
"maximum": 1,
"example": 0.5
},
"beneficiaryBank": {
"type": "string",
"description": "Name of the beneficiary bank.",
"maxLength": 50,
"example": "MYBANK"
},
"beneficiaryBankCountry": {
"$ref": "#/components/schemas/CountryCode"
},
"beneficiaryIBAN": {
"type": "string",
"description": "Beneficiary international bank account number (IBAN).",
"maxLength": 96,
"example": "BE68539007547034"
},
"beneficiaryName": {
"type": "string",
"description": "Name of the beneficiary.",
"maxLength": 128,
"example": "John Doe"
},
"bin6": {
"type": "string",
"description": "6-digit bank identification number.",
"maxLength": 6,
"example": "012345"
},
"bin9": {
"type": "string",
"description": "9-digit bank identification number.",
"maxLength": 9,
"example": "012345678"
},
"bin12": {
"type": "string",
"description": "12-digit bank identification number.",
"maxLength": 12,
"example": "012345678901"
},
"branchLocation": {
"type": "string",
"description": "Branch location reference.",
"maxLength": 100,
"example": "City-center"
},
"bulkActionDate": {
"type": "string",
"description": "Date of the action on the bulk payment.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"bulkAmount": {
"type": "string",
"description": "Total amount of a bulk payment.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "3541.54"
},
"bulkHash": {
"type": "string",
"description": "Hash value for a bulk payment.",
"maxLength": 256,
"example": "E3E75B2D51DC91F8B0CC182FFAB159EC2D3AC4CF"
},
"bulkRef": {
"type": "string",
"description": "Bulk payment reference.",
"maxLength": 128,
"example": "BLK123"
},
"cddc": {
"type": "object",
"description": "Client device data collector meta data. The two fields browserCDDC and mobileCDDC are mutually exclusive and collectively exhaustive.",
"properties": {
"browserCDDC": {
"$ref": "#/components/schemas/BrowserCDDC"
},
"mobileCDDC": {
"$ref": "#/components/schemas/MobileCDDC"
}
},
"minProperties": 1,
"maxProperties": 1
},
"clientIP": {
"type": "string",
"description": "IP address where the event originates from formatted in dot-decimal notation. This field is strongly recommended in case the event originates from a web banking application.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"contractRef": {
"type": "string",
"description": "Corporate banking reference for a contract belonging to an external entity for which the corporate user is indirectly acting.",
"maxLength": 150,
"example": "contractid1"
},
"cookieID": {
"type": "string",
"description": "Most persistent cookie from the banking website.",
"maxLength": 250,
"example": "custID=userid1; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Secure; HttpOnly"
},
"cookieSession": {
"type": "string",
"description": "Any other cookies related to the session.",
"maxLength": 4000,
"example": "sessionToken=abc123; MaxAge=1200; Secure; HttpOnly"
},
"customDate1": {
"type": "string",
"description": "A customizable date to pass bank information to Risk Analytics.",
"maxLength": 20,
"example": "12-Dec-1988 13:04:55"
},
"customNumber1": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customNumber2": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customNumber3": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customString1": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString2": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString3": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString4": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString5": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString6": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"maxLength": 254,
"example": "devfeedbacktid@onespan.com"
},
"entityRef": {
"type": "string",
"description": "Corporate banking reference for an external entity/company for which the corporate user is indirectly acting.",
"maxLength": 150,
"example": "entityid1"
},
"eventDate": {
"type": "string",
"description": "Date of the event.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"eventSubType": {
"type": "string",
"description": "Name of the non-monetary event sub type. String values for numeric keys related to custom event sub types are additionally accepted.",
"enum": [
"SMSAuthent",
"SoftTokenAuthent",
"HardTokenAuthent",
"PushAuthent",
"PushAuthent2FA",
"SoftTokenAuthent2FA"
],
"example": "SoftTokenAuthent"
},
"externalRef": {
"type": "string",
"description": "External reference.",
"maxLength": 128,
"example": "ABC123"
},
"httpHeader": {
"type": "string",
"description": "Client request HTTP header.",
"maxLength": 4000,
"example": "Host: www.onespan.com"
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"maxLength": 250,
"example": "+1 (508) 366 3437"
},
"parentNmeRef": {
"type": "string",
"description": "Corporate banking reference between multiple steps of non-monetary event initiation, approval and release.",
"maxLength": 128,
"example": "PARENT_NME_REF"
},
"processingStepKey": {
"type": "integer",
"format": "int32",
"description": "Corporate banking step indicator for non-monetary events with x-eyes principle processing.",
"enum": [
10,
20,
30,
40,
50,
60
],
"example": 10
},
"referer": {
"type": "string",
"description": "URL of the webpage triggering the event.",
"maxLength": 4000,
"example": "https://www.onespan.com/"
},
"serialNumber": {
"type": "string",
"description": "Serial number of the authenticator used.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}(-[0-9]{1,2})?$",
"minLength": 10,
"maxLength": 13,
"example": "VDS1234567"
},
"tpp": {
"type": "object",
"description": "Open Banking Third Party Provider information.",
"required": [
"tppRef"
],
"properties": {
"psuDeviceID": {
"type": "string",
"description": "Universally unique identifier for the device used by the Payment Service User.",
"maxLength": 2000,
"example": "548573475773563467"
},
"tppIP": {
"type": "string",
"description": "IP address of the Third Party Provider service.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"tppRef": {
"type": "string",
"description": "Unique identifier for the Third Party Provider.",
"maxLength": 150,
"example": "TPPID"
},
"tppName": {
"type": "string",
"description": "Third Party Provider name.",
"maxLength": 50,
"example": "TPPName"
},
"tppRole": {
"type": "string",
"description": "Role of the Third Party Provider.",
"maxLength": 50,
"example": "AISP"
}
}
},
"userRef": {
"type": "string",
"description": "Corporate user reference.",
"maxLength": 150,
"example": "USER01"
}
},
"description": "Input payload for Risk Analytics non-monetary event requests.",
"example": {
"eventType": "LoginSuccess",
"relationshipRef": "userid1",
"sessionID": "4ED23EA44F23",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"clientIP": "192.168.0.1"
}
},
"EventOutput": {
"type": "object",
"properties": {
"applicationID": {
"type": "integer",
"format": "int32",
"description": "Identifier of the inserted application."
},
"eventID": {
"type": "integer",
"format": "int32",
"description": "Identifier of the inserted non-monetary event."
},
"relationshipID": {
"type": "integer",
"format": "int32",
"description": "Identifier of the inserted relationship."
},
"riskResponseCode": {
"type": "integer",
"format": "int32",
"description": "Risk Analytics response code. Standard supported values are: 0 = Accept, 1 = Decline, 2 = Challenge, 3 = ChallengeSMS, 4 = ChallengeDevice, 5 = ChallengeDevice2FA, 6 = ChallengePush, 7 = ChallengePush2FA, 8 = ChallengeEmail, 9 = ChallengeCRDevice, 10 = ChallengeCRDevice2FA, 11 = ChallengeSCTransaction, 12 = ChallengeSCTransaction2FA, 21 = ChallengeNoPIN, 22 = ChallengePIN, 23 = ChallengeFingerprint, 24 = ChallengeFace. Additional values can be configured through the Risk Analytics Presentation Service.",
"example": 0
}
}
},
"EventValidationOutput": {
"type": "object",
"required": [
"sessionStatus"
],
"properties": {
"challenge": {
"type": "string",
"description": "Challenge to be entered on the device.",
"example": "123456"
},
"requestID": {
"type": "string",
"description": "Identifier to reference this request.",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"minLength": 36,
"maxLength": 36,
"example": "413b2c39-2d67-4293-9adb-25601731b062"
},
"riskResponseCode": {
"type": "integer",
"format": "int32",
"description": "Risk Analytics response code. Standard supported values are: 0 = Accept, 1 = Decline, 2 = Challenge, 3 = ChallengeSMS, 5 = ChallengeDevice2FA, 8 = ChallengeEmail, 10 = ChallengeCRDevice2FA, 11 = ChallengeCronto, 14 = ChallengeFido, 21 = ChallengeNoPIN, 22 = ChallengePIN, 23 = ChallengeFingerprint, 24 = ChallengeFace. Additional values can be configured through the Risk Analytics Presentation Service.",
"example": 0
},
"sessionStatus": {
"type": "string",
"description": "Status of the session. Supported values are: 'unknown' = Unknown status: handle response externally, 'pending' = Pending action by user, 'accepted' = Succesfully completed validation, 'refused' = Refused by user, 'timeout' = Timeout waiting for validation to complete, 'failed' = Failed to validate.",
"enum": [
"unknown",
"pending",
"accepted",
"refused",
"timeout",
"failed"
]
},
"fidoAuthenticationRequest": {
"type": "string",
"description": "AuthenticationRequest from respective FIDO protocol."
},
"requestMessage": {
"type": "string",
"description": "Encoded orchestration - or request message.",
"example": "0000F8B81D"
},
"uafStatusCode": {
"type": "integer",
"format": "int32",
"description": "Status code indicating the result of the UAF11 protocol operation. Not present for FIDO2.",
"example": 1200
}
}
},
"Fido2RelyingPartyInput": {
"type": "object",
"description": "Input object used for the creation of a new FIDO2 Relying Party resource.",
"required": [
"origins",
"publicKeyCredentialRpEntity"
],
"properties": {
"origins": {
"$ref": "#/components/schemas/Origins"
},
"publicKeyCredentialRpEntity": {
"$ref": "#/components/schemas/PublicKeyCredentialRpEntity"
},
"enableRegisteringWithExistingAuthenticator": {
"type": "boolean",
"description": "Option used to limit the creation of multiple credentials for the same account on a single authenticator. If it is set to false the registration initialize step will compute a list of excluded credentials(as part of the PublicKeyCredentialsOptions). The excluded credentials are sent back to the client which will return an error if the new credential would be created on an authenticator that also contains one of the excluded credentials."
},
"publicKeyCredentialParameters": {
"type": "array",
"items": {
"$ref": "#/components/schemas/PublicKeyCredentialParameters"
}
},
"signCounterHandleMethod": {
"$ref": "#/components/schemas/SignCounterHandleMethod"
},
"timeout": {
"type": "integer",
"format": "int32",
"description": "Determines how much time a user is given to interact with the FIDO2 Authenticator."
}
}
},
"Fido2RelyingPartyOutput": {
"type": "object",
"properties": {
"enableRegisteringWithExistingAuthenticator": {
"type": "boolean",
"description": "Option used to limit the creation of multiple credentials for the same account on a single authenticator. If it is set to false the registration initialize step will compute a list of excluded credentials(as part of the PublicKeyCredentialsOptions). The excluded credentials are sent back to the client which will return an error if the new credential would be created on an authenticator that also contains one of the excluded credentials."
},
"isDefault": {
"type": "boolean",
"description": "Returns true if the Relying Party resource is currently set as default in your tenant configuration."
},
"origins": {
"$ref": "#/components/schemas/Origins"
},
"publicKeyCredentialParameters": {
"type": "array",
"items": {
"$ref": "#/components/schemas/PublicKeyCredentialParameters"
}
},
"publicKeyCredentialRpEntity": {
"$ref": "#/components/schemas/PublicKeyCredentialRpEntity"
},
"uuid": {
"type": "string",
"description": "The unique identifier of the Relying Party resource."
},
"signCounterHandleMethod": {
"$ref": "#/components/schemas/SignCounterHandleMethod"
},
"timeout": {
"type": "integer",
"format": "int32",
"description": "Determines how much time a user is given to interact with the FIDO2 Authenticator."
}
}
},
"FidoAuthenticationRequestGenerateInput": {
"type": "object",
"description": "Parameters used to create AuthenticationRequest.",
"required": [
"fidoProtocol"
],
"properties": {
"fidoProtocol": {
"$ref": "#/components/schemas/FidoProtocol"
},
"userVerification": {
"$ref": "#/components/schemas/UserVerification"
},
"authenticationMessage": {
"type": "string",
"description": "Optional message associated with authentication, transaction signing or event signing. UAF only."
}
}
},
"FidoAuthenticationRequestInput": {
"type": "object",
"description": "Object used to transfer FIDO AuthenticationRequest.",
"required": [
"authenticationRequest",
"requestID"
],
"properties": {
"authenticationRequest": {
"type": "string",
"description": "AuthenticationRequest from respective FIDO protocol."
},
"requestID": {
"description": "Identifier of the request which started the session.",
"type": "string"
},
"uafStatusCode": {
"description": "Status code indicating the result of the UAF11 protocol operation. Not present for FIDO2.",
"type": "integer",
"format": "int32"
}
}
},
"FidoAuthenticationResponseOutput": {
"type": "object",
"description": "Object used to transfer FIDO AuthenticationResponse.",
"required": [
"authenticationResponse"
],
"properties": {
"authenticationResponse": {
"type": "string",
"description": "AuthenticationResponse from respective FIDO protocol."
},
"cidPublicKey": {
"type": "string",
"description": "Base64url-encoded TLS Channel ID, only applicable for UAF11."
},
"tlsUnique": {
"type": "string",
"description": "Base64url-encoded tls-unique channel binding value, only applicable for UAF11."
},
"tokenBinding": {
"type": "string",
"description": "Base64url-encoded TLS Token Binding ID, only applicable for FIDO2."
}
}
},
"FidoProtocol": {
"type": "string",
"description": "FIDO protocol used in this operation.",
"example": "UAF11",
"enum": [
"UAF11",
"FIDO2"
]
},
"FidoRegistrationRequestGenerateInput": {
"type": "object",
"description": "Parameters used to create RegistrationRequest.",
"required": [
"fidoProtocol"
],
"properties": {
"fidoProtocol": {
"type": "string",
"description": "FIDO protocol used in this operation.",
"example": "FIDO2",
"enum": [
"UAF11",
"FIDO2"
]
},
"displayName": {
"type": "string",
"description": "Display name. Used only in FIDO2."
},
"authenticatorSelection": {
"description": "AuthenticatorSelection, only applicable for FIDO2.",
"type": "object",
"properties": {
"requireResidentKey": {
"description": "Flag to indicate if the resident key is required.",
"type": "boolean",
"default": false
},
"authenticatorAttachment": {
"description": "Authenticator attachment. If the value is not provided, then both platform and cross-platform authenticators are allowed.",
"type": "string",
"enum": [
"platform",
"cross-platform"
]
},
"userVerification": {
"$ref": "#/components/schemas/UserVerification"
}
}
},
"attestation": {
"type": "string",
"description": "Declares how the generated attestation should be transported to FIDO2 server.",
"default": "none",
"enum": [
"none",
"indirect",
"direct"
]
}
}
},
"FidoRegistrationRequestInput": {
"type": "object",
"description": "Object used to transfer FIDO RegistrationRequest.",
"required": [
"registrationRequest"
],
"properties": {
"registrationRequest": {
"type": "string",
"description": "RegistrationRequest from respective FIDO protocol."
},
"uafStatusCode": {
"type": "integer",
"format": "int32",
"description": "Status code indicating the result of the UAF11 protocol operation. Not present for FIDO2."
