This section contains all the Authentication and Authorization APIs.
Authentication
Send OTP
This service sends an OTP to the user. The caller of this service have to send the channel in which the OTP will be sent. Based on the application ID, the corresponding channel's recipient address will be found out and the OTP is send accordingly. Note: At this point of time, no Auth Token will be generated.
Resource URL
POST https://{base_url}/v1/authmanager/authenticate/sendotp
Resource details
Resource Details
Description
Response format
JSON Message
Requires Authentication
No
Parameters
Name
Required
Description
Default Value
Example
userid
Yes
This is the userid of the user. Based on the useridtype, this will vary.
NA
M392380
otpchannel
Yes
This is the channel in which the OTP will be sent. It is an array of the enumeration {"email", "phone"}. If the channel is not found, ChannelNotSupported error will be sent back
NA
phone
useridtype
Yes
This field is the user id type. It should be one the {"UIN", "USERID"}. Based on the combination of "appid" and "useridtype" the system identifies from which system to pickup the channel's recipient address
NA
USERID
appid
Yes
This is the application ID of the caller of this service. It should be on of the {"preregistration", "registrationclient", "registrationprocessor", "ida", "admin", "resident"}
NA
preregistration
templateVariables
No
This is the map of custom template variables
NA
{"UIN":"2530192395"}
context
Yes
This shows the purpose of the sending otp like Login, notification, etc.
{
"id": "mosip.authentication.sendotp",
"ver": "1.0",
"responsetime": "2007-12-03T10:15:30Z",
"response": {
"status": "success",
"message":"OTP had been sent successfully"
}
}
Error Response
Invalid Channel: This is the error response in case if the channel is not valid.
{
"id": "mosip.authentication.sendotp",
"ver": "1.0",
"responsetime": "2007-12-03T10:15:30Z",
"errors":[
{
"errorCode": "KER-AUTH-CHANNEL_INVALID",
"message": "The passed channel is invalid."
}
]
}
Multiple channels not supported: In case, if the caller can send only one channel, then this error will be sent. For example, Pre-Registration module cannot have multiple channels.
{
"id": "mosip.authentication.sendotp",
"ver": "1.0",
"responsetime": "2007-12-03T10:15:30Z",
"errors":[
{
"errorCode": "AUTH_ERR_MULTIPLE_CHANNELS",
"message": "Multiple channels are not supported in your module."
}
]
}
User not found: If the passed is not found in the system.
{
"id": "mosip.authentication.sendotp",
"ver": "1.0",
"responsetime": "2007-12-03T10:15:30Z",
"errors":[
{
"errorCode": "AUTH_ERR_USER_NOT_FOUND",
"message": "The passed in user is not found"
}
]
}
Channel path not found: If the channel's path is not found. For example, if the channel is email and the email ID is not found for that user.
{
"id": "mosip.authentication.sendotp",
"ver": "1.0",
"responsetime": "2007-12-03T10:15:30Z",
"errors":[
{
"errorCode": "AUTH_ERR_CHANNELPATH_NOT_FOUND",
"message": "The passed in user is not found"
}
]
}
Authenticate using userID and OTP
This service authenticates the use ID and the OTP. If the authentication is successful, an AuthToken will be sent in the Response header.
Resource URL
POST https://{base_url}/v1/authmanager/authenticate/useridOTP
Resource details
Resource Details
Description
Response format
Response Header and JSON Message
Requires Authentication
No
Parameters
Name
Required
Description
Default Value
Example
userid
Yes
This is the userid of the user against which the OTP had been sent. Based on the useridtype, this will vary.
NA
M392380
otp
Yes
This is OTP which is sent to the userid's preferred channel
This is the application ID of the caller of this service. It should be on of the {"preregistration", "registrationclient", "registrationprocessor", "ida", "admin", "resident"}
This service will authenticate the clientid and secret key. When an application try to call any service in the MOSIP system, the call have to be authenticated and authorized. For example, when Pre-registration application calls some master service, the call have to be authenticated first. This call can facilitate the call. The clientid would have provided to the caller application before hand using another procedure. So, before making this call, the caller application have to have the clientid and the secret key.
Resource URL
POST https://{base_url}/v1/authmanager/authenticate/clientidsecretkey
Resource details
Resource Details
Description
Response format
Response Header and JSON Message
Requires Authentication
No
Parameters
Name
Required
Description
Default Value
Example
clientid
Yes
This is the client id, provided to the caller application upfront.
NA
D72HJDF8
secretkey
Yes
This is the secret key which was provided to the application corresponding to the clientid
The OTP Generator component will receive a request to generate OTP, validate if the OTP generation request is from an authorized source, call OTP generator API with the input parameters (Key), receive the OTP from the OTP generator API which is generated based on the OTP generation policy and respond to the source with the OTP.
The OTP Generator can also reject a request from a blocked/frozen account and assign a validity to each OTP that is generated, based on the defined policy
Resource URL
POST https://{base_url}/v1/otpmanager/otp/generate
This component facilitates basic validation of an OTP.
This includes: Receiving a request for OTP validation with required input parameters (Key), Validating the pattern of OTP generated based on defined policy, validating if the OTP is active/inactive and responding to the source with a response (Valid/Invalid)
This component also facilitates deletion of every successfully validated OTP when consumed and freezing an account for exceeding the number of retries/wrong input of OTP.
