Description

To authenticate a Time-based One-Time Password (TOTP) code for Multi-Factor Authentication (MFA), utilize this method. Following code validation, the method attempts login, thus the endpoint’s response mirrors that of the login process.

Endpoint URL:

 POST https://{your-endpoint-domain.com}/activityid/v1/mfa/approve

Request parameters

ParameterDescriptionTypeRequired
Authorization“Bearer app_token” Literal text Bearer followed by app_token that is the token obtained from /oauth2/token endpointstringyes
Content-TypeThe type of content that will be used for requests to be JSONstringyes
AcceptThe type of content that will be used for responses to be JSONstringyes
FromName of the entry pointstringyes
Accept-LanguageLanguage for this requestLocaleno

Query string parameters

ParameterDescriptionTypeRequiredDefault value
scWith this paramater you can configure how user fields are validated: by default ALL validation errors are returned back to service caller (). If you want to receive only ONE validation error each time, you have to send query String parameter ‘sc=true’booleannofalse
fcaForce to check complete account after successful login. If user needs to complete data you will receive same response defined in complete account error each time, you have to send query String parameter ‘sc=true’booleannofalse

Request Example

ParameterDescriptionTypeRequiredValue
actor.idapp_id of the application you are using to log userstringyesapp id
actor.objectTypeType of the object which represents the actor.stringyes‘application’
verbVerb used for the code validationstringyes‘approve’
object.objectTypeObjectType represents the userstringyes‘user’
object.passwordPassword of the user. it must be send plainstringyesuser password
object.ids.emailStructure of email identifier. node name must be “email”structyesemail
object.ids
.email.objectType
ObjectType represents the id of the userstringyes‘user_id’
object.ids.email.valueEmail valuestringyesemail
source.idType of device doing the activitystringyes‘unknown’ | ‘pc’ | ‘mobile’ | ‘tablet’ | ‘game_console’ | ‘itv’
source.objectTypeType of sourcestringyes‘device’
context.mfa_codeThe TOPT for being validated.stringyes‘123456’

Response examples

Response: MFA Code Validated

Response codes

CodeTypeDescription
400ErrorBad Request: The request could not be understood by the server due to malformed syntax
401ErrorUnauthorized: authentication is required and has failed or has not yet been provided (token is invalid, etc)
403ErrorForbidden: user id or password are invalid
412ErrorPrecondition failed: User can not log because he/she has not confirmed email
417ErrorMFA Error: There is a problem with MFA, you will receive a detailed error description
500ErrorInternal Server Error: The server encountered an unexpected condition which prevented it from fulfilling the request
504ErrorGateway TimeoutService can not contact with oauth server to do some internal operations
2xxSuccessCode validated successfully, see login response.