},
"requestID": {
"description": "Identifier of the request which started the session. Mandatory for FIDO2.",
"type": "string"
}
}
},
"FidoRegistrationResponseOutput": {
"type": "object",
"description": "Object used to transfer FIDO RegistrationResponse.",
"required": [
"fidoProtocol",
"registrationResponse"
],
"properties": {
"fidoProtocol": {
"$ref": "#/components/schemas/FidoProtocol"
},
"registrationResponse": {
"type": "string",
"description": "RegistrationResponse from respective FIDO protocol."
},
"cidPublicKey": {
"type": "string",
"description": "Base64url-encoded TLS Channel ID, only applicable for UAF11."
},
"requestID": {
"description": "Identifier of the request which started the session. Mandatory for FIDO2.",
"type": "string"
},
"tlsUnique": {
"type": "string",
"description": "Base64url-encoded tls-unique channel binding value, only applicable for UAF11."
},
"tokenBinding": {
"type": "string",
"description": "Base64url-encoded TLS Token Binding ID, only applicable for FIDO2."
}
}
},
"Formatting": {
"type": "object",
"description": "Formatting is limited to specific Secure Channel-capable authenticators. Orchestration commands do not support formatting.",
"properties": {
"bold": {
"description": "Indicates if the text is rendered bold.",
"type": "boolean",
"default": false
},
"italic": {
"description": "Indicates if the text is rendered italic.",
"type": "boolean",
"default": false
},
"inverse": {
"description": "Indicates if the text is rendered with inverse coloring.",
"type": "boolean",
"default": false
},
"color": {
"description": "Selects the color in which the text is rendered.",
"type": "string",
"enum": [
"deviceDefault",
"black",
"blue",
"green",
"red"
],
"default": "deviceDefault"
},
"alignment": {
"description": "Specifies the alignment of the text on the page.",
"type": "string",
"enum": [
"deviceDefault",
"left",
"center",
"right"
],
"default": "deviceDefault"
},
"fontTable": {
"description": "Selects the font table (in case multiple font tables are available) which is used to render text on the device.",
"type": "string",
"enum": [
"ISO-8859-15",
"cee",
"greek",
"katakana"
],
"default": "ISO-8859-15",
"example": "ISO-8859-15"
}
}
},
"GenerateActivationMessageInput": {
"type": "object",
"required": [
"clientEvidenceMessage"
],
"properties": {
"clientEvidenceMessage": {
"type": "string",
"description": "Public message generated by the client, used for SRP session message generation.",
"pattern": "^([0-9a-fA-F]{2})+$",
"minLength": 2,
"maxLength": 64,
"example": "ABCD1234"
}
},
"description": "The generated activation message input object."
},
"GenerateActivationMessageOutput": {
"type": "object",
"required": [
"activationMessage",
"serverEvidenceMessage"
],
"properties": {
"activationMessage": {
"type": "object",
"required": [
"encryptedData",
"encryptionCounter",
"MAC"
],
"properties": {
"encryptedData": {
"type": "string",
"description": "The encrypted activation message for the online Multi-Device Licensing activation.",
"example": "ABCD1234"
},
"encryptionCounter": {
"type": "string",
"description": "The encryption counter for the activation message.",
"minLength": 16,
"maxLength": 16,
"example": "ABCD1234ABCD1234"
},
"MAC": {
"type": "string",
"description": "The message authentication code for the activation message.",
"minLength": 64,
"maxLength": 64,
"example": "ABCD1234ABCD1234ABCD1234ABCD1234ABCD1234ABCD1234ABCD1234ABCD1234"
}
}
},
"serverEvidenceMessage": {
"type": "string",
"description": "The server evidence message.",
"maxLength": 64,
"example": "ABCD1234"
}
},
"description": "The generated activation message output object."
},
"GenerateChallengeInput": {
"type": "object",
"required": [
"length"
],
"properties": {
"length": {
"type": "number",
"description": "Length of the challenge excluding the optional check digit.",
"minimum": 4,
"maximum": 16,
"example": 6
},
"checkDigit": {
"type": "boolean",
"description": "Signifies if a check digit must be appended to the challenge.",
"default": false,
"example": false
}
}
},
"GenerateChallengeOutput": {
"type": "object",
"required": [
"challenge",
"requestID"
],
"properties": {
"challenge": {
"type": "string",
"description": "Challenge to be entered on the device.",
"example": "123456"
},
"requestID": {
"type": "string",
"description": "Identifier to reference this request.",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"minLength": 36,
"maxLength": 36,
"example": "413b2c39-2d67-4293-9adb-25601731b062"
}
}
},
"GenerateEphemeralKeyInput": {
"type": "object",
"required": [
"clientEphemeralPublicKey"
],
"properties": {
"clientEphemeralPublicKey": {
"type": "string",
"description": "Public key generated by the client, used for SRP session key generation.",
"pattern": "^[0-9a-fA-F]+$",
"minLength": 2,
"maxLength": 512,
"example": "ABCD1234"
}
},
"description": "The generated ephemeral key input object."
},
"GenerateEphemeralKeyOutput": {
"type": "object",
"required": [
"salt",
"serverEphemeralPublicKey"
],
"properties": {
"salt": {
"type": "string",
"description": "Cryptographic salt generated by the server, used for SRP session key generation.",
"minLength": 32,
"maxLength": 32,
"example": "ABCD1234ABCD1234ABCD1234ABCD1234"
},
"serverEphemeralPublicKey": {
"type": "string",
"description": "Public key generated by the server, used for SRP session key generation.",
"maxLength": 512,
"example": "ABCD1234"
}
},
"description": "The generated ephemeral key output object."
},
"GenerateRequestMessageOutput": {
"type": "object",
"required": [
"requestID",
"requestMessage"
],
"properties": {
"requestID": {
"type": "string",
"description": "Identifier to reference this request.",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"minLength": 36,
"maxLength": 36,
"example": "413b2c39-2d67-4293-9adb-25601731b062"
},
"requestMessage": {
"description": "Encoded request message.",
"type": "string",
"example": "0000F8B81D"
}
}
},
"GenerateSecureChallengeInput": {
"type": "object",
"required": [
"request"
],
"properties": {
"serialNumber": {
"description": "Serial number of the DIGIPASS. Both DIGIPASS license and DIGIPASS instance formats are supported.",
"type": "string",
"example": "VDS1234567",
"minLength": 10,
"maxLength": 13
},
"request": {
"type": "object",
"properties": {
"body": {
"description": "Use this to generate a request message containing a title and a challenge string.",
"type": "object",
"required": [
"title",
"challenge"
],
"properties": {
"challenge": {
"type": "string",
"description": "Challenge to be displayed on the device.",
"minLength": 1,
"maxLength": 350,
"example": "Are you trying to log in?"
},
"title": {
"type": "object",
"required": [
"text"
],
"properties": {
"text": {
"type": "string",
"description": "Title of the message (will not be displayed on the device).",
"minLength": 1,
"maxLength": 30,
"example": "Login request"
},
"formatting": {
"$ref": "#/components/schemas/Formatting"
}
}
},
"options": {
"type": "object",
"properties": {
"askPIN": {
"description": "Indicates if PIN verification (on the device) is required.",
"type": "boolean",
"default": true,
"example": true
},
"cryptoAppIndex": {
"description": "Index of the DIGIPASS application to use for response generation.",
"type": "integer",
"minimum": 1,
"maximum": 8,
"default": 1,
"example": 1
},
"fontTable": {
"description": "Selects the font table (in case multiple font tables are available) which is used to render text on the device.",
"type": "string",
"enum": [
"ISO-8859-15",
"cee",
"greek",
"katakana"
],
"default": "ISO-8859-15",
"example": "ISO-8859-15"
},
"templateNumber": {
"description": "Specifies the page layout template to be used.",
"type": "integer",
"minimum": 0,
"maximum": 15,
"default": 0,
"example": 0
}
}
}
}
},
"customRequestBody": {
"description": "Use this to provide a request body generated with the Secure Messaging SDK as basis for the request message.",
"type": "string",
"pattern": "^([0-9a-fA-F]{2})+$",
"example": "000090B81DEF372C37266CF4E1F4BFF4DDE71F1F1F129F3E5E3E5E5D9E31872C8727FCF4BCF4BFF4B7F4B9F4BEF447"
}
},
"minProperties": 1,
"maxProperties": 1
}
}
},
"GenerateSigningRequestInput": {
"type": "object",
"required": [
"request"
],
"properties": {
"serialNumber": {
"description": "Serial number of the DIGIPASS. Both DIGIPASS license and DIGIPASS instance formats are supported.",
"type": "string",
"example": "VDS1234567",
"minLength": 10,
"maxLength": 13
},
"request": {
"type": "object",
"properties": {
"body": {
"description": "Use this to generate a request message containing a title and key/value pairs.",
"type": "object",
"required": [
"title",
"dataFields"
],
"properties": {
"dataFields": {
"description": "Array of key/value pairs representing the data fields of the transaction context.",
"type": "array",
"items": {
"type": "object",
"required": [
"key",
"value"
],
"properties": {
"key": {
"type": "object",
"required": [
"text"
],
"properties": {
"text": {
"type": "string",
"description": "Data field key.",
"minLength": 1
},
"formatting": {
"$ref": "#/components/schemas/Formatting"
}
}
},
"value": {
"type": "object",
"required": [
"text"
],
"properties": {
"text": {
"type": "string",
"description": "Data field value.",
"minLength": 1
},
"formatting": {
"$ref": "#/components/schemas/Formatting"
}
}
}
}
},
"minItems": 1
},
"title": {
"type": "object",
"required": [
"text"
],
"properties": {
"text": {
"type": "string",
"description": "Title of the message to be displayed on the device.",
"minLength": 1,
"maxLength": 30,
"example": "Transaction request"
},
"formatting": {
"$ref": "#/components/schemas/Formatting"
}
}
},
"options": {
"type": "object",
"properties": {
"askApproval": {
"description": "Indicates if confirmation of the transaction data is required before the MAC is generated.",
"type": "boolean",
"default": true,
"example": true
},
"askPIN": {
"description": "Indicates if PIN verification (on the device) is required.",
"type": "boolean",
"default": true,
"example": true
},
"cryptoAppIndex": {
"description": "Index of the DIGIPASS application to use for response generation.",
"type": "integer",
"minimum": 1,
"maximum": 8,
"default": 1,
"example": 1
},
"fontTable": {
"description": "Selects the font table (in case multiple font tables are available) which is used to render text on the device.",
"type": "string",
"enum": [
"ISO-8859-15",
"cee",
"greek",
"katakana"
],
"default": "ISO-8859-15",
"example": "ISO-8859-15"
},
"showData": {
"description": "Indicates if the transaction context must be rendered on the device.",
"type": "boolean",
"default": true,
"example": true
},
"showMAC": {
"description": "Indicates if the generated MAC must be displayed on the device.",
"type": "boolean",
"default": true,
"example": true
},
"showWarning": {
"description": "Indicates if a predefined warning message must be displayed on the device.",
"type": "boolean",
"default": true,
"example": true
},
"templateNumber": {
"description": "Specifies the page layout template to be used.",
"type": "integer",
"minimum": 0,
"maximum": 15,
"default": 0,
"example": 0
}
}
}
}
},
"customRequestBody": {
"description": "Use this to provide a request body generated with the Secure Messaging SDK as basis for the request message.",
"type": "string",
"pattern": "^([0-9a-fA-F]{2})+$",
"example": "0000F8B81DF22F270F27AF266D0D1F1451061B3F51EF872C37266F2647270F2C8727FF2C3546F632CB38402C8C2BC31EFAF4BDF4BFF4DDF4BEF4DCE76826470EB93E04"
}
},
"minProperties": 1,
"maxProperties": 1
}
}
},
"GenerateVOTPInput": {
"type": "object",
"required": [
"deliveryMethod"
],
"properties": {
"deliveryMethod": {
"type": "string",
"description": "Method used to deliver the Virtual OTP to the user.",
"enum": [
"Email",
"SMS",
"Response"
],
"example": "Email"
},
"emailAddress": {
"type": "string",
"description": "Email address the Virtual OTP will be delivered to.",
"maxLength": 254,
"example": "devfeedbacktid@onespan.com"
},
"mdcProfile": {
"type": "string",
"description": "Message Delivery Component (MDC) profile used to send the Virtual OTP.",
"example": "EUROPE"
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number the Virtual OTP will be delivered to.",
"example": "+1 (508) 366 3437"
}
}
},
"GenerateVOTPOutput": {
"type": "object",
"properties": {
"otp": {
"type": "string",
"description": "Generated Virtual OTP value."
}
}
},
"GenerateVirtualSignatureCredentials": {
"type": "object",
"description": "Credentials for a virtual signature request.",
"properties": {
"staticPassword": {
"type": "string",
"description": "Static password of the user.",
"minLength": 8,
"maxLength": 255,
"example": "Test1234"
},
"authenticator": {
"type": "object",
"required": [
"OTP"
],
"properties": {
"PIN": {
"type": "string",
"description": "PIN code related to the authenticator.",
"minLength": 4,
"maxLength": 8,
"example": "1234"
},
"OTP": {
"type": "string",
"description": "One-time password generated by the authenticator.",
"minLength": 6,
"maxLength": 16,
"example": "123456"
}
}
}
},
"minProperties": 1
},
"GenerateVirtualSignatureInput": {
"type": "object",
"required": [
"deliveryMethod",
"dataFields",
"credentials"
],
"properties": {
"dataFields": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 16
},
"minItems": 1,
"maxItems": 8,
"example": [
"John Doe",
"EUR 1064.99",
"BE68539007547034"
]
},
"credentials": {
"$ref": "#/components/schemas/GenerateVirtualSignatureCredentials"
},
"deliveryMethod": {
"type": "string",
"description": "Method used to deliver the Virtual Signature to the user.",
"enum": [
"Email",
"SMS",
"Voice"
],
"example": "Email"
}
}
},
"LoginInput": {
"type": "object",
"required": [
"objectType",
"credentials"
],
"properties": {
"objectType": {
"type": "string",
"description": "Input payload object type.",
"enum": [
"LoginInput"
],
"example": "LoginInput"
},
"credentials": {
"allOf": [
{
"$ref": "#/components/schemas/AuthenticationCredentials"
},
{
"type": "object"
}
]
},
"appLanguage": {
"type": "string",
"description": "Application language.",
"maxLength": 50,
"example": "en-CA"
},
"cddc": {
"type": "object",
"description": "Client device data collector meta data. The two fields browserCDDC and mobileCDDC are mutually exclusive and collectively exhaustive.",
"properties": {
"browserCDDC": {
"$ref": "#/components/schemas/BrowserCDDC"
},
"mobileCDDC": {
"$ref": "#/components/schemas/MobileCDDC"
}
},
"minProperties": 1,
"maxProperties": 1
},
"clientIP": {
"type": "string",
"description": "IP address where the event originates from formatted in dot-decimal notation. This field is strongly recommended in case the event originates from a web banking application.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"cookieID": {
"type": "string",
"description": "Most persistent cookie from the banking website.",
"maxLength": 250,
"example": "custID=userid1; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Secure; HttpOnly"
},
"cookieSession": {
"type": "string",
"description": "Any other cookies related to the session.",
"maxLength": 4000,
"example": "sessionToken=abc123; MaxAge=1200; Secure; HttpOnly"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"maxLength": 254,
"example": "devfeedbacktid@onespan.com"
},
"httpHeader": {
"type": "string",
"description": "Client request HTTP header.",
"maxLength": 4000,
"example": "Host: www.onespan.com"
},
"loginMessage": {
"type": "object",
"description": "Message to be displayed on the trusted device.",
"properties": {
"challenge": {
"type": "string",
"description": "Challenge to be displayed on the device.",
"minLength": 1,
"maxLength": 350,
"default": "Are you trying to log in?",
"example": "Are you trying to log in?"
