Prerequisites
API Contract
HTTP Method | Endpoint | Request | Return | Authorization |
---|---|---|---|---|
Swagger Url : IAM Controller | ||||
POST | /iam/user/{userUuid}/otp |
Request Header: x-api-key : {api-key} { "applicationUuid":"string", "purpose": "string", "requestorToken":"string", "requestorUsername":"string" } |
Response Body { "otp": "string", "dateCreated": long, "dateExpired": long, "ttl": integer, "userEmail": "string", "mobileNumber":"string" |
Protected by IAM Introspect API
|
Swagger API Docs: https://api.haventec.com/authenticate/v1-2/api-docs.html#/iam-controller
Authenticate API: https://api.haventec.com/authenticate/v1-2 /iam/user/{userUuid}/otp
- userUuid: We can generate OTP for a user by providing the user's uuid. e.g. 9ea02090-0627-42c2-8273-26b7029b62e6
Request Body
- applicationUuid: It is the ' Application UUID ' on the Haventec Console application details page as shown in the image below.
- requestorToken: It is the ' access_token ' in the response received after running the curl command in step 3. The user sends a HTTP request to the IAM to log in and get a JWT in Configure Haventec IAM with the client and users.
- requestorUsername: It is the ' username ' passed in the HTTP request in step 3. The user sends a HTTP request to the IAM to log in and get a JWT in Configure Haventec IAM with the client and users.
- purpose: It is a value that represents the purpose of that OTP.
- ttl: Time to live in seconds
The HTTP header that needs to be passed with the API mentioned above is
- x-api-key: It is the ' API key ' on the Haventec Console application details page as shown in the image below.
Authenticate API Error Codes
Error Code |
Message Thrown |
Scenarios |
Recommended Action |
AN-USER-1000
|
Invalid UserUuid |
Passed the wrong userUuid in the request. |
Pass the correct userUuid in the request. |
AN-UOTP-1006
|
Empty create OTP request |
The body of the request is empty |
Pass the request body as mentioned above. |
AN-APLI-1005 |
Invalid ApplicationUuid |
Passed the wrong applicationUuid in the request body. |
Pass the correct applicationUuid as mentioned above. |
AN-VALI-1003
|
Invalid username format |
Passed the wrong requestorUsernamein the request body |
Pass the correct requestorUsernameas mentioned above. |
AN-GOTP-1002
|
Invalid OTP purpose format |
Passed the wrong format for the purpose in the request body |
Pass a valid purpose in the request body. |
AN-GOTP-1001
|
Invalid OTP TTL format |
Passed the wrong format for the OTP TTL in the request body |
Pass a valid OTP TTL in the request body. |
AN-JWTT-1001
|
Invalid JWT Token |
Passed the wrong requestorToken in the request. |
Pass the correct requestorToken as mentioned above. |
AN-VALI-1001 |
Application UUID was not found |
Passed application-uuid does not exist in Authenticate. |
Pass the correct application-uuid as mentioned above. |
AN-OIAM-1001 |
The application does not have IAM properties enabled |
The application is not configured with proper IAM properties. |
Please follow this link Configure Haventec Connect Application to enable Introspect IAM API to configure IAM Intropsect properties correctly. |
AN-OIAM-1002 |
IAM client_id not configured |
The client_id is not configured properly. |
Please follow this link Configure Haventec Connect Application to enable Introspect IAM API to configure client_id correctly. |
AN-OIAM-1003 |
IAM client_secret not configured |
The client_secret is not configured properly. |
Please follow this link Configure Haventec Connect Application to enable Introspect IAM API to configure client_secret correctly. |
AN-OIAM-1004 |
IAM Introspect url not configured |
The Introspect url is not configured properly. |
Please follow this link Configure Haventec Connect Application to enable Introspect IAM API to configure IAM Introspect url correctly. |
AN-OIAM-1006 |
IAM role path not configured |
The Role JSON path is not configured properly. |
Please follow this link Configure Haventec Connect Application to enable Introspect IAM API to configure Role JSON path correctly. |
AN-OIAM-1005 |
IAM role not configured |
The Allowed role is not configured properly. |
Please follow this link Configure Haventec Connect Application to enable Introspect IAM API to configure the Allowed role correctly. |
AN-OIAM-1007 |
Role path format |
The Introspect url is not configured properly. |
Please follow this link Configure Haventec Connect Application to enable Introspect IAM API to configure IAM Introspect url correctly. |
AN-UOTP-1001 |
Not allowed to create an OTP for that user |
The externally authenticated user e.g. CRM user is not active. |
Please follow this link Configure Haventec IAM with the client and users step 3. The user sends a HTTP request to the IAM to log in and get a JWT to check if the access_token generated is active or not. If not. Generate a new access_token and use it as requestorToken in the request body. |
AN-AUTH-1017 |
User not found in the application |
The userUuid passed is wrong and there is no user in Authenticate with the given userUuid. |
Pass the correct userUuid as explained in the above steps. |
AN-USER-1008 |
Request to update user denied |
The userUuid passed does belong to Organisation Admin or userUuid does belong to the given application. |
Pass the correct userUuid of the user who is not an Organisation Admin and belongs to the given application |
AN-UOTP-1004
|
The user has already a valid OTP assigned. Please wait till it expires or gets used |
An OTP was already generated for the user. |
Wait till the previously generated OTP expires. |
Comments
0 comments
Please sign in to leave a comment.