Successful Flow
* Existing user is an end user who has already signed up and registered a device
* Third party can be any mechanism you decide to use to deliver the activation token to your user. For example, email, push notification, SMS
APIs used |
POST /authentication/forgot-pin |
POST /authentication/reset-pin |
Error Flows
Incorrect Reset PIN token
First and second attempt to reset device PIN with an incorrect token
{
"responseStatus": {
"status": "ERROR",
"message": "Invalid reset token.",
"code": "AN-AUTH-1022"
}
}
Third attempt to reset device PIN with an incorrect token
The system will lock the device for 24 Hours and the user will not be able to use the forgot-pin and reset-pin features for the next 24 hours. They will receive the following error from both APIs.
This is also applicable for when you make 3 attempts to reset the device PIN with 3 separate and incorrect reset PIN tokens.
At this stage, users could opt to wait 24 hours or add a new device
{
"responseStatus": {
"status": "ERROR",
"message": "You have reached the maximum attempts to reset PIN. You are blocked from resetting your PIN, Please try again later",
"code": "AN-AUTH-1025"
}
}
Comments
0 comments
Please sign in to leave a comment.