},
"subject": {
"type": "string",
"description": "Subject of the notification message to be displayed on the device.",
"pattern": "[^\\s]",
"minLength": 1,
"maxLength": 42,
"default": "Tap here to confirm login",
"example": "Tap here to confirm login"
},
"title": {
"type": "object",
"properties": {
"text": {
"type": "string",
"description": "Title of the message to be displayed on the device.",
"minLength": 1,
"maxLength": 30,
"default": "Login request",
"example": "Login request"
}
}
}
}
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"maxLength": 250,
"example": "+1 (508) 366 3437"
},
"orchestrationDelivery": {
"type": "array",
"description": "Indicates whether a push notification should be sent, and/or if the orchestration command should be included in the response requestMessage.",
"minItems": 1,
"uniqueItems": true,
"items": {
"type": "string",
"enum": [
"pushNotification",
"requestMessage"
]
},
"default": [
"pushNotification",
"requestMessage"
],
"example": [
"pushNotification",
"requestMessage"
]
},
"referer": {
"type": "string",
"description": "URL of the webpage registering the event.",
"maxLength": 4000,
"example": "https://www.onespan.com/"
},
"requestID": {
"type": "string",
"description": "Identifier of the related preceding request.",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"minLength": 36,
"maxLength": 36,
"example": "413b2c39-2d67-4293-9adb-25601731b062"
},
"timeout": {
"type": "integer",
"format": "int32",
"description": "Timeout in seconds to wait for the result from the orchestration process when a push notification was sent to the trusted device.",
"default": 0,
"example": 60,
"minimum": 0,
"maximum": 60
}
},
"description": "Input payload for OneSpan Cloud Authentication login requests.",
"example": {
"objectType": "LoginInput",
"credentials": {
"authenticator": {
"PIN": "1234",
"OTP": "123456",
"serialNumber": "VDS1234567"
}
},
"requestID": "413b2c39-2d67-4293-9adb-25601731b062"
}
},
"LoginOutput": {
"type": "object",
"required": [
"sessionStatus"
],
"properties": {
"challenge": {
"type": "string",
"description": "Challenge to be entered on the device.",
"example": "123456"
},
"requestID": {
"type": "string",
"description": "Identifier to reference this request.",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"minLength": 36,
"maxLength": 36,
"example": "413b2c39-2d67-4293-9adb-25601731b062"
},
"riskResponseCode": {
"type": "integer",
"format": "int32",
"description": "Risk Analytics response code. Standard supported values are: 0 = Accept, 1 = Decline, 2 = Challenge, 3 = ChallengeSMS, 5 = ChallengeDevice2FA, 8 = ChallengeEmail, 10 = ChallengeCRDevice2FA, 11 = ChallengeCronto, 14 = ChallengeFido, 21 = ChallengeNoPIN, 22 = ChallengePIN, 23 = ChallengeFingerprint, 24 = ChallengeFace. Additional values can be configured through the Risk Analytics Presentation Service.",
"example": 0
},
"sessionStatus": {
"type": "string",
"description": "Status of the session. Supported values are: 'unknown' = Unknown status: handle response externally, 'pending' = Pending action by user, 'accepted' = Succesfully completed validation, 'refused' = Refused by user, 'timeout' = Timeout waiting for validation to complete, 'failed' = Failed to validate.",
"enum": [
"unknown",
"pending",
"accepted",
"refused",
"timeout",
"failed"
]
},
"fidoAuthenticationRequest": {
"type": "string",
"description": "AuthenticationRequest from respective FIDO protocol."
},
"requestMessage": {
"type": "string",
"description": "Encoded orchestration - or request message.",
"example": "0000F8B81D"
},
"uafStatusCode": {
"description": "Status code indicating the result of the UAF11 protocol operation. Not present for FIDO2.",
"type": "integer",
"format": "int32"
}
}
},
"MobileCDDC": {
"type": "object",
"properties": {
"version": {
"type": "string",
"description": "Message version. Relative to the encrypted data content and format.",
"example": "0002"
},
"clearData": {
"type": "array",
"description": "Table of clear JSON data.",
"items": {
"type": "object",
"properties": {
"0": {
"type": "integer",
"format": "int64",
"description": "name: eventTimestamp - Time stamp of the user action in milliseconds since epoch.",
"example": 1516955818
},
"2": {
"type": "string",
"description": "name: deviceUniqueIdentifier - Device Unique Identifier."
},
"3": {
"type": "string",
"description": "name: applicationUniqueIdentifier - Name uniquely identifying the application."
},
"4": {
"type": "string",
"description": "name: applicationVersion - Version of the application hosting the CDDC SDK as provided by the integrator.",
"example": "1.0.0"
},
"5": {
"type": "string",
"description": "name: osType - Type of the OS running on the device.",
"example": "iOS"
},
"6": {
"type": "string",
"description": "name: osVersion - Current version of the OS running on the device as provided by the integrator.",
"example": "11.2.5"
},
"7": {
"type": "string",
"description": "name: deviceModel - Model of the device: iPad3, Samsung GalaxyS5, ... as provided by the OS.",
"example": "iPhone X"
},
"10": {
"type": "number",
"format": "double",
"description": "name: deviceLatitude - Current latitude of the device running the application integrating the CDDC SDK. Must be empty, if the application has no access to the geolocation service or is not intended to be used. The string representation of the double must be limited to 6 digits after the comma.",
"minimum": -90,
"maximum": 90,
"example": 52.225092
},
"11": {
"type": "number",
"format": "double",
"description": "name: deviceLongitude - Current longitude of the device running the application integrating the CDDC SDK. Must be empty, if the application has no access to the geolocation service or are not intended to be used. The string representation of the double must be limited to 6 digits after the comma.",
"minimum": -180,
"maximum": 180,
"example": 6.884281
},
"12": {
"type": "integer",
"format": "int32",
"description": "name: passwordProtected - Status of the PIN protection indicating if a user's PIN protects the DIGIPASS key.",
"example": 1
},
"13": {
"type": "integer",
"format": "int32",
"description": "name: passwordEntropy - Entropy of the current PIN: Entropy(A,L) = log2(A)*L where A is the size of the alphabet and L the length of the password.",
"example": 37
},
"14": {
"type": "integer",
"format": "int32",
"description": "name: biometryProtected - Boolean indicating if the fingerprint protection of the device is activated.",
"example": 1
},
"15": {
"type": "integer",
"format": "int32",
"description": "name: deviceRooted - Boolean indicating if the device is rooted.",
"example": 0
},
"16": {
"type": "array",
"description": "name: wifiBSSIDList - List of the Wi-Fi BSSID detected provided by the hosting app. Empty if no BSSID detected.",
"items": {
"type": "string"
},
"example": [
"9A:F3:BB:82:98:24"
]
},
"17": {
"type": "integer",
"format": "int32",
"description": "name: wifiEnabled - Indicates if the application can access Wi-Fi interface.",
"example": 1
},
"18": {
"type": "array",
"description": "name: bluetoothDeviceList - List of the Bluetooth devices available that are provided by the hosting app. If empty, no Bluetooth devices were detected.",
"items": {
"type": "string"
}
},
"19": {
"type": "integer",
"format": "int32",
"description": "name: bluetoothEnabled - Indicates if the application can access the Bluetooth interface.",
"example": 1
},
"21": {
"type": "integer",
"format": "int32",
"description": "name: raspProtected - Indicates whether the application is RASP protected or not.",
"example": 1
},
"22": {
"type": "integer",
"format": "int32",
"description": "name: rootingProbability - A value between 0 and 100 that indicates the probability of the device being rooted using heuristics. A value of 0 indicates that the device is most likely not rooted, while a value of 100 indicates that the device is most likely rooted.",
"example": 10
},
"23": {
"type": "integer",
"format": "int32",
"description": "name: untrustedKeyboard - Indicates whether the keyboard is untrusted or not.",
"example": 0
},
"24": {
"type": "integer",
"format": "int32",
"description": "name: screenReader - Indicates whether the installed screen readers are trusted or not.",
"example": 0
},
"25": {
"type": "integer",
"format": "int32",
"description": "name: hookingFrameworks - Indicates whether there are one or more hooking frameworks present in the process."
},
"26": {
"type": "integer",
"format": "int32",
"description": "name: nativeCodeHooks - Indicates whether native code hooks are present or not."
},
"27": {
"type": "integer",
"format": "int32",
"description": "name: applicationRepackaged - Indicates whether the host application was repackaged.",
"example": 0
},
"28": {
"type": "integer",
"format": "int32",
"description": "name: debuggerAttached - Indicates whether a debugger is attached to the host application.",
"example": 0
},
"29": {
"type": "integer",
"format": "int32",
"description": "name: screenshotDetected - Indicates whether a screenshot of the application has been taken.",
"example": 1
},
"30": {
"type": "integer",
"format": "int32",
"description": "name: libraryInjectionDetected - Indicates whether an untrusted library has tried to be injected into the application during runtime.",
"example": 0
},
"31": {
"type": "integer",
"format": "int32",
"description": "Indicates if face protection is activated on the device. 0: disable, 1: client only, 2: client/server (client only means that the authentication is performed on the client-side).\n",
"example": 1
},
"32": {
"type": "integer",
"format": "int32",
"description": "name: faceEnrolled - Indicates whether the face of the end user has been enrolled.",
"example": 1
},
"33": {
"type": "integer",
"format": "int32",
"description": "name: faceEnrolledOnDevice - Indicates whether the face of the end user has been enrolled from this device.",
"example": 1
},
"34": {
"type": "number",
"format": "double",
"description": "name: faceVerificationScore - Face verification score computed during the authentication, a value between -1 and 1, >=0 means authenticated.",
"example": 0.7
},
"35": {
"type": "integer",
"format": "int32",
"description": "name: faceSpoofingDetected - Indicates whether a spoofing attack has been detected during face verification.",
"example": 0
},
"36": {
"type": "number",
"format": "double",
"description": "name: faceSampleQuality - Quality of the captured samples during face verification, a value between 0 and 1.",
"example": 0.5
},
"37": {
"type": "number",
"format": "double",
"description": "name: faceSampleQualitySimilarity - The similarity between enrollment and verification conditions, a value between 0 and 1.",
"example": 0.9
},
"38": {
"type": "integer",
"format": "int32",
"description": "Indicates whether the user behavior is activated on the device\n0: disable, 1: client only, 2: client/server.\n",
"example": 2
},
"39": {
"type": "integer",
"format": "int32",
"description": "name: behaviorTrained - Indicates whether the authentication server is trained to be able to authenticate the user.",
"example": 1
},
"40": {
"type": "number",
"format": "double",
"description": "name: behaviorVerificationScore - Verification score computed during the authentication, a value between 0 and 100.",
"example": 0.3
},
"41": {
"type": "number",
"format": "double",
"description": "name: behaviorVerificationConfidence - The confidence of the verification score computed during the authentication, a value between 0 and 100.",
"example": 60
},
"42": {
"type": "integer",
"format": "int32",
"description": "name: secureElement - Indicates whether a secure element (hardware) is used to store the secret keys.",
"example": 1
},
"43": {
"type": "integer",
"format": "int32",
"description": "Protection type use for OTP generation.\n0: No pin, 1: Pin, 2: Fingerprint, 3: Face, 4: User behavior.\n",
"example": 2
},
"44": {
"type": "integer",
"format": "int32",
"description": "name: dataEnabled - Indicates if the data is enabled on GSM (3G/4G).",
"example": 1
},
"45": {
"type": "array",
"description": "name: connectedBluetoothDeviceList - Name of the connected Bluetooth. device.",
"items": {
"type": "string"
}
},
"46": {
"type": "string",
"description": "name: connectedWifiBssid - Name of the connected Wi-Fi BBSSID.",
"example": "OneSpanGuest"
},
"47": {
"type": "integer",
"format": "int64",
"description": "name: applicationReleaseDate - Release date of the application (publication date) in milliseconds since epoch.",
"example": 946684800
},
"48": {
"type": "integer",
"format": "int32",
"description": "name: osEncryptionEnabled - Indicates whether the OS on the device is encrypted.",
"example": 1
},
"49": {
"type": "string",
"description": "Device model code. In addition of deviceModel (iPhone X), the associated deviceCode (A1901).\n",
"example": "A1901"
},
"50": {
"type": "string",
"description": "name: networkName - Name of the GSM network."
},
"51": {
"type": "string",
"description": "name: keyboardIdentifier - Identifier of the keyboard used (e.g. Swiftkey, Google Keyboard etc.).",
"example": "Swiftkey"
},
"52": {
"type": "string",
"description": "name: launcherIdentifier - Identifier of the homescreen/Launcher (e.g. Google Now, Touch Wiz, etc.).",
"example": "Google Now"
},
"53": {
"type": "integer",
"format": "int32",
"description": "name: passwordVisible - Does the device show the password? (Option that can be activated in Android).",
"example": 0
},
"54": {
"type": "integer",
"format": "int32",
"description": "name: geolocationEnabled - Is the geolocation active in the device?",
"example": 0
},
"55": {
"type": "integer",
"format": "int32",
"description": "name: nfcEnabled - Is Near Field Communication (NFC) active?",
"example": 1
},
"56": {
"type": "string",
"description": "name: osLanguage - OS language (e.g. en, en-GB, en_GB).",
"example": "en_GB"
},
"58": {
"type": "integer",
"format": "int32",
"description": "name: simCard - Does the device support SIM card?",
"example": 1
},
"59": {
"type": "integer",
"format": "int32",
"description": "name: multiSimCard - Does the device support multiple SIM card?",
"example": 0
},
"60": {
"type": "string",
"description": "name: simCardIdentifier - SIM card identifier."
},
"61": {
"type": "integer",
"format": "int32",
"description": "name: roamingEnabled - Is the SIM card in roaming mode?",
"example": 1
},
"62": {
"type": "string",
"description": "name: timeZone - Time zone in short format.",
"example": "CEST"
},
"63": {
"type": "integer",
"format": "int64",
"description": "name: applicationInstallationDate - Application activation date in milliseconds since epoch.",
"example": 1517228948
},
"67": {
"type": "array",
"description": "name: bondedBluetoothDeviceList - A list of bluetooth devices that are paired to the device.",
"items": {
"type": "string"
}
}
}
}
},
"encryptedDataList": {
"type": "array",
"description": "Table of Secure Channel encrypted data.",
"items": {
"type": "string"
}
}
},
"description": "Mobile client device data collector structure. When present, only mobile event/transaction types are accepted."
},
"MoveAuthenticatorInput": {
"type": "object",
"required": [
"domain"
],
"properties": {
"domain": {
"type": "string",
"description": "Name of the domain to move the authenticator to.",
"minLength": 1,
"maxLength": 255,
"example": "domain1"
}
}
},
"OfflineRegisterDeviceOutput": {
"type": "object",
"required": [
"activationMessage",
"serialNumber",
"registrationID"
],
"properties": {
"activationMessage": {
"type": "string",
"description": "First activation message for multi-device licensing (MDL) activation.",
"maxLength": 4202,
"example": "1234567890ABCDEF"
},
"registrationID": {
"type": "string",
"description": "Registration identifier.",
"maxLength": 40,
"example": "vjO1THY2s7qtt99YjyHldWWF"
},
"serialNumber": {
"type": "string",
"description": "Serial number of the registered authenticator license.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}?$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
}
},
"description": "The registration output object."
},
"OnlineRegisterDeviceOutput": {
"type": "object",
"required": [
"activationPassword",
"serialNumber",
"registrationID"
],
"properties": {
"activationPassword": {
"type": "string",
"description": "Activation password.",
"maxLength": 40,
"example": "9h2679Q8"
},
"registrationID": {
"type": "string",
"description": "Registration identifier.",
"maxLength": 40,
"example": "vjO1THY2s7qtt99YjyHldWWF"
},
"serialNumber": {
"type": "string",
"description": "Serial number of the registered authenticator license.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}?$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
}
},
"description": "The registration output object."
},
"Origins": {
"type": "array",
"description": "Array of origin entries. An origin indicates where a request originates from. It should not include any path information and it should use the https protocol.
In FIDO2 the contextual binding between the (WebAuthn) client and the WebAuthn Relying Party is the client data which contains the origin of the requester (as provided to the authenticator by the client). The FIDO2 server validates that the array of origins defined here contains the origin received as part of the collected client data.",
"items": {
"type": "string"
}
},
"PublicKeyCredentialParameters": {
"type": "object",
"description": "Object containing the type of credentials and the supported algorithms accepted at the Relying Party",
"properties": {
"type": {
"type": "string",
"description": "The type of credentials accepted at the relying party.",
"enum": [
"public-key"
]
},
"alg": {
"type": "string",
"description": "A number identifying a cryptographic algorithm registered in the IANA COSE Algorithms registry. Supported values:
'-65535': RS1
'-259': RS512
'-258': RS384
'-257': RS256
'-43': SHA-384
'-39': PS512
'-38': PS384
'-37': PS256
'-36': ES512
'-35': ES384
'-8': EdDSA
'-7': ES256
",
"enum": [
"-65535",
"-259",
"-258",
"-257",
"-43",
"-39",
"-38",
"-37",
"-36",
"-35",
"-8",
"-7"
]
}
}
},
"PublicKeyCredentialRpEntity": {
"type": "object",
"description": "Object containing the Relying Party details including id, name and icon.",
"properties": {
"id": {
"type": "string",
"description": "A relying party identifier is a valid domain string identifying the Relying Party(RP) on whose behalf a given registration or authentication ceremony is being performed. As the registration ceremony is generating credentials on the client side(authenticator) these are scoped to the RP that was conducting the registration ceremony.
\nThe RP id must be equal to the origin's effective domain, or a registrable domain suffix of the origin's effective domain. For example, given a Relying Party whose origin is: https://yourwebapp.example-tenant.com:1447 then the following RP id's are valid: yourwebapp.example-tenant.com and example-tenant.com, but not m.yourwebapp.example-tenant.com and not com."
},
"icon": {
"type": "string",
"description": "The Relying Party logo specified as data scheme. For example \\'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAMAA...\\'"
},
"name": {
"type": "string",
"description": "The Relying Party name"
}
}
},
"RegisterFidoDeviceOutput": {
"type": "object",
"properties": {
"uafStatusCode": {
"type": "integer",
"format": "int32",
"description": "Status code indicating the result of the UAF11 protocol operation. Not present for FIDO2."
}
},
"description": "The register fido device output object for the FIDO registration."
},
"RegisterUserInput": {
"deprecated": true,
"type": "object",
"required": [
"browserCDDC",
"login",
"passKey",
"sessionIdentifier"
],
"properties": {
"objectType": {
"type": "string",
"description": "Input payload object type.",
"enum": [
"RegisterUserInput"
],
"example": "RegisterUserInput"
},
"browserCDDC": {
"$ref": "#/components/schemas/BrowserCDDC"
},
"login": {
"type": "string",
"description": "Relationship reference.",
"minLength": 1,
"maxLength": 150,
"example": "userid1"
},
"passKey": {
"type": "string",
"description": "Static password for the user.",
"minLength": 8,
"maxLength": 255,
"example": "Test1234"
},
"sessionIdentifier": {
"type": "string",
"description": "Application session identifier formatted as a hexadecimal string; common for all transactions related to the same session.",
"pattern": "^[0-9a-fA-F]+$",
"minLength": 2,
"maxLength": 100,
"example": "4ED23EA44F23"
},
"activationType": {
"type": "string",
"description": "Indicates if the authenticator assigned to the user must be activated using online or offline multi-device licensing (MDL) activation.
",
"enum": [
"offlineMDL",
"onlineMDL"
],
"default": "onlineMDL"
},
"addressCity": {
"type": "string",
"description": "City/town part of the user address.",
"maxLength": 250,
"example": "Chicago"
},
"addressCountry": {
"$ref": "#/components/schemas/CountryCode"
},
"addressCounty": {
"type": "string",
"description": "County part of the user address.",
"maxLength": 250,
"example": "Cook"
},
"addressDistrict": {
"type": "string",
"description": "District part of the user address.",
"maxLength": 250,
"example": "Loop"
},
"addressName": {
"type": "string",
"description": "Full name of the user.",
"maxLength": 100,
"example": "OneSpan Inc."
},
"addressNumber": {
"type": "string",
"description": "House number part of the user address.",
"maxLength": 100,
"example": "121"
},
"addressPostCode": {
"type": "string",
"description": "Postal code part of the user address.",
"maxLength": 100,
"example": "60601"
},
"addressStreet": {
"type": "string",
"description": "Street part of the user street.",
"maxLength": 250,
"example": "West Wacker Drive"
},
"appLanguage": {
"type": "string",
"description": "Application language.",
"maxLength": 50,
"example": "en-CA"
},
"applicationRef": {
"type": "string",
"description": "Application reference.",
"maxLength": 64,
"example": "com.onespan.tid.myapp"
},
"authenticatorDescription": {
"type": "string",
"description": "Reference associated with the authenticator instances activated for this user account. Applicable only for multi-device licensing (MDL) activation, will be applied only to instances resulting from this call, not the license.",
"pattern": "^(?=^\\S)(?=.*\\S$)[^\\x00-\\x1F\\x7F]{1,255}$",
"minLength": 1,
"maxLength": 255,
"example": "Mobile authenticator for Android activated on 2021-02-11 for userid1."
},
"authentStatus": {
"type": "string",
"description": "String value of the numeric result of the user authentication performed externally. Non-zero results indicate failure to authenticate.",
"example": "00"
},
"clientIP": {
"type": "string",
"description": "IP address where the event originates from formatted in dot-decimal notation. This field is strongly recommended in case the event originates from a web banking application.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"cookieID": {
"type": "string",
"description": "Most persistent cookie from the banking website.",
"maxLength": 250,
"example": "custID=userid1; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Secure; HttpOnly"
},
"cookieSession": {
"type": "string",
"description": "Any other cookies related to the session.",
"maxLength": 4000,
"example": "sessionToken=abc123; MaxAge=1200; Secure; HttpOnly"
},
"digipassDomain": {
"type": "string",
"description": "Domain for the user if not included in the login or digipassUser field.",
"maxLength": 255
},
"digipassSerial": {
"type": "string",
"description": "Serial number of the authenticator to be assigned. This field is ignored for online multi-device licensing (MDL) activation.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
},
"digipassType": {
"type": "string",
"description": "DIGIPASS type of the authenticator to be assigned.",
"minLength": 5,
"maxLength": 5,
"default": "DAL10",
"example": "DAL10"
},
"digipassUser": {
"type": "string",
"description": "User ID of the user if different from the login field value.",
"maxLength": 255,
"example": "userid@domain1"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"maxLength": 254,
"example": "devfeedbacktid@onespan.com"
},
"eventDate": {
"type": "string",
"description": "Date of the event.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"eventSubType": {
"type": "string",
"description": "String value for the numeric key related to the non-monetary event sub type.",
"minLength": 3,
"maxLength": 3,
"example": "101"
},
"externalRef": {
"type": "string",
"description": "External reference.",
"maxLength": 128,
"example": "ABC123"
},
"httpHeader": {
"type": "string",
"description": "Client request HTTP header.",
"maxLength": 4000,
"example": "Host: www.onespan.com"
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"maxLength": 250,
"example": "+1 (508) 366 3437"
},
"postalAddress": {
"type": "string",
"description": "Customer full address.",
"maxLength": 4000,
"example": "121 West Wacker Drive, Suite 2050, Chicago, IL 60601, USA"
},
"referrer": {
"type": "string",
"description": "URL of the webpage triggering the transaction.",
"maxLength": 4000,
"example": "https://www.onespan.com/"
},
"userRef": {
"type": "string",
"description": "Corporate user reference.",
"maxLength": 150,
"example": "USER01"
}
},
"description": "Warning: Deprecated
Historical input payload for user registration superseded by AdaptiveRegisterUserInput.",
"example": {
"clientIP": "192.168.0.1",
"login": "userid1",
"passKey": "Test1234",
"sessionIdentifier": "4ED23EA44F23",
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
}
},
"RegisterUserInputEx": {
"type": "object",
"required": [
"objectType",
"userID"
],
"properties": {
"objectType": {
"type": "string",
"description": "Input payload object type.",
"enum": [
"RegisterUserInputEx"
],
"example": "RegisterUserInputEx"
},
"staticPassword": {
"type": "string",
"description": "Static password for the user.",
"minLength": 8,
"maxLength": 255,
"example": "Test1234"
},
"userID": {
"type": "string",
"description": "Identifier for the user. Combined with the domain provides a unique identifier for the user.",
"minLength": 1,
"maxLength": 255,
"example": "userid1"
},
"activationType": {
"type": "string",
"description": "Indicates if the authenticator assigned to the user must be activated using online or offline multi-device licensing (MDL) activation.",
"enum": [
"offlineMDL",
"onlineMDL"
],
"default": "onlineMDL"
},
"appLanguage": {
"type": "string",
"description": "Application language.",
"maxLength": 50,
"example": "en-CA"
},
"authenticatorDescription": {
"type": "string",
"description": "Reference associated with the authenticator instances activated for this user account. Applicable only for multi-device licensing (MDL) activation, will be applied only to instances resulting from this call, not the license.",
"pattern": "^(?=^\\S)(?=.*\\S$)[^\\x00-\\x1F\\x7F]{1,255}$",
"minLength": 1,
"maxLength": 255,
"example": "Mobile authenticator for Android activated on 2021-02-11 for userid1."
},
"cddc": {
"type": "object",
"description": "Client device data collector meta data. The two fields browserCDDC and mobileCDDC are mutually exclusive and collectively exhaustive.",
"properties": {
"browserCDDC": {
"$ref": "#/components/schemas/BrowserCDDC"
},
"mobileCDDC": {
"$ref": "#/components/schemas/MobileCDDC"
}
},
"minProperties": 1,
"maxProperties": 1
},
"clientIP": {
"type": "string",
"description": "IP address where the event originates from formatted in dot-decimal notation. This field is strongly recommended in case the event originates from a web banking application.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"cookieID": {
"type": "string",
"description": "Most persistent cookie from the banking website.",
"maxLength": 250,
"example": "custID=userid1; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Secure; HttpOnly"
},
"cookieSession": {
"type": "string",
"description": "Any other cookies related to the session.",
"maxLength": 4000,
"example": "sessionToken=abc123; MaxAge=1200; Secure; HttpOnly"
},
"digipassType": {
"type": "string",
"description": "DIGIPASS type of the authenticator to be assigned.",
"minLength": 5,
"maxLength": 5,
"default": "DAL10",
"example": "DAL10"
},
"domain": {
"type": "string",
"description": "Domain in which the user account resides. If omitted, the default domain is used.",
"maxLength": 255,
"example": "domain1"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"maxLength": 254,
"example": "devfeedbacktid@onespan.com"
},
"httpHeader": {
"type": "string",
"description": "Client request HTTP header.",
"maxLength": 4000,
"example": "Host: www.onespan.com"
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"maxLength": 250,
"example": "+1 (508) 366 3437"
},
"phoneNumber": {
"type": "string",
"description": "Telephone number of the user.",
"pattern": "^[\\+\\-\\(\\)0-9 ]{0,20}$",
"maxLength": 20,
"example": "+1 (508) 366 3437"
},
"referer": {
"type": "string",
"description": "URL of the webpage triggering the transaction.",
"maxLength": 4000,
"example": "https://www.onespan.com/"
},
"serialNumber": {
"type": "string",
"description": "Serial number of the authenticator to be assigned. This field is ignored for online multi-device licensing (MDL) activation.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
}
},
"description": "Input payload for OneSpan Cloud Authentication user registration.",
"example": {
"objectType": "RegisterUserInputEx",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"clientIP": "192.168.0.1",
"staticPassword": "Test1234",
"userID": "userid1"
}
},
"RegisterUserOutput": {
"deprecated": true,
"description": "Warning: Deprecated",
"type": "object",
"required": [
"activationPassword",
"digipassSerial",
"irmResponse",
"message",
"retcode"
],
"properties": {
"activationPassword": {
"type": "string",
"description": "Activation password (max 40 chars) in case of onlineMDL activation. First activation message in case of offlineMDL activation.",
"minLength": 6,
"maxLength": 4202,
"example": "9h2679Q8"
},
"digipassSerial": {
"type": "string",
"description": "Serial number of the authenticator used.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
},
"irmResponse": {
"type": "integer",
"format": "int32",
"description": "Risk Analytics response code. Standard supported values are: 0 = Accept, 1 = Decline, 2 = Challenge, 3 = ChallengeSMS, 5 = ChallengeDevice2FA, 8 = ChallengeEmail, 11 = ChallengeCronto, 21 = ChallengeNoPIN, 22 = ChallengePIN, 23 = ChallengeFingerprint, 24 = ChallengeFace. Additional values can be configured through the Risk Analytics Presentation Service.",
"example": 0
},
"message": {
"type": "string",
"description": "\"Success\" if successful; a description of the error that occurred otherwise.",
"example": "Success"
},
"retcode": {
"type": "string",
"description": "'0' if successful; an error code otherwise.",
"example": "0"
},
"registrationID": {
"type": "string",
"description": "Registration identifier to continue offline activation.",
"maxLength": 40,
"example": "vjO1THY2s7qtt99YjyHldWWF"
}
}
},
"RegisterUserOutputEx": {
"type": "object",
"required": [
"activationPassword",
"serialNumber"
],
"properties": {
"activationPassword": {
"type": "string",
"description": "Activation password (max 40 chars) in case of onlineMDL activation. First activation message in case of offlineMDL activation.",
"minLength": 6,
"maxLength": 4202,
"example": "9h2679Q8"
},
"riskResponseCode": {
"type": "integer",
"format": "int32",
"description": "Risk Analytics response code. Standard supported values are: 0 = Accept, 1 = Decline, 2 = Challenge, 3 = ChallengeSMS, 5 = ChallengeDevice2FA, 8 = ChallengeEmail, 11 = ChallengeCronto, 21 = ChallengeNoPIN, 22 = ChallengePIN, 23 = ChallengeFingerprint, 24 = ChallengeFace. Additional values can be configured through the Risk Analytics Presentation Service.",
"example": 0
},
"serialNumber": {
"type": "string",
"description": "Serial number of the authenticator used.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
},
"registrationID": {
"type": "string",
"description": "Registration identifier to continue offline activation.",
"maxLength": 40,
"example": "vjO1THY2s7qtt99YjyHldWWF"
}
}
},
"RegisterUserOutputFido": {
"type": "object",
"required": [
"registrationID",
"supportedFIDOProtocols"
],
"properties": {
"registrationID": {
"type": "string",
"description": "Registration identifier to continue offline activation.",
"maxLength": 40,
"example": "vjO1THY2s7qtt99YjyHldWWF"
},
"supportedFIDOProtocols": {
"type": "array",
"description": "Supported FIDO Alliance protocols that can be used to activate the user.",
"minItems": 1,
"uniqueItems": true,
"items": {
"$ref": "#/components/schemas/FidoProtocol"
}
}
}
},
"RegistrationInput": {
"type": "object",
"required": [
"staticPassword",
"userID"
],
"properties": {
"staticPassword": {
"type": "string",
"description": "Static password for the user account starting the provisioning session.",
"maxLength": 255,
"example": "Test1234"
},
"userID": {
"type": "string",
"description": "Identifier for the user.",
"minLength": 1,
"maxLength": 255,
"example": "userid1"
},
"activationType": {
"type": "string",
"description": "Indicates if the authenticator assigned to the user must be activated using online or offline multi-device licensing (MDL) activation.
",
"enum": [
"onlineMDL",
"offlineMDL"
],
"default": "onlineMDL",
"example": "offlineMDL"
},
"description": {
"type": "string",
"description": "Reference associated with the activated authenticator instance. Will be applied only to the authenticator instance resulting from this call, not the license.",
"pattern": "^(?=^\\S)(?=.*\\S$)[^\\x00-\\x1F\\x7F]{1,255}$",
"minLength": 1,
"maxLength": 255,
"example": "Mobile authenticator for Android activated on 2021-02-11 for userid1."
},
"deviceCode": {
"type": "string",
"description": "Device code generated by the authenticator upon processing the first activation message.",
"minLength": 5,
"maxLength": 26,
"example": "1234567890"
},
"domain": {
"type": "string",
"description": "Domain in which the user account resides.",
"maxLength": 255,
"example": "domain1"
},
"serialNumber": {
"type": "string",
"description": "Serial number of the DIGIPASS license. Do not include the DIGIPASS instance-specific suffix (-#).",
"pattern": "^[A-Z0-9]{3}[0-9]{7}$",
"minLength": 10,
"maxLength": 10,
"example": "VDS1234567"
}
},
"description": "Input payload for device registration."
},
"RenderDataUriOutput": {
"type": "object",
"required": [
"image"
],
"properties": {
"image": {
"type": "string",
"description": "The visual code formatted for inclusion into a HTML <img> node 'src' attribute.",
"example": "data:image/;base64,"
}
}
},
"RenderInput": {
"type": "object",
"required": [
"message"
],
"properties": {
"type": {
"type": "string",
"enum": [
"CLEARTEXT",
"HEXSTRING"
],
"description": "Encoding of the input message.",
"default": "CLEARTEXT",
"example": "HEXSTRING"
},
"message": {
"type": "string",
"description": "Message to be embedded in the image.",
"minLength": 1,
"example": "4F6E655370616E"
},
"format": {
"type": "string",
"enum": [
"CRONTO",
"QRCODE"
],
"description": "Output format.",
"default": "CRONTO",
"example": "CRONTO"
},
"imageSize": {
"type": "integer",
"format": "int32",
"description": "Image size. When the image format is CRONTO, this will be truncated to the lower multiple of 35.",
"minimum": 35,
"maximum": 700,
"default": 175,
"example": 210
}
},
"example": {
"type": "HEXSTRING",
"message": "4F6E655370616E",
"format": "CRONTO",
"imageSize": 210
}
},
"ResumeBulkfileOutput": {
"type": "object",
"required": [
"message",
"retcode"
],
"properties": {
"retcode": {
"type": "string",
"description": "'0' if successful; an error code otherwise."
},
"message": {
"type": "string",
"description": "\"Success\" if successful; a description of the error that occurred otherwise."
}
}
},
"SendPushNotificationInput": {
"type": "object",
"required": [
"message",
"subject",
"title"
],
"properties": {
"message": {
"type": "string",
"description": "Message payload to be sent to the device.",
"maxLength": 4000,
"example": "ABCD1234"
},
"subject": {
"type": "string",
"description": "Subject of the notification message to be displayed on the device.",
"maxLength": 42,
"example": "Tap here to confirm login"
},
"title": {
"type": "string",
"description": "Title of the message to be displayed on the device.",
"maxLength": 30,
"example": "Login request"
},
"serialNumber": {
"type": "string",
"pattern": "^[A-Z0-9]{3}[0-9]{7}(-[0-9]{1,2})?$",
"minLength": 10,
"maxLength": 13,
"description": "Serial number of the authenticator to send the push notification to.",
"example": "VDS1234567-01"
}
}
},
"SignCounterHandleMethod": {
"type": "string",
"description": "Configures the authentication ceremony sign counter behavior logic for the scenario when the authenticator data sign counter is less than or equal to the sign counter stored on the FIDO2 server side. This is a signal that the authenticator may be cloned and the FIDO2 server decides based on this signCounterHandleMethod how to handle this sign counter problem.
Supported values are:
'use_stored' - will use the stored sign counter from the FIDO2 server
'use_response' - will use the sign counter coming from the authenticator data
'throw_exception' - will throw an exception as this is a signal that the authenticator may be cloned and the FIDO2 ceremony will fail.
",
"enum": [
"use_stored",
"use_response",
"throw_exception"
]
},
"SyncAuthenticatorInput": {
"description": "The sync authenticator input object for OCA.",
"type": "object",
"required": [
"objectType",
"OTP1",
"OTP2",
"serialNumber"
],
"properties": {
"objectType": {
"type": "string",
"description": "Input payload object type.",
"enum": [
"SyncAuthenticatorInput"
],
"example": "SyncAuthenticatorInput"
},
"OTP1": {
"type": "string",
"description": "OTP1 used for the synchronization of the authenticator with the host.",
"example": "123456"
},
"OTP2": {
"type": "string",
"description": "OTP2 used for the synchronization of the authenticator with the host.",
"example": "123456"
},
"PIN": {
"type": "string",
"description": "The authenticator PIN code.",
"minLength": 4,
"maxLength": 8,
"example": "1234"
},
"serialNumber": {
"type": "string",
"pattern": "^[A-Z0-9]{3}[0-9]{7}(-[0-9]{1,2})?$",
"minLength": 10,
"maxLength": 13,
"description": "Serial number of the authenticator instance.",
"example": "VDS1234567"
}
}
},
"SyncAuthenticatorOutput": {
"description": "The sync authenticator output object. The field riskResponseCode is aplicable only to IAA and will be missing in case of OCA.",
"type": "object",
"required": [
"userID",
"domain",
"serialNumber"
],
"properties": {
"userID": {
"type": "string",
"description": "Identifier for the user the authenticator is assigned to.",
"maxLength": 255,
"example": "userid1"
},
"domain": {
"type": "string",
"description": "The domain in which the user account resides.",
"maxLength": 255,
"example": "domain1"
},
"serialNumber": {
"type": "string",
"description": "Serial number of the authenticator instance.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}(-[0-9]{1,2})?$",
"minLength": 10,
"maxLength": 13,
"example": "VDS1234567"
},
"riskResponseCode": {
"type": "integer",
"format": "int32",
"description": "Risk Analytics response code. Standard supported values are: 0 = Accept, 1 = Decline, 2 = Challenge, 3 = ChallengeSMS, 5 = ChallengeDevice2FA, 8 = ChallengeEmail, 11 = ChallengeCronto, 14 = ChallengeFido, 21 = ChallengeNoPIN, 22 = ChallengePIN, 23 = ChallengeFingerprint, 24 = ChallengeFace. Additional values can be configured through the Risk Analytics Presentation Service.",
"example": 0
}
}
},
"TestApplicationInput": {
"type": "object",
"description": "Authenticator application test input. The two fields otp and signature are mutually exclusive and collectively exhaustive.",
"properties": {
"OTP": {
"type": "object",
"required": [
"response"
],
"properties": {
"response": {
"type": "string",
"description": "OTP test response.",
"example": "123456"
}
}
},
"signature": {
"type": "object",
"required": [
"data1",
"response"
],
"properties": {
"data1": {
"type": "string",
"description": "Signature test data field.",
"example": "1234"
},
"response": {
"type": "string",
"description": "Signature test response.",
"example": "123456"
},
"data2": {
"type": "string",
"description": "Signature test data field.",
"example": "56"
},
"data3": {
"type": "string",
"description": "Signature test data field.",
"example": "7890"
},
"data4": {
"type": "string",
"description": "Signature test data field.",
"example": "123"
},
"data5": {
"type": "string",
"description": "Signature test data field.",
"example": "45"
},
"data6": {
"type": "string",
"description": "Signature test data field.",
"example": "678"
},
"data7": {
"type": "string",
"description": "Signature test data field.",
"example": "90"
},
"data8": {
"type": "string",
"description": "Signature test data field.",
"example": "12345678"
}
}
}
},
"minProperties": 1,
"maxProperties": 1
},
"TestApplicationOutput": {
"type": "object",
"required": [
"result"
],
"properties": {
"result": {
"type": "string",
"description": "Result of authenticator application test."
}
}
},
"TransactionInput": {
"type": "object",
"required": [
"accountRef",
"amount",
"currency",
"relationshipRef",
"sessionID",
"transactionType"
],
"properties": {
"accountRef": {
"type": "string",
"description": "Customer (bank) account reference.",
"minLength": 1,
"maxLength": 250,
"example": "ACC123"
},
"amount": {
"type": "string",
"description": "Transaction amount.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "1064.99"
},
"currency": {
"type": "string",
"description": "Transaction currency.",
"minLength": 1,
"maxLength": 3,
"example": "EUR"
},
"relationshipRef": {
"type": "string",
"description": "Relationship reference.",
"minLength": 1,
"maxLength": 150,
"example": "userid1"
},
"sessionID": {
"type": "string",
"description": "Application session identifier formatted as a hexadecimal string; common for all transactions related to the same session.",
"pattern": "^[0-9a-fA-F]+$",
"minLength": 2,
"maxLength": 100,
"example": "4ED23EA44F23"
},
"transactionType": {
"type": "string",
"description": "Name of the transaction type. String values for numeric keys related to custom transaction types are additionally accepted.",
"enum": [
"ExternalCharityTransfer",
"ExternalCharityTransferPresentment",
"ExternalCharityTransferRelease",
"ExternalTransfer",
"ExternalTransferBillPayments",
"ExternalTransferBillPaymentsPresentment",
"ExternalTransferBillPaymentsRelease",
"ExternalTransferCCPayments",
"ExternalTransferCCPaymentsPresentment",
"ExternalTransferCCPaymentsRelease",
"ExternalTransferInternational",
"ExternalTransferInternationalPresentment",
"ExternalTransferInternationalRelease",
"ExternalTransferInternationalReleaseApprove",
"ExternalTransferInternationalReleaseReject",
"ExternalTransferLocalCountry",
"ExternalTransferLocalCountryPresentment",
"ExternalTransferLocalCountryRelease",
"ExternalTransferLocalCountryReleaseApprove",
"ExternalTransferLocalCountryReleaseReject",
"ExternalTransferP2PPayments",
"ExternalTransferP2PPaymentsPresentment",
"ExternalTransferP2PPaymentsRelease",
"ExternalTransferPresentment",
"ExternalTransferRelease",
"ExternalTransferReleaseApprove",
"ExternalTransferReleaseDefer",
"ExternalTransferReleaseReject",
"GroupPaymentsPresentment",
"GroupPaymentsRelease",
"InternalCharityTransfer",
"InternalCharityTransferPresentment",
"InternalCharityTransferRelease",
"InternalCustomerTransfer",
"InternalCustomerTransferPresentment",
"InternalCustomerTransferRelease",
"InternalCustomerTransferReleaseApprove",
"InternalCustomerTransferReleaseReject",
"InternalTransfer",
"InternalTransferOtherCreditCard",
"InternalTransferOtherCreditCardPresentment",
"InternalTransferOtherCreditCardRelease",
"InternalTransferOwnCreditCard",
"InternalTransferOwnCreditCardPresentment",
"InternalTransferOwnCreditCardRelease",
"InternalTransferOwnPrepaidCard",
"InternalTransferPresentment",
"InternalTransferRelease",
"InternalTransferReleaseApprove",
"InternalTransferReleaseReject",
"MobileExternalCharityTransfer",
"MobileExternalTransfer",
"MobileExternalTransferBillPayments",
"MobileExternalTransferCCPayments",
"MobileExternalTransferInternational",
"MobileExternalTransferLocalCountry",
"MobileExternalTransferP2PPayments",
"MobileInternalCharityTransfer",
"MobileInternalCustomerTransfer",
"MobileInternalTransfer",
"MobileInternalTransferOtherCreditCard",
"MobileInternalTransferOwnCreditCard",
"MobileInternalTransferOwnPrepaidCard",
"MobileSignedExternalCharityTransfer",
"MobileSignedExternalTransfer",
"MobileSignedExternalTransferBillPayments",
"MobileSignedExternalTransferCCPayments",
"MobileSignedExternalTransferInternational",
"MobileSignedExternalTransferLocalCountry",
"MobileSignedExternalTransferP2PPayments",
"MobileSignedInternalCharityTransfer",
"MobileSignedInternalCustomerTransfer",
"MobileSignedInternalTransfer",
"MobileSignedInternalTransferOtherCreditCard",
"MobileSignedInternalTransferOwnCreditCard",
"MobileSignedInternalTransferOwnPrepaidCard",
"SignedExternalCharityTransfer",
"SignedExternalTransfer",
"SignedExternalTransferBillPayments",
"SignedExternalTransferCCPayments",
"SignedExternalTransferInternational",
"SignedExternalTransferInternationalPresentment",
"SignedExternalTransferInternationalRelease",
"SignedExternalTransferInternationalReleaseApprove",
"SignedExternalTransferInternationalReleaseReject",
"SignedExternalTransferLocalCountry",
"SignedExternalTransferLocalCountryPresentment",
"SignedExternalTransferLocalCountryRelease",
"SignedExternalTransferLocalCountryReleaseApprove",
"SignedExternalTransferLocalCountryReleaseReject",
"SignedExternalTransferP2PPayments",
"SignedExternalTransferPresentment",
"SignedExternalTransferRelease",
"SignedExternalTransferReleaseApprove",
"SignedExternalTransferReleaseDefer",
"SignedExternalTransferReleaseReject",
"SignedInternalCharityTransfer",
"SignedInternalCustomerTransfer",
"SignedInternalCustomerTransferPresentment",
"SignedInternalCustomerTransferRelease",
"SignedInternalCustomerTransferReleaseApprove",
"SignedInternalCustomerTransferReleaseReject",
"SignedInternalTransfer",
"SignedInternalTransferOtherCreditCard",
"SignedInternalTransferOwnCreditCard",
"SignedInternalTransferOwnPrepaidCard",
"SignedInternalTransferPresentment",
"SignedInternalTransferRelease",
"SignedInternalTransferReleaseApprove",
"SignedInternalTransferReleaseReject",
"TPPExternalTransfer",
"TPPExternalTransferInternational",
"TPPExternalTransferLocalCountry",
"TPPInternalCustomerTransfer",
"TPPInternalTransfer",
"TPPSignedExternalTransfer",
"TPPSignedExternalTransferInternational",
"TPPSignedExternalTransferLocalCountry",
"TPPSignedInternalCustomerTransfer",
"TPPSignedInternalTransfer",
"TrustedDeviceInternalCustTransferValidation",
"TrustedDeviceTransferValidation"
],
"example": "InternalCustomerTransfer"
},
"addressCity": {
"type": "string",
"description": "City/town part of the user address.",
"maxLength": 250,
"example": "Chicago"
},
"addressCountry": {
"$ref": "#/components/schemas/CountryCode"
},
"addressCounty": {
"type": "string",
"description": "County part of the user address.",
"maxLength": 250,
"example": "Cook"
},
"addressDistrict": {
"type": "string",
"description": "District part of the user address.",
"maxLength": 250,
"example": "Loop"
},
"addressName": {
"type": "string",
"description": "Full name of the user.",
"maxLength": 100,
"example": "OneSpan Inc."
},
"addressNumber": {
"type": "string",
"description": "House number part of the user address.",
"maxLength": 100,
"example": "121"
},
"addressPostCode": {
"type": "string",
"description": "Postal code part of the user address.",
"maxLength": 100,
"example": "60601"
},
"addressStreet": {
"type": "string",
"description": "Street part of the user street.",
"maxLength": 250,
"example": "West Wacker Drive"
},
"amountCashback": {
"type": "string",
"description": "Cash-back amount.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "100"
},
"amountComm": {
"type": "string",
"description": "Commission on the transaction.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "20"
},
"amountSettle": {
"type": "string",
"description": "Transaction settlement amount.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "200"
},
"amountTxn": {
"type": "string",
"description": "Transaction amount in the customer currency.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "1174.49"
},
"appLanguage": {
"type": "string",
"description": "Application language.",
"maxLength": 50,
"example": "en-CA"
},
"applicationRef": {
"type": "string",
"description": "Application reference.",
"maxLength": 64,
"example": "com.onespan.tid.myapp"
},
"authentMode": {
"type": "string",
"description": "Authentication mode.",
"maxLength": 2,
"example": "CR"
},
"authentStatus": {
"type": "integer",
"format": "int32",
"description": "Result of the user authentication performed externally. Non-zero results indicate failure to authenticate.",
"example": 0
},
"authentType": {
"type": "string",
"description": "Indicates the level of authentication. Strong customer authentication (SCA) requires at least two-factor authentication.",
"enum": [
"none",
"simple",
"strong"
],
"example": "strong"
},
"availableAmount": {
"type": "string",
"description": "Amount available.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "99999"
},
"behaviorTrained": {
"type": "boolean",
"description": "Indicates whether the behavior server is trained enough for the current user profile to perform an adequate behavioral scoring.",
"example": true
},
"behaviorScore": {
"type": "number",
"format": "double",
"description": "Behavioral score, as computed by the behavior server.",
"minimum": 0,
"maximum": 1,
"example": 0.5
},
"behaviorConfidence": {
"type": "number",
"format": "double",
"description": "Confidence in the behavioral score, as computed by the behavior server.",
"minimum": 0,
"maximum": 1,
"example": 0.5
},
"bin6": {
"type": "string",
"description": "6-digit bank identification number.",
"maxLength": 6,
"example": "012345"
},
"bin7": {
"type": "string",
"description": "7-digit bank identification number.",
"maxLength": 7,
"example": "0123456"
},
"bin8": {
"type": "string",
"description": "8-digit bank identification number.",
"maxLength": 8,
"example": "01234567"
},
"bin9": {
"type": "string",
"description": "9-digit bank identification number.",
"maxLength": 9,
"example": "012345678"
},
"bin12": {
"type": "string",
"description": "12-digit bank identification number.",
"maxLength": 12,
"example": "012345678901"
},
"branchLocation": {
"type": "string",
"description": "Branch location reference.",
"maxLength": 100,
"example": "City-center"
},
"bulkActionDate": {
"type": "string",
"description": "Date of the action on the bulk payment.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"bulkRef": {
"type": "string",
"description": "Bulk payment reference.",
"maxLength": 128,
"example": "BLK123"
},
"cddc": {
"type": "object",
"description": "Client device data collector meta data. The two fields browserCDDC and mobileCDDC are mutually exclusive and collectively exhaustive.",
"properties": {
"browserCDDC": {
"$ref": "#/components/schemas/BrowserCDDC"
},
"mobileCDDC": {
"$ref": "#/components/schemas/MobileCDDC"
}
},
"minProperties": 1,
"maxProperties": 1
},
"clientIP": {
"type": "string",
"description": "IP address where the event originates from formatted in dot-decimal notation. This field is strongly recommended in case the event originates from a web banking application.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"contractRef": {
"type": "string",
"description": "Corporate banking reference for a contract belonging to an external entity for which the corporate user is indirectly acting.",
"maxLength": 150,
"example": "contractid1"
},
"cookieID": {
"type": "string",
"description": "Most persistent cookie from the banking website.",
"maxLength": 250,
"example": "custID=userid1; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Secure; HttpOnly"
},
"cookieSession": {
"type": "string",
"description": "Any other cookies related to the session.",
"maxLength": 4000,
"example": "sessionToken=abc123; MaxAge=1200; Secure; HttpOnly"
},
"creditorBank": {
"type": "string",
"description": "Name of the creditor bank.",
"maxLength": 50,
"example": "MYBANK"
},
"creditorBankCountry": {
"$ref": "#/components/schemas/CountryCode"
},
"creditorIBAN": {
"type": "string",
"description": "Creditor international bank account number (IBAN).",
"maxLength": 96,
"example": "BE68539007547034"
},
"creditorName": {
"type": "string",
"description": "Name of the creditor.",
"maxLength": 128,
"example": "John Doe"
},
"creditorOtherInstruction": {
"type": "string",
"description": "Field used to identify if beneficiary account is located in customer address book (0: not in address book, 1: in address book).",
"maxLength": 1000,
"example": "0"
},
"creditorRef": {
"type": "string",
"description": "Creditor bank account reference.",
"maxLength": 128,
"example": "ACC123"
},
"currencyConvRate": {
"type": "string",
"description": "Currency conversion rate.",
"pattern": "^-?[0-9]{1,20}(\\.[0-9]{1,3})?$",
"example": "1.1"
},
"currencySettle": {
"type": "string",
"description": "Currency settlement.",
"maxLength": 3,
"example": "EUR"
},
"currencyTxn": {
"type": "string",
"description": "Customer currency.",
"maxLength": 3,
"example": "USD"
},
"customDate1": {
"type": "string",
"description": "A customizable date to pass bank information to Risk Analytics.",
"maxLength": 20,
"example": "12-Dec-1988 13:04:55"
},
"customNumber1": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customNumber2": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customNumber3": {
"type": "number",
"description": "A customizable number to pass bank information to Risk Analytics.",
"pattern": "^-?([0-9]+(\\.[0-9]+)?)$",
"minimum": -999999999999999,
"maximum": 999999999999999,
"maxLength": 16,
"example": 123456
},
"customString1": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString2": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString3": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString4": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString5": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"customString6": {
"type": "string",
"description": "A customizable string to pass bank information to Risk Analytics.",
"minLength": 1,
"maxLength": 4000,
"example": "CUSTOM_STRING"
},
"debtorCountry": {
"$ref": "#/components/schemas/CountryCode"
},
"debtorIBAN": {
"type": "string",
"description": "Debtor international bank account number (IBAN).",
"maxLength": 96,
"example": "BE71096123456769"
},
"debtorName": {
"type": "string",
"description": "Name of the debtor.",
"maxLength": 128,
"example": "Jane Doe"
},
"debtorRef": {
"type": "string",
"description": "Debtor bank account reference.",
"maxLength": 128,
"example": "AC12345678902"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"maxLength": 254,
"example": "devfeedbacktid@onespan.com"
},
"entityRef": {
"type": "string",
"description": "Corporate banking reference for an external entity/company for which the corporate user is indirectly acting.",
"maxLength": 150,
"example": "entityid1"
},
"executionDate": {
"type": "string",
"description": "Transaction execution date.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"externalRef": {
"type": "string",
"description": "External reference.",
"maxLength": 128,
"example": "ABC123"
},
"httpHeader": {
"type": "string",
"description": "Client request HTTP header.",
"maxLength": 4000,
"example": "Host: www.onespan.com"
},
"localDate": {
"type": "string",
"description": "Local date and time that can represent the local terminal transaction time (dd-mmm-yyyy hh:mm:ss).",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"maxLength": 250,
"example": "+1 (508) 366 3437"
},
"PAN": {
"type": "string",
"description": "Primary account number (PAN).",
"maxLength": 2000,
"example": "0123456789876543"
},
"parentTxnRef": {
"type": "string",
"description": "Corporate banking reference between multiple steps of transaction initiation, approval and release.",
"maxLength": 128,
"example": "TX12345678"
},
"paymentMessage": {
"type": "string",
"description": "Reason text or comments related to the transaction.",
"maxLength": 2000,
"example": "Test payment in USD"
},
"postalAddress": {
"type": "string",
"description": "Customer full address.",
"maxLength": 4000,
"example": "121 West Wacker Drive, Suite 2050, Chicago, IL 60601, USA"
},
"processingStepKey": {
"type": "integer",
"format": "int32",
"description": "Corporate banking step indicator for transactions with x-eyes principle processing.",
"enum": [
10,
20,
30,
40,
50,
60
],
"example": 10
},
"reasonCode": {
"type": "string",
"description": "Reason code related to the transaction.",
"maxLength": 50,
"example": "0"
},
"referer": {
"type": "string",
"description": "URL of the webpage triggering the transaction.",
"maxLength": 4000,
"example": "https://www.onespan.com/"
},
"serialNumber": {
"type": "string",
"description": "Serial number of the authenticator used.",
"pattern": "^[A-Z0-9]{3}[0-9]{7}(-[0-9]{1,2})?$",
"minLength": 10,
"maxLength": 13,
"example": "VDS1234567"
},
"settlementDate": {
"type": "string",
"description": "Transaction settlement date.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"tpp": {
"type": "object",
"description": "Open Banking Third Party Provider information.",
"required": [
"tppRef"
],
"properties": {
"psuDeviceID": {
"type": "string",
"description": "Universally unique identifier for the device used by the Payment Service User.",
"maxLength": 2000,
"example": "..."
},
"tppIP": {
"type": "string",
"description": "IP address of the Third Party Provider service.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"tppRef": {
"type": "string",
"description": "Unique identifier for the Third Party Provider.",
"maxLength": 150,
"example": "..."
},
"tppName": {
"type": "string",
"description": "Third Party Provider name.",
"maxLength": 50,
"example": "..."
},
"tppRole": {
"type": "string",
"description": "Role of the Third Party Provider.",
"maxLength": 50,
"example": "..."
}
}
},
"transactionDate": {
"type": "string",
"description": "Date of the transaction.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"transactionSubType": {
"type": "string",
"description": "Transaction sub type. String values for numeric keys related to custom transaction sub types are additionally accepted.",
"enum": [
"Dated",
"OneTime",
"Recurring",
"RecurringSubsequent"
],
"example": "OneTime"
},
"userRef": {
"type": "string",
"description": "Corporate user reference.",
"maxLength": 150,
"example": "USER01"
}
},
"description": "Input payload for Risk Analytics transaction requests.",
"example": {
"accountRef": "ACC123",
"amount": "1064.99",
"currency": "EUR",
"relationshipRef": "userid1",
"sessionID": "4ED23EA44F23",
"transactionType": "InternalCustomerTransfer",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"clientIP": "192.168.0.1",
"creditorBank": "MYBANK",
"creditorIBAN": "BE68539007547034",
"creditorName": "John Doe",
"creditorOtherInstruction": "0",
"debtorIBAN": "BE71096123456769"
}
},
"TransactionOutput": {
"type": "object",
"properties": {
"riskResponseCode": {
"type": "integer",
"format": "int32",
"description": "Risk Analytics response code. Standard supported values are: 0 = Accept, 1 = Decline, 2 = Challenge, 3 = ChallengeSMS, 4 = ChallengeDevice, 5 = ChallengeDevice2FA, 6 = ChallengePush, 7 = ChallengePush2FA, 8 = ChallengeEmail, 9 = ChallengeCRDevice, 10 = ChallengeCRDevice2FA, 11 = ChallengeSCTransaction, 12 = ChallengeSCTransaction2FA, 21 = ChallengeNoPIN, 22 = ChallengePIN, 23 = ChallengeFingerprint, 24 = ChallengeFace. Additional values can be configured through the Risk Analytics Presentation Service.",
"example": 0
},
"transactionID": {
"type": "integer",
"format": "int32",
"description": "Identifier of the inserted transaction."
}
}
},
"TransactionValidationInput": {
"type": "object",
"required": [
"objectType",
"data"
],
"properties": {
"objectType": {
"type": "string",
"description": "Input payload object type.",
"enum": [
"TransactionValidationInput"
],
"example": "TransactionValidationInput"
},
"data": {
"type": "object",
"description": "Signature validation data. Fields are mutually exclusive and collectively exhaustive.",
"properties": {
"fido": {
"type": "object",
"description": "Object used to transfer FIDO AuthenticationResponse.",
"required": [
"authenticationResponse",
"requestID"
],
"properties": {
"authenticationResponse": {
"type": "string",
"description": "AuthenticationResponse from respective FIDO protocol."
},
"requestID": {
"description": "Mandatory Identifier of the request which started the session.",
"type": "string",
"example": "413b2c39-2d67-4293-9adb-25601731b062",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"minLength": 36,
"maxLength": 36
},
"cidPublicKey": {
"type": "string",
"description": "Base64url-encoded TLS Channel ID, only applicable for UAF11."
},
"tlsUnique": {
"type": "string",
"description": "Base64url-encoded tls-unique channel binding value, only applicable for UAF11."
}
}
},
"standard": {
"type": "object",
"description": "Standard signature validation input.",
"required": [
"dataFields",
"signature"
],
"properties": {
"dataFields": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 16
},
"minItems": 1,
"maxItems": 8
},
"signature": {
"type": "string",
"description": "Signature for the transaction data.",
"minLength": 6,
"maxLength": 16,
"example": "123456"
}
}
},
"secureChannel": {
"type": "object",
"description": "Secure Channel transaction data signing input. If the signature field is not present, push notification to the mobile device is attempted.",
"required": [
"requestID"
],
"properties": {
"requestID": {
"type": "string",
"description": "Identifier of the related preceding request.",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"example": "413b2c39-2d67-4293-9adb-25601731b062"
},
"signature": {
"type": "string",
"description": "Signature for the transaction data.",
"minLength": 6,
"maxLength": 16,
"example": "123456"
}
}
},
"transactionMessage": {
"type": "object",
"description": "Orchestration transaction data signing input. Delivery method for this transaction message is specified in the orchestrationDelivery field.",
"required": [
"authentMethod",
"dataFields"
],
"properties": {
"authentMethod": {
"description": "Method of authentication to be performed on the trusted device.",
"type": "string",
"enum": [
"NoPIN",
"PIN",
"Fingerprint",
"Face"
],
"example": "PIN"
},
"dataFields": {
"description": "Array of key/value pairs representing the data fields of the transaction context.",
"type": "array",
"items": {
"type": "object",
"required": [
"key",
"value"
],
"properties": {
"key": {
"type": "object",
"required": [
"text"
],
"properties": {
"text": {
"type": "string",
"description": "Data field key.",
"minLength": 1
}
}
},
"value": {
"type": "object",
"required": [
"text"
],
"properties": {
"text": {
"type": "string",
"description": "Data field value.",
"minLength": 1
}
}
}
}
},
"minItems": 1
},
"subject": {
"type": "string",
"description": "Subject of the notification message to be displayed on the device.",
"pattern": "[^\\s]",
"minLength": 1,
"maxLength": 42,
"default": "Tap here to confirm transaction",
"example": "Tap here to confirm transaction"
},
"title": {
"type": "object",
"properties": {
"text": {
"type": "string",
"description": "Title of the message to be displayed on the device.",
"minLength": 1,
"maxLength": 30,
"default": "Transaction validation request",
"example": "Transaction validation request"
}
}
}
}
}
},
"minProperties": 1,
"maxProperties": 1
},
"appLanguage": {
"type": "string",
"description": "Application language.",
"maxLength": 50,
"example": "en-CA"
},
"cddc": {
"type": "object",
"description": "Client device data collector meta data. The two fields browserCDDC and mobileCDDC are mutually exclusive and collectively exhaustive.",
"properties": {
"browserCDDC": {
"$ref": "#/components/schemas/BrowserCDDC"
},
"mobileCDDC": {
"$ref": "#/components/schemas/MobileCDDC"
}
},
"minProperties": 1,
"maxProperties": 1
},
"clientIP": {
"type": "string",
"description": "IP address where the event originates from formatted in dot-decimal notation. This field is strongly recommended in case the event originates from a web banking application.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"cookieID": {
"type": "string",
"description": "Most persistent cookie from the banking website.",
"maxLength": 250,
"example": "custID=userid1; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Secure; HttpOnly"
},
"cookieSession": {
"type": "string",
"description": "Any other cookies related to the session.",
"maxLength": 4000,
"example": "sessionToken=abc123; MaxAge=1200; Secure; HttpOnly"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"maxLength": 254,
"example": "devfeedbacktid@onespan.com"
},
"httpHeader": {
"type": "string",
"description": "Client request HTTP header.",
"maxLength": 4000,
"example": "Host: www.onespan.com"
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"maxLength": 250,
"example": "+1 (508) 366 3437"
},
"orchestrationDelivery": {
"type": "array",
"description": "Indicates whether a push notification should be sent, and/or if the orchestration command should be included in the response requestMessage.",
"minItems": 1,
"uniqueItems": true,
"items": {
"type": "string",
"enum": [
"pushNotification",
"requestMessage"
]
},
"default": [
"pushNotification",
"requestMessage"
],
"example": [
"pushNotification",
"requestMessage"
]
},
"referer": {
"type": "string",
"description": "URL of the webpage triggering the transaction.",
"maxLength": 4000,
"example": "https://www.onespan.com/"
},
"timeout": {
"type": "integer",
"format": "int32",
"description": "Timeout in seconds to wait for the result from the orchestration process when a push notification was sent to the trusted device.",
"default": 0,
"example": 60,
"minimum": 0,
"maximum": 60
}
},
"description": "Input payload for OneSpan Cloud Authentication transaction requests.",
"example": {
"objectType": "TransactionValidationInput",
"data": {
"secureChannel": {
"requestID": "413b2c39-2d67-4293-9adb-25601731b062",
"signature": "123456"
}
},
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"clientIP": "192.168.0.1"
}
},
"TransactionValidationOutput": {
"type": "object",
"required": [
"sessionStatus"
],
"properties": {
"requestID": {
"type": "string",
"description": "Identifier to reference this request.",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"minLength": 36,
"maxLength": 36,
"example": "413b2c39-2d67-4293-9adb-25601731b062"
},
"riskResponseCode": {
"type": "integer",
"format": "int32",
"description": "Risk Analytics response code. Standard supported values are: 0 = Accept, 1 = Decline, 11 = ChallengeCronto, 14 = ChallengeFido, 21 = ChallengeNoPIN, 22 = ChallengePIN, 23 = ChallengeFingerprint, 24 = ChallengeFace. Additional values can be configured through the Risk Analytics Presentation Service.",
"example": 0
},
"sessionStatus": {
"type": "string",
"description": "Status of the session. Supported values are: 'unknown' = Unknown status: handle response externally, 'pending' = Pending action by user, 'accepted' = Succesfully completed validation, 'refused' = Refused by user, 'timeout' = Timeout waiting for validation to complete, 'failed' = Failed to validate.",
"enum": [
"unknown",
"pending",
"accepted",
"refused",
"timeout",
"failed"
]
},
"fidoAuthenticationRequest": {
"type": "string",
"description": "AuthenticationRequest from respective FIDO protocol."
},
"uafStatusCode": {
"type": "integer",
"format": "int32",
"description": "Status code indicating the result of the UAF11 protocol operation. Applicable only to FIDO UAF protocol operations.",
"example": 1200
},
"requestMessage": {
"type": "string",
"description": "Encoded orchestration - or request message.",
"example": "0000F8B81D"
}
}
},
"UnlockChallengeInput": {
"type": "object",
"required": [
"challenge"
],
"properties": {
"challenge": {
"type": "string",
"description": "Unlock challenge generated by the authenticator.",
"example": "123456"
}
}
},
"UnlockCodeOutput": {
"type": "object",
"required": [
"unlockCode"
],
"properties": {
"unlockCode": {
"type": "string",
"description": "Unlock code for the authenticator.",
"example": "123456"
}
}
},
"UnregisterUserInput": {
"deprecated": true,
"type": "object",
"required": [
"browserCDDC",
"login",
"sessionIdentifier"
],
"properties": {
"browserCDDC": {
"$ref": "#/components/schemas/BrowserCDDC"
},
"login": {
"type": "string",
"description": "Relationship reference.",
"minLength": 1,
"maxLength": 150,
"example": "userid1"
},
"sessionIdentifier": {
"type": "string",
"description": "Application session identifier formatted as a hexadecimal string; common for all transactions related to the same session.",
"pattern": "^[0-9a-fA-F]+$",
"minLength": 2,
"maxLength": 100,
"example": "4ED23EA44F23"
},
"addressCity": {
"type": "string",
"description": "City/town part of the user address.",
"maxLength": 250,
"example": "Chicago"
},
"addressCountry": {
"$ref": "#/components/schemas/CountryCode"
},
"addressCounty": {
"type": "string",
"description": "County part of the user address.",
"maxLength": 250,
"example": "Cook"
},
"addressDistrict": {
"type": "string",
"description": "District part of the user address.",
"maxLength": 250,
"example": "Loop"
},
"addressName": {
"type": "string",
"description": "Full name of the user.",
"maxLength": 100,
"example": "OneSpan Inc."
},
"addressNumber": {
"type": "string",
"description": "House number part of the user address.",
"maxLength": 100,
"example": "121"
},
"addressPostCode": {
"type": "string",
"description": "Postal code part of the user address.",
"maxLength": 100,
"example": "60601"
},
"addressStreet": {
"type": "string",
"description": "Street part of the user street.",
"maxLength": 250,
"example": "West Wacker Drive"
},
"appLanguage": {
"type": "string",
"description": "Application language.",
"maxLength": 50,
"example": "en-CA"
},
"applicationRef": {
"type": "string",
"description": "Application reference.",
"maxLength": 64,
"example": "com.onespan.tid.myapp"
},
"authentStatus": {
"type": "string",
"description": "String value of the numeric result of the user authentication performed externally. Non-zero results indicate failure to authenticate.",
"example": "00"
},
"clientIP": {
"type": "string",
"description": "IP address where the event originates from formatted in dot-decimal notation. This field is strongly recommended in case the event originates from a web banking application.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"cookieID": {
"type": "string",
"description": "Most persistent cookie from the banking website.",
"maxLength": 250,
"example": "custID=userid1; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Secure; HttpOnly"
},
"cookieSession": {
"type": "string",
"description": "Any other cookies related to the session.",
"maxLength": 4000,
"example": "sessionToken=abc123; MaxAge=1200; Secure; HttpOnly"
},
"digipassDomain": {
"type": "string",
"description": "Domain for the user if not included in the login or digipassUser field.",
"maxLength": 255
},
"digipassUser": {
"type": "string",
"description": "User ID of the user if different from the login field value.",
"maxLength": 255,
"example": "userid@domain1"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"maxLength": 254,
"example": "devfeedbacktid@onespan.com"
},
"eventDate": {
"type": "string",
"description": "Date of the event.",
"maxLength": 20,
"example": "10-Jan-2018 23:10:59"
},
"eventSubType": {
"type": "string",
"description": "String value for the numeric key related to the non-monetary event sub type.",
"minLength": 3,
"maxLength": 3,
"example": "101"
},
"externalRef": {
"type": "string",
"description": "External reference.",
"maxLength": 128,
"example": "ABC123"
},
"httpHeader": {
"type": "string",
"description": "Client request HTTP header.",
"maxLength": 4000,
"example": "Host: www.onespan.com"
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"maxLength": 250,
"example": "+1 (508) 366 3437"
},
"postalAddress": {
"type": "string",
"description": "Customer full address.",
"maxLength": 4000,
"example": "121 West Wacker Drive, Suite 2050, Chicago, IL 60601, USA"
},
"referrer": {
"type": "string",
"description": "URL of the webpage triggering the transaction.",
"maxLength": 4000,
"example": "https://www.onespan.com/"
},
"userRef": {
"type": "string",
"description": "Corporate user reference.",
"maxLength": 150,
"example": "USER01"
}
},
"description": "Warning: Deprecated
Historical input payload for user unregistration superseded by AdaptiveUnregisterUserInput.",
"example": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
},
"clientIP": "192.168.0.1",
"login": "userid1",
"sessionIdentifier": "4ED23EA44F23"
}
},
"UnregisterUserInputEx": {
"type": "object",
"required": [
"objectType"
],
"properties": {
"objectType": {
"type": "string",
"description": "Input payload object type.",
"enum": [
"UnregisterUserInputEx"
],
"example": "UnregisterUserInputEx"
},
"cddc": {
"type": "object",
"description": "Client device data collector meta data. The two fields browserCDDC and mobileCDDC are mutually exclusive and collectively exhaustive.",
"properties": {
"browserCDDC": {
"$ref": "#/components/schemas/BrowserCDDC"
},
"mobileCDDC": {
"$ref": "#/components/schemas/MobileCDDC"
}
},
"minProperties": 1,
"maxProperties": 1
},
"appLanguage": {
"type": "string",
"description": "Application language.",
"maxLength": 50,
"example": "en-CA"
},
"clientIP": {
"type": "string",
"description": "IP address where the event originates from formatted in dot-decimal notation. This field is strongly recommended in case the event originates from a web banking application.",
"pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
"example": "192.168.0.1"
},
"cookieID": {
"type": "string",
"description": "Most persistent cookie from the banking website.",
"maxLength": 250,
"example": "custID=userid1; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Secure; HttpOnly"
},
"cookieSession": {
"type": "string",
"description": "Any other cookies related to the session.",
"maxLength": 4000,
"example": "sessionToken=abc123; MaxAge=1200; Secure; HttpOnly"
},
"httpHeader": {
"type": "string",
"description": "Client request HTTP header.",
"maxLength": 4000,
"example": "Host: www.onespan.com"
},
"referer": {
"type": "string",
"description": "URL of the webpage triggering the transaction.",
"maxLength": 4000,
"example": "https://www.onespan.com/"
}
},
"description": "Input payload for OneSpan Cloud Authentication user unregistration.",
"example": {
"objectType": "UnregisterUserInputEx",
"cddc": {
"browserCDDC": {
"fingerprintRaw": "{browser:{\"userAgent\":Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36},support:{\"ajax\":true,\"boxModel\":undefined,\"changeBubbles\":undefined,\"checkClone\":true,\"checkOn\":true,\"cors\":true,\"cssFloat\":undefined,\"hrefNormalized\":undefined,\"htmlSerialize\":undefined,\"leadingWhitespace\":undefined,\"noCloneChecked\":true,\"noCloneEvent\":undefined,\"opacity\":undefined,\"optDisabled\":undefined,\"style\":undefined,\"submitBubbles\":undefined,\"tbody\":undefined},computer:{\"screenWidth\":2560,\"screenHeight\":1440,\"OS\":\"Microsoft Windows\",\"platform\":\"Win32\"},additional:{}}",
"fingerprintHash": "e96dadc9651f5fe8f071110eb174fe8e7a17a9d7a96b3b1980c13e5b4af3a4d7"
}
},
"clientIP": "192.168.0.1"
}
},
"UnregisterUserOutput": {
"deprecated": true,
"description": "Warning: Deprecated",
"type": "object",
"required": [
"irmResponse",
"message",
"retcode"
],
"properties": {
"irmResponse": {
"type": "integer",
"format": "int32",
"description": "Risk Analytics response code. Standard supported values are: 0 = Accept, 1 = Decline, 2 = Challenge, 3 = ChallengeSMS, 5 = ChallengeDevice2FA, 8 = ChallengeEmail, 11 = ChallengeCronto, 21 = ChallengeNoPIN, 22 = ChallengePIN, 23 = ChallengeFingerprint, 24 = ChallengeFace. Additional values can be configured through the Risk Analytics Presentation Service.",
"example": 0
},
"message": {
"type": "string",
"description": "\"Success\" if successful; a description of the error that occurred otherwise."
},
"retcode": {
"type": "string",
"description": "'0' if successful; an error code otherwise."
}
}
},
"UnregisterUserOutputEx": {
"type": "object",
"required": [
"riskResponseCode"
],
"properties": {
"riskResponseCode": {
"type": "integer",
"format": "int32",
"description": "Risk Analytics response code. Standard supported values are: 0 = Accept, 1 = Decline, 2 = Challenge, 3 = ChallengeSMS, 5 = ChallengeDevice2FA, 8 = ChallengeEmail, 11 = ChallengeCronto, 14 = ChallengeFido, 21 = ChallengeNoPIN, 22 = ChallengePIN, 23 = ChallengeFingerprint, 24 = ChallengeFace. Additional values can be configured through the Risk Analytics Presentation Service.",
"example": 0
}
}
},
"UpdateApplicationInput": {
"type": "object",
"properties": {
"PIN": {
"type": "string",
"description": "New PIN code.",
"minLength": 4,
"maxLength": 8,
"example": "1234"
},
"pinEnabled": {
"type": "boolean",
"description": "Specifies whether the PIN is enabled.",
"example": true
}
},
"minProperties": 1,
"maxProperties": 1
},
"UpdateAuthenticatorInput": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "Description of the authenticator. Empty string will remove/clear description.",
"pattern": "^(?=^\\S)(?=.*\\S$)[^\\x00-\\x1F\\x7F]{1,255}$|^$",
"minLength": 0,
"maxLength": 255,
"example": "Authenticator license with 99 activations for user userid1"
}
},
"minProperties": 1
},
"UpdateDevicePnidInput": {
"type": "object",
"required": [
"encryptedMessage"
],
"properties": {
"encryptedMessage": {
"type": "string",
"description": "Encrypted PNID.",
"minLength": 2,
"maxLength": 2064,
"example": "0000C3E40165135320716417A9801601D1CD08BF5F9B7A08565C8A6B27F90AB2BC0AF541446CF3FCFC8F1B10B2DE733F95381F"
}
},
"description": "Input payload for updating device push notification ID."
},
"UpdateUserInput": {
"type": "object",
"properties": {
"displayName": {
"type": "string",
"description": "Displayed user name.",
"maxLength": 255,
"example": "John Customer"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"maxLength": 64,
"example": "devfeedbacktid@onespan.com"
},
"enabled": {
"type": "boolean",
"description": "Specifies whether the user account is enabled or not.",
"example": true
},
"mdcProfile": {
"type": "string",
"description": "The specific Message Delivery Component profile for virtual DIGIPASS messages for a specific user. This takes precedence over the MDC profile specified in the user policy.",
"maxLength": 255,
"example": "EUROPE"
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"maxLength": 64,
"example": "+1 (508) 366 3437"
},
"newStaticPassword": {
"deprecated": true,
"type": "string",
"description": "Static password for the user.",
"minLength": 8,
"maxLength": 255,
"example": "TestABCD"
},
"phoneNumber": {
"type": "string",
"description": "Telephone number of the user.",
"pattern": "^[\\+\\-\\(\\)0-9 ]{0,20}$",
"maxLength": 20,
"example": "+1 (508) 366 3437"
},
"policyOverrides": {
"type": "object",
"description": "Overrides the policy settings. By default user policy override will not override the policy setting.",
"properties": {
"maxDaysBetweenAuthentications": {
"type": "integer",
"format": "int32",
"description": "Overrides the policy setting for maximum days between authentications after that the user will be suspended. 0 effectively disables this feature.",
"example": 1
}
}
},
"staticPassword": {
"type": "string",
"description": "Static password for the user.",
"minLength": 8,
"maxLength": 255,
"example": "TestABCD"
},
"vdpDeliveryMethod": {
"type": "string",
"description": "Delivery method for sending Virtual DIGIPASS.",
"enum": [
"Default",
"SMS",
"Email",
"Voice"
],
"example": "Email"
}
}
},
"UserOutput": {
"type": "object",
"required": [
"created",
"domain",
"enabled",
"isPasswordSet",
"lastModified",
"locked",
"userID",
"vdpDeliveryMethod"
],
"properties": {
"created": {
"type": "string",
"description": "Creation timestamp for the user account.",
"example": "2019-02-04T11:42:39Z"
},
"domain": {
"type": "string",
"description": "Domain in which the user account resides.",
"example": "domain1"
},
"enabled": {
"type": "boolean",
"description": "Specifies whether the user account is enabled or not.",
"example": false
},
"isPasswordSet": {
"type": "boolean",
"description": "Specifies whether the user account has a static password set or not.",
"example": false
},
"lastModified": {
"type": "string",
"description": "Last modified timestamp for the user account.",
"example": "2019-02-04T11:42:39Z"
},
"lastPasswordUpdate": {
"type": "string",
"description": "Static password last update timestamp.",
"example": "2019-02-04T11:42:39Z"
},
"locked": {
"type": "boolean",
"description": "Specifies whether the user account is created in a locked state or not.",
"example": false
},
"mdcProfile": {
"type": "string",
"description": "Message Delivery Component (MDC) profile for sending Virtual OTP.",
"example": "EUROPE"
},
"userID": {
"type": "string",
"description": "Identifier for the user.",
"example": "userid1"
},
"vdpDeliveryMethod": {
"type": "string",
"description": "Delivery method for sending Virtual OTP.",
"example": "SMS"
},
"authenticators": {
"type": "array",
"description": "List of authenticators.",
"items": {
"type": "string"
},
"example": [
"0034599648"
]
},
"description": {
"type": "string",
"description": "Description.",
"example": "user description"
},
"displayName": {
"type": "string",
"description": "Display name.",
"example": "John Customer"
},
"emailAddress": {
"type": "string",
"description": "E-mail address of the user.",
"example": "devfeedbacktid@onespan.com"
},
"expired": {
"type": "boolean",
"description": "Indicates whether the user's account expired.",
"example": false
},
"hasAdminPrivileges": {
"type": "boolean",
"description": "Indicates whether the user has admin privileges.",
"example": false
},
"hasAuthenticatorAssigned": {
"type": "boolean",
"description": "Indicates whether the user has assigned authenticator.",
"example": false
},
"lastAuthentication": {
"type": "string",
"description": "Timestamp of last successful authentication.",
"example": "2021-11-29T08:42:03Z"
},
"lastAuthenticationRequest": {
"type": "string",
"description": "Timestamp of last authentication request.",
"example": "2022-02-24T12:33:09Z"
},
"mobilePhoneNumber": {
"type": "string",
"description": "Mobile phone number of the user.",
"example": "+1 (508) 366 3437"
},
"phoneNumber": {
"type": "string",
"description": "Telephone number of the user.",
"example": "+1 (508) 366 3437"
},
"policyOverrides": {
"type": "object",
"description": "Overridden policies settings. By default the user policy override does not override the policy settings.",
"properties": {
"maxDaysBetweenAuthentications": {
"type": "integer",
"format": "int32",
"description": "Overriden the policy setting for maximum days between authentications after which the user will be suspended.",
"example": 1
}
}
}
}
},
"UserVerification": {
"type": "string",
"description": "Value to indicate if user verification is required. Used only in FIDO2.",
"default": "preferred",
"enum": [
"required",
"preferred",
"discouraged"
]
},
"UsersOutput": {
"type": "object",
"required": [
"count",
"limit",
"offset",
"total",
"users"
],
"properties": {
"count": {
"type": "integer",
"format": "int32",
"description": "Number of user accounts returned.",
"example": 1
},
"limit": {
"type": "integer",
"format": "int32",
"description": "Maximum number of user accounts requested.",
"example": 20
},
"offset": {
"type": "integer",
"format": "int32",
"description": "Index of the first user account returned.",
"example": 0
},
"total": {
"type": "integer",
"format": "int32",
"description": "Total number of user accounts that match the query input parameters.",
"example": 1
},
"users": {
"type": "array",
"description": "List of user accounts.",
"items": {
"$ref": "#/components/schemas/UserOutput"
}
}
}
},
"ValidationError": {
"type": "object",
"required": [
"object",
"field",
"message"
],
"properties": {
"object": {
"type": "string",
"example": "AssociatedObject",
"description": "The object containing the failure."
},
"field": {
"type": "string",
"example": "associatedField",
"description": "The field containing the failure."
},
"message": {
"type": "string",
"example": "Field related issue",
"description": "The message describing the failure."
}
}
}
},
"parameters": {
"SerialNumber": {
"name": "serialNumber",
"in": "path",
"required": true,
"description": "Serial number of the authenticator.",
"schema": {
"type": "string",
"pattern": "^[A-Z0-9]{3}[0-9]{7}(-[0-9]{1,2})?$",
"minLength": 10,
"maxLength": 13,
"example": "VDS1234567"
}
},
"IfMatch-Authenticator": {
"name": "If-Match",
"in": "header",
"required": false,
"description": "Entity state for conditional update of the authenticator.",
"schema": {
"type": "string"
}
},
"ApplName": {
"name": "applName",
"in": "path",
"required": true,
"description": "Unique name of the application running in the authenticator (example : RO OFFLINE).",
"schema": {
"type": "string"
}
},
"RiskAnalyticsEnvironment": {
"name": "Risk-Analytics-Environment",
"in": "header",
"required": false,
"description": "Specifies the Risk Analytics environment used for adaptive authentication requests. Defaults to the unique Digital Banking environment for your tenant.",
"schema": {
"type": "string",
"pattern": "^[a-zA-Z0-9-_]+$",
"minLength": 1,
"maxLength": 20
}
},
"RegistrationID": {
"name": "registrationID",
"in": "path",
"required": true,
"description": "Registration identifier.",
"schema": {
"type": "string",
"maxLength": 40
}
},
"RequestID": {
"name": "requestID",
"in": "path",
"required": true,
"description": "Identifier of the request which started the session.",
"example": "413b2c39-2d67-4293-9adb-25601731b062",
"schema": {
"type": "string",
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
"minLength": 36,
"maxLength": 36
}
},
"UserIdDomain": {
"name": "userID@domain",
"in": "path",
"required": true,
"description": "Unique identifier for the user formatted as userID@domain.",
"example": "userid1@domain1",
"schema": {
"type": "string",
"pattern": "^.{1,255}@.{1,255}$",
"minLength": 1,
"maxLength": 511
}
},
"IfMatch-User": {
"name": "If-Match",
"in": "header",
"required": false,
"description": "Entity state for conditional update of the authenticator.",
"schema": {
"type": "string"
}
}
},
"responses": {
"CheckSessionStatus-400-InvalidRequestID": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 400,
"error": "Bad Request",
"message": "Input data validation failed",
"service": "checksessionstatus",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000",
"validationErrors": [
{
"object": "URL",
"field": "requestID",
"message": "Invalid request id"
}
]
}
}
}
},
"CheckSessionStatus-404-SessionNotFound": {
"description": "Session not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 404,
"error": "Not Found",
"message": "RequestID not found",
"service": "checksessionstatus",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
}
}
},
"CheckSessionStatus-500-InternalServerError": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 500,
"error": "Internal Server Error",
"message": "An internal error occurred while attempting to process the request",
"service": "checksessionstatus",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
}
}
},
"UserRegister-403-Forbidden": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 403,
"error": "Forbidden",
"message": "The command is forbidden with the given input",
"service": "userregister",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
}
}
},
"UserRegister-500-InternalServerError": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 500,
"error": "Internal Server Error",
"message": "An internal error occurred while attempting to process the request",
"service": "userregister",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
}
}
},
"Event-400-LoginInputInvalid": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 400,
"error": "Bad Request",
"message": "Input data validation failed",
"service": "event",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000",
"validationErrors": [
{
"object": "LoginInput",
"field": "credentials",
"message": "Field must be present"
}
]
}
}
}
},
"Event-403-Forbidden": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 403,
"error": "Forbidden",
"message": "The command is forbidden with the given input",
"service": "event",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
}
}
},
"Event-404-UserNotFound": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 404,
"error": "Not Found",
"message": "User account not found",
"service": "event",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
}
}
},
"Event-500-InternalServerError": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 500,
"error": "Internal Server Error",
"message": "An internal error occurred while attempting to process the request",
"service": "event",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
}
}
},
"SecureMessaging-400-GenerateSecureChallengeInvalid": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 400,
"error": "Bad Request",
"message": "Input data validation failed",
"service": "secure-messaging",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000",
"validationErrors": [
{
"object": "generateSecureChallengeInput",
"field": "request",
"message": "Request must be present"
}
]
}
}
}
},
"SecureMessaging-403-Forbidden": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 403,
"error": "Forbidden",
"message": "The command is prohibited for the tenant admin account",
"service": "secure-messaging",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
}
}
},
"SecureMessaging-404-UserNotFound": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 404,
"error": "Not Found",
"message": "User not found",
"service": "secure-messaging",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
}
}
},
"SecureMessaging-500-InternalServerError": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 500,
"error": "Internal Server Error",
"message": "An internal error occurred while attempting to process the request",
"service": "secure-messaging",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
}
}
},
"SecureMessaging-400-GenerateSigningRequestInvalid": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 400,
"error": "Bad Request",
"message": "Input data validation failed",
"service": "secure-messaging",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000",
"validationErrors": [
{
"object": "generateSigningRequestInput",
"field": "request",
"message": "Request must be present"
}
]
}
}
}
},
"Transaction-400-ObjectTypeMissing": {
"description": "The input is invalid.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 400,
"error": "Bad Request",
"message": "Input data validation failed",
"service": "transaction",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000",
"validationErrors": [
{
"object": "ObjectType",
"field": "objectType",
"message": "Field must be present"
}
]
}
}
}
},
"Transaction-403-Forbidden": {
"description": "The command is prohibited for the tenant admin account.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 403,
"error": "Forbidden",
"message": "The command is forbidden with the given input",
"service": "transaction",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
}
}
},
"Transaction-404-UserNotFound": {
"description": "User account not found.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 404,
"error": "Not Found",
"message": "User account not found",
"service": "transaction",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
}
}
},
"Transaction-500-InternalServerError": {
"description": "Internal error, sub service failure, server crash.",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorOutput"
},
"example": {
"status": 500,
"error": "Internal Server Error",
"message": "An internal error occurred while attempting to process the request",
"service": "transaction",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
}
}
}
},
"examples": {
"UserRegister-409-PasswordValidationFailure": {
"description": "The static password provided failed to pass the validation criteria.",
"value": {
"status": 409,
"error": "Conflict",
"message": "You need at least x lower case characters in your password [Password minimum length is x characters, it should combine at least x numeric, x lowercase, x uppercase and x symbolic characters]",
"service": "userregister",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
},
"UserRegister-409-UserAccountLocked": {
"description": "The user account is locked.",
"value": {
"status": 409,
"error": "Conflict",
"message": "User registration failed: User account locked",
"service": "userregister",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
},
"UserRegister-409-UserAccountDisabled": {
"description": "The user account is disabled.",
"value": {
"status": 409,
"error": "Conflict",
"message": "User registration failed: User account disabled",
"service": "userregister",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
},
"SecureMessaging-409-NoApplicableDigipassFound": {
"description": "No applicable authenticator found.",
"value": {
"status": 409,
"error": "Conflict",
"message": "No applicable digipass found",
"service": "secure-messaging",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
},
"SecureMessaging-409-UserLocked": {
"description": "The user provided in the `userID@domain` parameter is locked.",
"value": {
"status": 409,
"error": "Conflict",
"message": "User is locked",
"service": "secure-messaging",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
},
"SecureMessaging-409-UserDisabled": {
"description": "The user provided in the `userID@domain` parameter is disabled.",
"value": {
"status": 409,
"error": "Conflict",
"message": "User is disabled",
"service": "secure-messaging",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
},
"SecureMessaging-409-UserExpired": {
"description": "The user provided in the `userID@domain` parameter is suspended due to inactivity.",
"value": {
"status": 409,
"error": "Conflict",
"message": "User account suspended due to inactivity",
"service": "secure-messaging",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
},
"SecureMessaging-409-TempUserExpired": {
"description": "The user provided in the `userID@domain` parameter is a temporary user account that has expired.",
"value": {
"status": 409,
"error": "Conflict",
"message": "Temporary user account expired",
"service": "secure-messaging",
"logCorrelationID": "df177869-cffc-4a40-8997-8612f05bff0b",
"timestamp": "2023-01-01T00:00:00.000+0000"
}
}
}
}
}